From be2e7e25ac37573d72777d3a576e36b79fcfed5c Mon Sep 17 00:00:00 2001 From: John Safranek Date: Fri, 1 Oct 2021 17:35:44 -0700 Subject: [PATCH 1/7] Change the calculation for the extra data size in a DTLS message when checking to see if it'll fit in an MTU. (ZD12983) --- src/internal.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/src/internal.c b/src/internal.c index ffd559292..2e96cea36 100644 --- a/src/internal.c +++ b/src/internal.c @@ -18530,10 +18530,24 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest, static int cipherExtraData(WOLFSSL* ssl) { + int cipherExtra; /* Cipher data that may be added by BuildMessage */ - return ssl->specs.hash_size + ssl->specs.block_size + - ssl->specs.aead_mac_size + ssl->specs.iv_size + - ssl->specs.pad_size; + /* There is always an IV. For AEAD ciphers, there is the + * authentication tag (aead_mac_size). For block ciphers + * we have the hash_size MAC on the message, and one + * block size for possible padding. */ + if (ssl->specs.cipher_type == aead) { + cipherExtra = ssl->specs.aead_mac_size; + /* CHACHA does not have an explicit IV. */ + if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha) { + cipherExtra += ssl->specs.iv_size; + } + } + else { + cipherExtra = ssl->specs.iv_size + ssl->specs.block_size + + ssl->specs.hash_size; + } + return cipherExtra; } #ifndef WOLFSSL_NO_TLS12 From 77ebd117810efd18d313b7dd192c508061f7609a Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 25 Oct 2021 09:56:29 -0700 Subject: [PATCH 2/7] Updating based on MTU. Debugging prints. --- src/internal.c | 72 +++++++++++++++++++++++++++++++++++++------------- 1 file changed, 54 insertions(+), 18 deletions(-) diff --git a/src/internal.c b/src/internal.c index 2e96cea36..fbae5d13a 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8663,6 +8663,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, int ret = 0; int headerSz; + printf("SendHandshakeMsg\n"); WOLFSSL_ENTER("SendHandshakeMsg"); (void)type; (void)packetName; @@ -9186,6 +9187,7 @@ int CheckAvailableSize(WOLFSSL *ssl, int size) ssl->dtls_expected_rx #endif ) { + printf("Size = %d, mtu = %d\n", size, ssl->dtls_expected_rx); WOLFSSL_MSG("CheckAvailableSize() called with size greater than MTU."); return DTLS_SIZE_ERROR; } @@ -19376,6 +19378,32 @@ int IsSCR(WOLFSSL* ssl) } +static int ModifyForMTU(WOLFSSL* ssl, int buffSz, int outputSz, int mtuSz) +{ + int overflowSz = outputSz - mtuSz; + + printf("buffSz before = %d, ", buffSz); + if (overflowSz > 0) { + int overheadSz = outputSz - buffSz; + printf("overheadSz = %d, ", overheadSz); + + if (ssl->specs.cipher_type == block) { + int overflowBlocks = (overflowSz / ssl->specs.block_size); + + if (overflowSz % ssl->specs.block_size != 0) + overflowBlocks++; + buffSz -= ssl->specs.block_size * overflowBlocks; + } + else { + buffSz -= overflowSz; + } + } + printf("after = %d\n", buffSz); + + return buffSz; +} + + int SendData(WOLFSSL* ssl, const void* data, int sz) { int sent = 0, /* plainText size */ @@ -19471,9 +19499,15 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA]; #endif - if (sent == sz) break; - buffSz = wolfSSL_GetMaxRecordSize(ssl, sz - sent); + printf("sz - sent = %d, buffSz = %d\n", sz - sent, buffSz); + + int i = ModifyForMTU(ssl, 1500, + BuildMessage(ssl, NULL, 0, NULL, 1500, + application_data, 0, 1, 0, CUR_ORDER), 1400); + printf("Modify = %d\n", i); + + if (sent == sz) break; #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_DTLS_SIZE_CHECK) if (ssl->options.dtls && (buffSz < sz - sent)) { @@ -32359,6 +32393,7 @@ int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment) { (void) ssl; /* Avoid compiler warnings */ + printf("start maxFragment = %d\n", maxFragment); if (maxFragment > MAX_RECORD_SIZE) { maxFragment = MAX_RECORD_SIZE; } @@ -32370,24 +32405,25 @@ int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment) #endif /* HAVE_MAX_FRAGMENT */ #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl)) { - int cipherExtra = IsEncryptionOn(ssl, 1) ? cipherExtraData(ssl) : 0; - if (maxFragment > MAX_UDP_SIZE) { - maxFragment = MAX_UDP_SIZE; + int outputSz, mtuSz; + + /* Given a input buffer size of maxFragment, how big will the + * encrypted output be? */ + if (IsEncryptionOn(ssl, 1)) { + outputSz = BuildMessage(ssl, NULL, 0, NULL, maxFragment, + application_data, 0, 1, 0, CUR_ORDER); } - if (maxFragment > MAX_MTU - COMP_EXTRA - DTLS_RECORD_HEADER_SZ - - DTLS_HANDSHAKE_HEADER_SZ - cipherExtra) { - maxFragment = MAX_MTU - COMP_EXTRA - DTLS_RECORD_HEADER_SZ - - DTLS_HANDSHAKE_HEADER_SZ - cipherExtra; + else { + outputSz = maxFragment + DTLS_RECORD_HEADER_SZ; } - #if defined(WOLFSSL_DTLS_MTU) - { - int overheadSz = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ + - COMP_EXTRA + cipherExtra; - if (maxFragment > ssl->dtlsMtuSz - overheadSz) { - maxFragment = ssl->dtlsMtuSz - overheadSz; - } - } - #endif + + /* Readjust maxFragment for MTU size. */ + #if defined(WOLFSSL_DTLS_MTU) + mtuSz = ssl->dtlsMtuSz; + #else + mtuSz = MAX_MTU; + #endif + maxFragment = ModifyForMTU(ssl, maxFragment, outputSz, mtuSz); } #endif From be3b6b47efe20f96b4a2c43e7183e114b3f90d6d Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 26 Oct 2021 20:36:13 +0200 Subject: [PATCH 3/7] DTLS MTU fixes --- src/internal.c | 53 +++++++++++++++++++++++++++++++--------------- src/ssl.c | 2 +- src/tls13.c | 2 +- wolfssl/internal.h | 2 +- 4 files changed, 39 insertions(+), 20 deletions(-) diff --git a/src/internal.c b/src/internal.c index fbae5d13a..b7cfe4088 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8682,7 +8682,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, inputSz += HANDSHAKE_HEADER_SZ; headerSz = RECORD_HEADER_SZ; } - maxFrag = wolfSSL_GetMaxRecordSize(ssl, (int)inputSz); + maxFrag = wolfSSL_GetMaxFragSize(ssl, (int)inputSz); /* Make sure input is not the ssl output buffer as this * function doesn't handle that */ @@ -18240,7 +18240,7 @@ exit_buildmsg: ssl->options.buildMsgState = BUILD_MSG_BEGIN; #ifdef WOLFSSL_DTLS - if (ret == 0 && ssl->options.dtls) + if (ret == 0 && ssl->options.dtls && !sizeOnly) DtlsSEQIncrement(ssl, epochOrder); #endif @@ -18534,22 +18534,23 @@ static int cipherExtraData(WOLFSSL* ssl) { int cipherExtra; /* Cipher data that may be added by BuildMessage */ - /* There is always an IV. For AEAD ciphers, there is the - * authentication tag (aead_mac_size). For block ciphers - * we have the hash_size MAC on the message, and one + /* There is always an IV (expect for chacha). For AEAD ciphers, + * there is the authentication tag (aead_mac_size). For block + * ciphers we have the hash_size MAC on the message, and one * block size for possible padding. */ if (ssl->specs.cipher_type == aead) { cipherExtra = ssl->specs.aead_mac_size; /* CHACHA does not have an explicit IV. */ if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha) { - cipherExtra += ssl->specs.iv_size; + cipherExtra += AESGCM_EXP_IV_SZ; } } else { cipherExtra = ssl->specs.iv_size + ssl->specs.block_size + ssl->specs.hash_size; } - return cipherExtra; + /* Sanity check so we don't ever return negative. */ + return cipherExtra > 0 ? cipherExtra : 0; } #ifndef WOLFSSL_NO_TLS12 @@ -18614,7 +18615,7 @@ int SendCertificate(WOLFSSL* ssl) maxFragment = MAX_RECORD_SIZE; - maxFragment = wolfSSL_GetMaxRecordSize(ssl, maxFragment); + maxFragment = wolfSSL_GetMaxFragSize(ssl, maxFragment); while (length > 0 && ret == 0) { byte* output = NULL; @@ -18646,10 +18647,8 @@ int SendCertificate(WOLFSSL* ssl) else { #ifdef WOLFSSL_DTLS fragSz = min(length, maxFragment); - sendSz += fragSz + DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA - + HANDSHAKE_HEADER_SZ; - i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA - + HANDSHAKE_HEADER_SZ; + sendSz += fragSz + DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_HEADER_SZ; + i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_HEADER_SZ; #endif } @@ -19397,6 +19396,13 @@ static int ModifyForMTU(WOLFSSL* ssl, int buffSz, int outputSz, int mtuSz) else { buffSz -= overflowSz; } +#ifdef WOLFSSL_DTLS + if (ssl->options.dtls) + buffSz -= DTLS_HANDSHAKE_HEADER_SZ; + else +#endif + buffSz -= HANDSHAKE_HEADER_SZ; + } printf("after = %d\n", buffSz); @@ -19499,7 +19505,20 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA]; #endif - buffSz = wolfSSL_GetMaxRecordSize(ssl, sz - sent); +#ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + buffSz = wolfSSL_GetMaxFragSize(ssl, sz - sent + + DTLS_HANDSHAKE_HEADER_SZ); + buffSz -= DTLS_HANDSHAKE_HEADER_SZ; + } + else +#endif + { + buffSz = wolfSSL_GetMaxFragSize(ssl, sz - sent + + HANDSHAKE_HEADER_SZ); + buffSz -= HANDSHAKE_HEADER_SZ; + + } printf("sz - sent = %d, buffSz = %d\n", sz - sent, buffSz); int i = ModifyForMTU(ssl, 1500, @@ -19516,8 +19535,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) return ssl->error; } #endif - outputSz = buffSz + COMP_EXTRA + DTLS_RECORD_HEADER_SZ + - DTLS_HANDSHAKE_HEADER_SZ; + outputSz = buffSz + COMP_EXTRA + DTLS_RECORD_HEADER_SZ; if (IsEncryptionOn(ssl, 1)) outputSz += cipherExtraData(ssl); @@ -32388,8 +32406,9 @@ int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev) #endif /* WOLFSSL_ASYNC_CRYPT */ -/* return the max record size */ -int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment) +/* Return the max fragment size. This is essentially the maximum + * fragment_length available. */ +int wolfSSL_GetMaxFragSize(WOLFSSL* ssl, int maxFragment) { (void) ssl; /* Avoid compiler warnings */ diff --git a/src/ssl.c b/src/ssl.c index 9c77066f6..286fdac0f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1807,7 +1807,7 @@ int wolfSSL_GetMaxOutputSize(WOLFSSL* ssl) return BAD_FUNC_ARG; } - return wolfSSL_GetMaxRecordSize(ssl, OUTPUT_RECORD_SIZE); + return wolfSSL_GetMaxFragSize(ssl, OUTPUT_RECORD_SIZE); } diff --git a/src/tls13.c b/src/tls13.c index b3327ba30..5be73f23d 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -5742,7 +5742,7 @@ static int SendTls13Certificate(WOLFSSL* ssl) if (ssl->fragOffset != 0) length -= (ssl->fragOffset + headerSz); - maxFragment = wolfSSL_GetMaxRecordSize(ssl, MAX_RECORD_SIZE); + maxFragment = wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE); while (length > 0 && ret == 0) { byte* output = NULL; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 0804e3209..dd26e61fd 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -4649,7 +4649,7 @@ WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl); WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl); WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32); -WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment); +WOLFSSL_LOCAL int wolfSSL_GetMaxFragSize(WOLFSSL* ssl, int maxFragment); #if defined(WOLFSSL_IOTSAFE) && defined(HAVE_PK_CALLBACKS) WOLFSSL_LOCAL IOTSAFE *wolfSSL_get_iotsafe_ctx(WOLFSSL *ssl); From 9f3f9c53fd92f9a7f434ca2b48f57389b4ea51dd Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 26 Oct 2021 13:59:14 -0700 Subject: [PATCH 4/7] Remove debugging printfs. Added some guards around DTLS and AEAD only things. --- src/internal.c | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/src/internal.c b/src/internal.c index b7cfe4088..7d25bc4c2 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8663,7 +8663,6 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, int ret = 0; int headerSz; - printf("SendHandshakeMsg\n"); WOLFSSL_ENTER("SendHandshakeMsg"); (void)type; (void)packetName; @@ -9187,7 +9186,6 @@ int CheckAvailableSize(WOLFSSL *ssl, int size) ssl->dtls_expected_rx #endif ) { - printf("Size = %d, mtu = %d\n", size, ssl->dtls_expected_rx); WOLFSSL_MSG("CheckAvailableSize() called with size greater than MTU."); return DTLS_SIZE_ERROR; } @@ -19377,15 +19375,15 @@ int IsSCR(WOLFSSL* ssl) } +#ifdef WOLFSSL_DTLS static int ModifyForMTU(WOLFSSL* ssl, int buffSz, int outputSz, int mtuSz) { int overflowSz = outputSz - mtuSz; - printf("buffSz before = %d, ", buffSz); - if (overflowSz > 0) { - int overheadSz = outputSz - buffSz; - printf("overheadSz = %d, ", overheadSz); + (void)ssl; + if (overflowSz > 0) { +#ifndef WOLFSSL_AEAD_ONLY if (ssl->specs.cipher_type == block) { int overflowBlocks = (overflowSz / ssl->specs.block_size); @@ -19396,6 +19394,10 @@ static int ModifyForMTU(WOLFSSL* ssl, int buffSz, int outputSz, int mtuSz) else { buffSz -= overflowSz; } +#else + buffSz -= overflowSz; +#endif + #ifdef WOLFSSL_DTLS if (ssl->options.dtls) buffSz -= DTLS_HANDSHAKE_HEADER_SZ; @@ -19404,10 +19406,10 @@ static int ModifyForMTU(WOLFSSL* ssl, int buffSz, int outputSz, int mtuSz) buffSz -= HANDSHAKE_HEADER_SZ; } - printf("after = %d\n", buffSz); return buffSz; } +#endif int SendData(WOLFSSL* ssl, const void* data, int sz) @@ -19519,12 +19521,6 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) buffSz -= HANDSHAKE_HEADER_SZ; } - printf("sz - sent = %d, buffSz = %d\n", sz - sent, buffSz); - - int i = ModifyForMTU(ssl, 1500, - BuildMessage(ssl, NULL, 0, NULL, 1500, - application_data, 0, 1, 0, CUR_ORDER), 1400); - printf("Modify = %d\n", i); if (sent == sz) break; @@ -32412,7 +32408,6 @@ int wolfSSL_GetMaxFragSize(WOLFSSL* ssl, int maxFragment) { (void) ssl; /* Avoid compiler warnings */ - printf("start maxFragment = %d\n", maxFragment); if (maxFragment > MAX_RECORD_SIZE) { maxFragment = MAX_RECORD_SIZE; } From 7cbfb27fa0f5a5603ce98c6bf712419fe246bc50 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 27 Oct 2021 14:31:56 -0700 Subject: [PATCH 5/7] When adding cipherExtraData(), also account for TLSv1.3. --- src/internal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 7d25bc4c2..cb29adeb8 100644 --- a/src/internal.c +++ b/src/internal.c @@ -19532,7 +19532,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) } #endif outputSz = buffSz + COMP_EXTRA + DTLS_RECORD_HEADER_SZ; - if (IsEncryptionOn(ssl, 1)) + if (IsEncryptionOn(ssl, 1) || ssl->options.tls1_3) outputSz += cipherExtraData(ssl); /* check for available size */ From 894303be5916cd8bffcb3922049c861fd0fdc469 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 28 Oct 2021 14:46:15 +0200 Subject: [PATCH 6/7] Make the `wolfSSL_GetMaxFragSize` parameter meaning consistent - Add testing for sending as much app data as possible in a single DTLS record --- examples/client/client.c | 2 +- examples/server/server.c | 16 +- src/internal.c | 53 +- tests/test-dtls-mtu.conf | 4788 ++++++++++++++++++++++++-------------- tests/unit.c | 13 +- 5 files changed, 3131 insertions(+), 1741 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 9ac5d6fd4..d70312bed 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -3184,7 +3184,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) useLibOqs, oqsAlg, exitWithRet, version, onlyKeyShare); wolfSSL_CTX_free(ctx); ctx = NULL; - if (!exitWithRet) + if (((func_args*)args)->return_code != EXIT_SUCCESS && !exitWithRet) XEXIT_T(EXIT_SUCCESS); else goto exit; diff --git a/examples/server/server.c b/examples/server/server.c index a5d780d3e..048bf9e70 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -395,7 +395,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, /* Read data */ while (rx_pos < len) { ret = SSL_read(ssl, &buffer[rx_pos], len - rx_pos); - if (ret < 0) { + if (ret <= 0) { err = SSL_get_error(ssl, 0); #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { @@ -3180,6 +3180,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) } else if (err == 0 || err == WOLFSSL_ERROR_ZERO_RETURN) { err = ServerEchoData(ssl, clientfd, echoData, block, throughput); + if (err == WOLFSSL_ERROR_ZERO_RETURN) /* Got close notify */ + err = 0; if (err != 0) { SSL_free(ssl); ssl = NULL; SSL_CTX_free(ctx); ctx = NULL; @@ -3196,13 +3198,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) Task_yield(); #endif - if (dtlsUDP == 0) { - ret = SSL_shutdown(ssl); - if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { - ret = SSL_shutdown(ssl); /* bidirectional shutdown */ - if (ret == WOLFSSL_SUCCESS) - printf("Bidirectional shutdown complete\n"); - } + ret = SSL_shutdown(ssl); + if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + ret = SSL_shutdown(ssl); /* bidirectional shutdown */ + if (ret == WOLFSSL_SUCCESS) + printf("Bidirectional shutdown complete\n"); } /* display collected statistics */ diff --git a/src/internal.c b/src/internal.c index cb29adeb8..c50c536ae 100644 --- a/src/internal.c +++ b/src/internal.c @@ -19378,33 +19378,18 @@ int IsSCR(WOLFSSL* ssl) #ifdef WOLFSSL_DTLS static int ModifyForMTU(WOLFSSL* ssl, int buffSz, int outputSz, int mtuSz) { - int overflowSz = outputSz - mtuSz; + int recordExtra = outputSz - buffSz; (void)ssl; - if (overflowSz > 0) { + if (recordExtra > 0 && outputSz > mtuSz) { + buffSz = mtuSz - recordExtra; #ifndef WOLFSSL_AEAD_ONLY - if (ssl->specs.cipher_type == block) { - int overflowBlocks = (overflowSz / ssl->specs.block_size); - - if (overflowSz % ssl->specs.block_size != 0) - overflowBlocks++; - buffSz -= ssl->specs.block_size * overflowBlocks; - } - else { - buffSz -= overflowSz; - } -#else - buffSz -= overflowSz; + /* Subtract a block size to be certain that returned fragment + * size won't get more padding. */ + if (ssl->specs.cipher_type == block) + buffSz -= ssl->specs.block_size; #endif - -#ifdef WOLFSSL_DTLS - if (ssl->options.dtls) - buffSz -= DTLS_HANDSHAKE_HEADER_SZ; - else -#endif - buffSz -= HANDSHAKE_HEADER_SZ; - } return buffSz; @@ -19509,16 +19494,12 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) #ifdef WOLFSSL_DTLS if (ssl->options.dtls) { - buffSz = wolfSSL_GetMaxFragSize(ssl, sz - sent + - DTLS_HANDSHAKE_HEADER_SZ); - buffSz -= DTLS_HANDSHAKE_HEADER_SZ; + buffSz = wolfSSL_GetMaxFragSize(ssl, sz - sent); } else #endif { - buffSz = wolfSSL_GetMaxFragSize(ssl, sz - sent + - HANDSHAKE_HEADER_SZ); - buffSz -= HANDSHAKE_HEADER_SZ; + buffSz = wolfSSL_GetMaxFragSize(ssl, sz - sent); } @@ -32402,8 +32383,14 @@ int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev) #endif /* WOLFSSL_ASYNC_CRYPT */ -/* Return the max fragment size. This is essentially the maximum - * fragment_length available. */ +/** + * Return the max fragment size. This is essentially the maximum + * fragment_length available. + * @param ssl WOLFSSL object containing ciphersuite information. + * @param maxFragment The amount of space we want to check is available. This + * is only the fragment length WITHOUT the (D)TLS headers. + * @return Max fragment size + */ int wolfSSL_GetMaxFragSize(WOLFSSL* ssl, int maxFragment) { (void) ssl; /* Avoid compiler warnings */ @@ -32424,11 +32411,13 @@ int wolfSSL_GetMaxFragSize(WOLFSSL* ssl, int maxFragment) /* Given a input buffer size of maxFragment, how big will the * encrypted output be? */ if (IsEncryptionOn(ssl, 1)) { - outputSz = BuildMessage(ssl, NULL, 0, NULL, maxFragment, + outputSz = BuildMessage(ssl, NULL, 0, NULL, + maxFragment + DTLS_HANDSHAKE_HEADER_SZ, application_data, 0, 1, 0, CUR_ORDER); } else { - outputSz = maxFragment + DTLS_RECORD_HEADER_SZ; + outputSz = maxFragment + DTLS_RECORD_HEADER_SZ + + DTLS_HANDSHAKE_HEADER_SZ; } /* Readjust maxFragment for MTU size. */ diff --git a/tests/test-dtls-mtu.conf b/tests/test-dtls-mtu.conf index cb08e2e06..495b93b3d 100644 --- a/tests/test-dtls-mtu.conf +++ b/tests/test-dtls-mtu.conf @@ -1,28 +1,1139 @@ # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 +-e +-u +-f +-v 3 +-l DHE-RSA-CHACHA20-POLY1305 + +# client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 +-B 4000,1359 +-u +-f +-v 3 +-l DHE-RSA-CHACHA20-POLY1305 + +# server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 +-e +-u +-f +-v 3 +-l ECDHE-RSA-CHACHA20-POLY1305 + +# client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 +-B 4000,1359 +-u +-f +-v 3 +-l ECDHE-RSA-CHACHA20-POLY1305 + +# server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 +-e +-u +-f +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 +-B 4000,1359 +-u +-f +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 +-e +-u +-f +-v 3 +-s +-l DHE-PSK-CHACHA20-POLY1305 + +# client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 +-B 4000,1359 +-u +-f +-v 3 +-s +-l DHE-PSK-CHACHA20-POLY1305 + +# server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 +-e +-u +-f +-v 3 +-s +-l ECDHE-PSK-CHACHA20-POLY1305 + +# client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 +-B 4000,1359 +-u +-f +-v 3 +-s +-l ECDHE-PSK-CHACHA20-POLY1305 + +# server TLSv1.2 PSK-CHACHA20-POLY1305 +-e +-u +-f +-v 3 +-s +-l PSK-CHACHA20-POLY1305 + +# client TLSv1.2 PSK-CHACHA20-POLY1305 +-B 4000,1359 +-u +-f +-v 3 +-s +-l PSK-CHACHA20-POLY1305 + +# server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD +-e +-u +-f +-v 3 +-l DHE-RSA-CHACHA20-POLY1305-OLD + +# client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD +-B 4000,1359 +-u +-f +-v 3 +-l DHE-RSA-CHACHA20-POLY1305-OLD + +# server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD +-e +-u +-f +-v 3 +-l ECDHE-RSA-CHACHA20-POLY1305-OLD + +# client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD +-B 4000,1359 +-u +-f +-v 3 +-l ECDHE-RSA-CHACHA20-POLY1305-OLD + +# server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD +-e +-u +-f +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305-OLD +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD +-B 4000,1359 +-u +-f +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305-OLD +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.1 ECDHE-RSA-DES3 +-e +-u +-f +-v 2 +-l ECDHE-RSA-DES-CBC3-SHA + +# client DTLSv1.1 ECDHE-RSA-DES3 +-B 4000,1334 +-u +-f +-v 2 +-l ECDHE-RSA-DES-CBC3-SHA + +# server DTLSv1.1 ECDHE-RSA-AES128 +-e +-u +-f +-v 2 +-l ECDHE-RSA-AES128-SHA + +# client DTLSv1.1 ECDHE-RSA-AES128 +-B 4000,1310 +-u +-f +-v 2 +-l ECDHE-RSA-AES128-SHA + +# server DTLSv1.1 ECDHE-RSA-AES256 +-e +-u +-f +-v 2 +-l ECDHE-RSA-AES256-SHA + +# client DTLSv1.1 ECDHE-RSA-AES256 +-B 4000,1310 +-u +-f +-v 2 +-l ECDHE-RSA-AES256-SHA + +# server DTLSv1.2 ECDHE-RSA-DES3 +-e +-u +-f +-v 3 +-l ECDHE-RSA-DES-CBC3-SHA + +# client DTLSv1.2 ECDHE-RSA-DES3 +-B 4000,1334 +-u +-f +-v 3 +-l ECDHE-RSA-DES-CBC3-SHA + +# server DTLSv1.2 ECDHE-RSA-AES128 +-e +-u +-f +-v 3 +-l ECDHE-RSA-AES128-SHA + +# client DTLSv1.2 ECDHE-RSA-AES128 +-B 4000,1310 +-u +-f +-v 3 +-l ECDHE-RSA-AES128-SHA + +# server DTLSv1.2 ECDHE-RSA-AES128-SHA256 +-e +-u +-f +-v 3 +-l ECDHE-RSA-AES128-SHA256 + +# client DTLSv1.2 ECDHE-RSA-AES128-SHA256 +-B 4000,1298 +-u +-f +-v 3 +-l ECDHE-RSA-AES128-SHA256 + +# server DTLSv1.2 ECDHE-RSA-AES256 +-e +-u +-f +-v 3 +-l ECDHE-RSA-AES256-SHA + +# client DTLSv1.2 ECDHE-RSA-AES256 +-B 4000,1310 +-u +-f +-v 3 +-l ECDHE-RSA-AES256-SHA + +# server TLSv1 ECDHE-ECDSA-NULL-SHA +-e +-u +-f +-v 1 +-l ECDHE-ECDSA-NULL-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDHE-ECDSA-NULL-SHA +-B 4000,1355 +-u +-f +-v 1 +-l ECDHE-ECDSA-NULL-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.1 ECDHE-ECDSA-NULL-SHA +-e +-u +-f +-v 2 +-l ECDHE-ECDSA-NULL-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDHE-ECDSA-NULL-SHA +-B 4000,1355 +-u +-f +-v 2 +-l ECDHE-ECDSA-NULL-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-NULL-SHA +-e +-u +-f +-v 3 +-l ECDHE-ECDSA-NULL-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-NULL-SHA +-B 4000,1355 +-u +-f +-v 3 +-l ECDHE-ECDSA-NULL-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.1 ECDHE-ECDSA-DES3 +-e +-u +-f +-v 2 +-l ECDHE-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDHE-ECDSA-DES3 +-B 4000,1334 +-u +-f +-v 2 +-l ECDHE-ECDSA-DES-CBC3-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.1 ECDHE-ECDSA-AES128 +-e +-u +-f +-v 2 +-l ECDHE-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDHE-ECDSA-AES128 +-B 4000,1310 +-u +-f +-v 2 +-l ECDHE-ECDSA-AES128-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.1 ECDHE-ECDSA-AES256 +-e +-u +-f +-v 2 +-l ECDHE-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDHE-ECDSA-AES256 +-B 4000,1310 +-u +-f +-v 2 +-l ECDHE-ECDSA-AES256-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-DES3 +-e +-u +-f +-v 3 +-l ECDHE-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-DES3 +-B 4000,1334 +-u +-f +-v 3 +-l ECDHE-ECDSA-DES-CBC3-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES128 +-e +-u +-f +-v 3 +-l ECDHE-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128 +-B 4000,1310 +-u +-f +-v 3 +-l ECDHE-ECDSA-AES128-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 +-e +-u +-f +-v 3 +-l ECDHE-ECDSA-AES128-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 +-B 4000,1298 +-u +-f +-v 3 +-l ECDHE-ECDSA-AES128-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES256 +-e +-u +-f +-v 3 +-l ECDHE-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256 +-B 4000,1310 +-u +-f +-v 3 +-l ECDHE-ECDSA-AES256-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.1 ECDH-RSA-DES3 +-e +-u +-f +-v 2 +-l ECDH-RSA-DES-CBC3-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-RSA-DES3 +-B 4000,1334 +-u +-f +-v 2 +-l ECDH-RSA-DES-CBC3-SHA + +# server DTLSv1.1 ECDH-RSA-AES128 +-e +-u +-f +-v 2 +-l ECDH-RSA-AES128-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-RSA-AES128 +-B 4000,1310 +-u +-f +-v 2 +-l ECDH-RSA-AES128-SHA + +# server DTLSv1.1 ECDH-RSA-AES256 +-e +-u +-f +-v 2 +-l ECDH-RSA-AES256-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-RSA-AES256 +-B 4000,1310 +-u +-f +-v 2 +-l ECDH-RSA-AES256-SHA + +# server DTLSv1.2 ECDH-RSA-DES3 +-e +-u +-f +-v 3 +-l ECDH-RSA-DES-CBC3-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-DES3 +-B 4000,1334 +-u +-f +-v 3 +-l ECDH-RSA-DES-CBC3-SHA + +# server DTLSv1.2 ECDH-RSA-AES128 +-e +-u +-f +-v 3 +-l ECDH-RSA-AES128-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES128 +-B 4000,1310 +-u +-f +-v 3 +-l ECDH-RSA-AES128-SHA + +# server DTLSv1.2 ECDH-RSA-AES128-SHA256 +-e +-u +-f +-v 3 +-l ECDH-RSA-AES128-SHA256 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES128-SHA256 +-B 4000,1298 +-u +-f +-v 3 +-l ECDH-RSA-AES128-SHA256 + +# server DTLSv1.2 ECDH-RSA-AES256 +-e +-u +-f +-v 3 +-l ECDH-RSA-AES256-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES256 +-B 4000,1310 +-u +-f +-v 3 +-l ECDH-RSA-AES256-SHA + +# server DTLSv1.1 ECDH-ECDSA-DES3 +-e +-u +-f +-v 2 +-l ECDH-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-ECDSA-DES3 +-B 4000,1334 +-u +-f +-v 2 +-l ECDH-ECDSA-DES-CBC3-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.1 ECDH-ECDSA-AES128 +-e +-u +-f +-v 2 +-l ECDH-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-ECDSA-AES128 +-B 4000,1310 +-u +-f +-v 2 +-l ECDH-ECDSA-AES128-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.1 ECDH-ECDSA-AES256 +-e +-u +-f +-v 2 +-l ECDH-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-ECDSA-AES256 +-B 4000,1310 +-u +-f +-v 2 +-l ECDH-ECDSA-AES256-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-ECDSA-DES3 +-e +-u +-f +-v 3 +-l ECDH-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-DES3 +-B 4000,1334 +-u +-f +-v 3 +-l ECDH-ECDSA-DES-CBC3-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-ECDSA-AES128 +-e +-u +-f +-v 3 +-l ECDH-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES128 +-B 4000,1310 +-u +-f +-v 3 +-l ECDH-ECDSA-AES128-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-ECDSA-AES128-SHA256 +-e +-u +-f +-v 3 +-l ECDH-ECDSA-AES128-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES128-SHA256 +-B 4000,1298 +-u +-f +-v 3 +-l ECDH-ECDSA-AES128-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-ECDSA-AES256 +-e +-u +-f +-v 3 +-l ECDH-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES256 +-B 4000,1310 +-u +-f +-v 3 +-l ECDH-ECDSA-AES256-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-RSA-AES256-SHA384 +-e +-u +-f +-v 3 +-l ECDHE-RSA-AES256-SHA384 + +# client DTLSv1.2 ECDHE-RSA-AES256-SHA384 +-B 4000,1282 +-u +-f +-v 3 +-l ECDHE-RSA-AES256-SHA384 + +# server DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 +-e +-u +-f +-v 3 +-l ECDHE-ECDSA-AES256-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 +-B 4000,1282 +-u +-f +-v 3 +-l ECDHE-ECDSA-AES256-SHA384 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-RSA-AES256-SHA384 +-e +-u +-f +-v 3 +-l ECDH-RSA-AES256-SHA384 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES256-SHA384 +-B 4000,1282 +-u +-f +-v 3 +-l ECDH-RSA-AES256-SHA384 + +# server DTLSv1.2 ECDH-ECDSA-AES256-SHA384 +-e +-u +-f +-v 3 +-l ECDH-ECDSA-AES256-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES256-SHA384 +-B 4000,1282 +-u +-f +-v 3 +-l ECDH-ECDSA-AES256-SHA384 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-PSK-AES128-CBC-SHA256 +-e +-s +-u +-f +-v 3 +-l ECDHE-PSK-AES128-CBC-SHA256 + +# client TLSv1.2 ECDHE-PSK-AES128-CBC-SHA256 +-B 4000,1298 +-s +-u +-f +-v 3 +-l ECDHE-PSK-AES128-CBC-SHA256 + +# server TLSv1.2 ECDHE-PSK-NULL-SHA256 +-e +-s +-u +-f +-v 3 +-l ECDHE-PSK-NULL-SHA256 + +# client TLSv1.2 ECDHE-PSK-NULL-SHA256 +-B 4000,1343 +-s +-u +-f +-v 3 +-l ECDHE-PSK-NULL-SHA256 + +# server DTLSv1 PSK-AES128 +-e +-s +-u +-f +-v 2 +-l PSK-AES128-CBC-SHA + +# client DTLSv1 PSK-AES128 +-B 4000,1310 +-s +-u +-f +-v 2 +-l PSK-AES128-CBC-SHA + +# server DTLSv1 PSK-AES256 +-e +-s +-u +-f +-v 2 +-l PSK-AES256-CBC-SHA + +# client DTLSv1 PSK-AES256 +-B 4000,1310 +-s +-u +-f +-v 2 +-l PSK-AES256-CBC-SHA + +# server DTLSv1.2 PSK-AES128 +-e +-s +-u +-f +-v 3 +-l PSK-AES128-CBC-SHA + +# client DTLSv1.2 PSK-AES128 +-B 4000,1310 +-s +-u +-f +-v 3 +-l PSK-AES128-CBC-SHA + +# server DTLSv1.2 PSK-AES256 +-e +-s +-u +-f +-v 3 +-l PSK-AES256-CBC-SHA + +# client DTLSv1.2 PSK-AES256 +-B 4000,1310 +-s +-u +-f +-v 3 +-l PSK-AES256-CBC-SHA + +# server DTLSv1.2 PSK-AES128-SHA256 +-e +-s +-u +-f +-v 3 +-l PSK-AES128-CBC-SHA256 + +# client DTLSv1.2 PSK-AES128-SHA256 +-B 4000,1298 +-s +-u +-f +-v 3 +-l PSK-AES128-CBC-SHA256 + +# server DTLSv1.2 PSK-AES256-SHA384 +-e +-s +-u +-f +-v 3 +-l PSK-AES256-CBC-SHA384 + +# client DTLSv1.2 PSK-AES256-SHA384 +-B 4000,1282 +-s +-u +-f +-v 3 +-l PSK-AES256-CBC-SHA384 + +# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 +-e +-u +-f +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 +-B 4000,1351 +-u +-f +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-e +-u +-f +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-B 4000,1351 +-u +-f +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 +-e +-u +-f +-v 3 +-l ECDH-ECDSA-AES128-GCM-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 +-B 4000,1351 +-u +-f +-v 3 +-l ECDH-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 +-e +-u +-f +-v 3 +-l ECDH-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 +-B 4000,1351 +-u +-f +-v 3 +-l ECDH-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 +-e +-u +-f +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 + +# client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 +-B 4000,1351 +-u +-f +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 + +# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-e +-u +-f +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-B 4000,1351 +-u +-f +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 +-e +-u +-f +-v 3 +-l ECDH-RSA-AES128-GCM-SHA256 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 +-B 4000,1351 +-u +-f +-v 3 +-l ECDH-RSA-AES128-GCM-SHA256 + +# server DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 +-e +-u +-f +-v 3 +-l ECDH-RSA-AES256-GCM-SHA384 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 +-B 4000,1351 +-u +-f +-v 3 +-l ECDH-RSA-AES256-GCM-SHA384 + +# server DTLSv1.2 PSK-AES128-GCM-SHA256 +-e +-u +-f +-s +-v 3 +-l PSK-AES128-GCM-SHA256 + +# client DTLSv1.2 PSK-AES128-GCM-SHA256 +-B 4000,1351 +-u +-f +-s +-v 3 +-l PSK-AES128-GCM-SHA256 + +# server DTLSv1.2 PSK-AES256-GCM-SHA384 +-e +-u +-f +-s +-v 3 +-l PSK-AES256-GCM-SHA384 + +# client DTLSv1.2 PSK-AES256-GCM-SHA384 +-B 4000,1351 +-u +-f +-s +-v 3 +-l PSK-AES256-GCM-SHA384 + +# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM +-e +-u +-f +-v 3 +-l ECDHE-ECDSA-AES128-CCM +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM +-B 4000,1351 +-u +-f +-v 3 +-l ECDHE-ECDSA-AES128-CCM +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 +-e +-u +-f +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 +-B 4000,1359 +-u +-f +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 +-e +-u +-f +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 +-B 4000,1359 +-u +-f +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias) +-e +-u +-f +-v 3 +-l ECDHE-ECDSA-AES128-CCM8 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias) +-B 4000,1359 +-u +-f +-v 3 +-l ECDHE-ECDSA-AES128-CCM8 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias) +-e +-u +-f +-v 3 +-l ECDHE-ECDSA-AES256-CCM8 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias) +-B 4000,1359 +-u +-f +-v 3 +-l ECDHE-ECDSA-AES256-CCM8 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ADH-AES128-SHA +-e +-u +-f +-a +-v 3 +-l ADH-AES128-SHA + +# client DTLSv1.2 ADH-AES128-SHA +-B 4000,1310 +-u +-f +-a +-v 3 +-l ADH-AES128-SHA + +# server DTLSv1.0 ADH-AES128-SHA +-e +-u +-f +-a +-v 2 +-l ADH-AES128-SHA + +# client DTLSv1.0 ADH-AES128-SHA +-B 4000,1310 +-u +-f +-a +-v 2 +-l ADH-AES128-SHA + +# server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 +-e -u 1024 -f -v 3 -l DHE-RSA-CHACHA20-POLY1305 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 +-B 4000,983 -u 1024 -f -v 3 -l DHE-RSA-CHACHA20-POLY1305 # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 +-e -u 1024 -f -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 +-B 4000,983 -u 1024 -f -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 +-e -u 1024 -f -v 3 @@ -31,6 +1142,7 @@ -k ./certs/ecc-key.pem # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 +-B 4000,983 -u 1024 -f -v 3 @@ -38,6 +1150,7 @@ -A ./certs/ca-ecc-cert.pem # server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 +-e -u 1024 -f -v 3 @@ -45,6 +1158,7 @@ -l DHE-PSK-CHACHA20-POLY1305 # client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 +-B 4000,983 -u 1024 -f -v 3 @@ -52,6 +1166,7 @@ -l DHE-PSK-CHACHA20-POLY1305 # server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 +-e -u 1024 -f -v 3 @@ -59,6 +1174,7 @@ -l ECDHE-PSK-CHACHA20-POLY1305 # client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 +-B 4000,983 -u 1024 -f -v 3 @@ -66,6 +1182,7 @@ -l ECDHE-PSK-CHACHA20-POLY1305 # server TLSv1.2 PSK-CHACHA20-POLY1305 +-e -u 1024 -f -v 3 @@ -73,6 +1190,7 @@ -l PSK-CHACHA20-POLY1305 # client TLSv1.2 PSK-CHACHA20-POLY1305 +-B 4000,983 -u 1024 -f -v 3 @@ -80,30 +1198,35 @@ -l PSK-CHACHA20-POLY1305 # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD +-e -u 1024 -f -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD +-B 4000,983 -u 1024 -f -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD +-e -u 1024 -f -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD +-B 4000,983 -u 1024 -f -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD +-e -u 1024 -f -v 3 @@ -112,12 +1235,995 @@ -k ./certs/ecc-key.pem # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD +-B 4000,983 -u 1024 -f -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -A ./certs/ca-ecc-cert.pem +# server DTLSv1.1 ECDHE-RSA-DES3 +-e +-u 1024 +-f +-v 2 +-l ECDHE-RSA-DES-CBC3-SHA + +# client DTLSv1.1 ECDHE-RSA-DES3 +-B 4000,958 +-u 1024 +-f +-v 2 +-l ECDHE-RSA-DES-CBC3-SHA + +# server DTLSv1.1 ECDHE-RSA-AES128 +-e +-u 1024 +-f +-v 2 +-l ECDHE-RSA-AES128-SHA + +# client DTLSv1.1 ECDHE-RSA-AES128 +-B 4000,934 +-u 1024 +-f +-v 2 +-l ECDHE-RSA-AES128-SHA + +# server DTLSv1.1 ECDHE-RSA-AES256 +-e +-u 1024 +-f +-v 2 +-l ECDHE-RSA-AES256-SHA + +# client DTLSv1.1 ECDHE-RSA-AES256 +-B 4000,934 +-u 1024 +-f +-v 2 +-l ECDHE-RSA-AES256-SHA + +# server DTLSv1.2 ECDHE-RSA-DES3 +-e +-u 1024 +-f +-v 3 +-l ECDHE-RSA-DES-CBC3-SHA + +# client DTLSv1.2 ECDHE-RSA-DES3 +-B 4000,958 +-u 1024 +-f +-v 3 +-l ECDHE-RSA-DES-CBC3-SHA + +# server DTLSv1.2 ECDHE-RSA-AES128 +-e +-u 1024 +-f +-v 3 +-l ECDHE-RSA-AES128-SHA + +# client DTLSv1.2 ECDHE-RSA-AES128 +-B 4000,934 +-u 1024 +-f +-v 3 +-l ECDHE-RSA-AES128-SHA + +# server DTLSv1.2 ECDHE-RSA-AES128-SHA256 +-e +-u 1024 +-f +-v 3 +-l ECDHE-RSA-AES128-SHA256 + +# client DTLSv1.2 ECDHE-RSA-AES128-SHA256 +-B 4000,922 +-u 1024 +-f +-v 3 +-l ECDHE-RSA-AES128-SHA256 + +# server DTLSv1.2 ECDHE-RSA-AES256 +-e +-u 1024 +-f +-v 3 +-l ECDHE-RSA-AES256-SHA + +# client DTLSv1.2 ECDHE-RSA-AES256 +-B 4000,934 +-u 1024 +-f +-v 3 +-l ECDHE-RSA-AES256-SHA + +# server TLSv1 ECDHE-ECDSA-NULL-SHA +-e +-u 1024 +-f +-v 1 +-l ECDHE-ECDSA-NULL-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDHE-ECDSA-NULL-SHA +-B 4000,979 +-u 1024 +-f +-v 1 +-l ECDHE-ECDSA-NULL-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.1 ECDHE-ECDSA-NULL-SHA +-e +-u 1024 +-f +-v 2 +-l ECDHE-ECDSA-NULL-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDHE-ECDSA-NULL-SHA +-B 4000,979 +-u 1024 +-f +-v 2 +-l ECDHE-ECDSA-NULL-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-NULL-SHA +-e +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-NULL-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-NULL-SHA +-B 4000,979 +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-NULL-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.1 ECDHE-ECDSA-DES3 +-e +-u 1024 +-f +-v 2 +-l ECDHE-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDHE-ECDSA-DES3 +-B 4000,958 +-u 1024 +-f +-v 2 +-l ECDHE-ECDSA-DES-CBC3-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.1 ECDHE-ECDSA-AES128 +-e +-u 1024 +-f +-v 2 +-l ECDHE-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDHE-ECDSA-AES128 +-B 4000,934 +-u 1024 +-f +-v 2 +-l ECDHE-ECDSA-AES128-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.1 ECDHE-ECDSA-AES256 +-e +-u 1024 +-f +-v 2 +-l ECDHE-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDHE-ECDSA-AES256 +-B 4000,934 +-u 1024 +-f +-v 2 +-l ECDHE-ECDSA-AES256-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-DES3 +-e +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-DES3 +-B 4000,958 +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-DES-CBC3-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES128 +-e +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128 +-B 4000,934 +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES128-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 +-e +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES128-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 +-B 4000,922 +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES128-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES256 +-e +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256 +-B 4000,934 +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES256-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.1 ECDH-RSA-DES3 +-e +-u 1024 +-f +-v 2 +-l ECDH-RSA-DES-CBC3-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-RSA-DES3 +-B 4000,958 +-u 1024 +-f +-v 2 +-l ECDH-RSA-DES-CBC3-SHA + +# server DTLSv1.1 ECDH-RSA-AES128 +-e +-u 1024 +-f +-v 2 +-l ECDH-RSA-AES128-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-RSA-AES128 +-B 4000,934 +-u 1024 +-f +-v 2 +-l ECDH-RSA-AES128-SHA + +# server DTLSv1.1 ECDH-RSA-AES256 +-e +-u 1024 +-f +-v 2 +-l ECDH-RSA-AES256-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-RSA-AES256 +-B 4000,934 +-u 1024 +-f +-v 2 +-l ECDH-RSA-AES256-SHA + +# server DTLSv1.2 ECDH-RSA-DES3 +-e +-u 1024 +-f +-v 3 +-l ECDH-RSA-DES-CBC3-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-DES3 +-B 4000,958 +-u 1024 +-f +-v 3 +-l ECDH-RSA-DES-CBC3-SHA + +# server DTLSv1.2 ECDH-RSA-AES128 +-e +-u 1024 +-f +-v 3 +-l ECDH-RSA-AES128-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES128 +-B 4000,934 +-u 1024 +-f +-v 3 +-l ECDH-RSA-AES128-SHA + +# server DTLSv1.2 ECDH-RSA-AES128-SHA256 +-e +-u 1024 +-f +-v 3 +-l ECDH-RSA-AES128-SHA256 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES128-SHA256 +-B 4000,922 +-u 1024 +-f +-v 3 +-l ECDH-RSA-AES128-SHA256 + +# server DTLSv1.2 ECDH-RSA-AES256 +-e +-u 1024 +-f +-v 3 +-l ECDH-RSA-AES256-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES256 +-B 4000,934 +-u 1024 +-f +-v 3 +-l ECDH-RSA-AES256-SHA + +# server DTLSv1.1 ECDH-ECDSA-DES3 +-e +-u 1024 +-f +-v 2 +-l ECDH-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-ECDSA-DES3 +-B 4000,958 +-u 1024 +-f +-v 2 +-l ECDH-ECDSA-DES-CBC3-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.1 ECDH-ECDSA-AES128 +-e +-u 1024 +-f +-v 2 +-l ECDH-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-ECDSA-AES128 +-B 4000,934 +-u 1024 +-f +-v 2 +-l ECDH-ECDSA-AES128-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.1 ECDH-ECDSA-AES256 +-e +-u 1024 +-f +-v 2 +-l ECDH-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-ECDSA-AES256 +-B 4000,934 +-u 1024 +-f +-v 2 +-l ECDH-ECDSA-AES256-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-ECDSA-DES3 +-e +-u 1024 +-f +-v 3 +-l ECDH-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-DES3 +-B 4000,958 +-u 1024 +-f +-v 3 +-l ECDH-ECDSA-DES-CBC3-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-ECDSA-AES128 +-e +-u 1024 +-f +-v 3 +-l ECDH-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES128 +-B 4000,934 +-u 1024 +-f +-v 3 +-l ECDH-ECDSA-AES128-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-ECDSA-AES128-SHA256 +-e +-u 1024 +-f +-v 3 +-l ECDH-ECDSA-AES128-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES128-SHA256 +-B 4000,922 +-u 1024 +-f +-v 3 +-l ECDH-ECDSA-AES128-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-ECDSA-AES256 +-e +-u 1024 +-f +-v 3 +-l ECDH-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES256 +-B 4000,934 +-u 1024 +-f +-v 3 +-l ECDH-ECDSA-AES256-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-RSA-AES256-SHA384 +-e +-u 1024 +-f +-v 3 +-l ECDHE-RSA-AES256-SHA384 + +# client DTLSv1.2 ECDHE-RSA-AES256-SHA384 +-B 4000,906 +-u 1024 +-f +-v 3 +-l ECDHE-RSA-AES256-SHA384 + +# server DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 +-e +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES256-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 +-B 4000,906 +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES256-SHA384 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-RSA-AES256-SHA384 +-e +-u 1024 +-f +-v 3 +-l ECDH-RSA-AES256-SHA384 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES256-SHA384 +-B 4000,906 +-u 1024 +-f +-v 3 +-l ECDH-RSA-AES256-SHA384 + +# server DTLSv1.2 ECDH-ECDSA-AES256-SHA384 +-e +-u 1024 +-f +-v 3 +-l ECDH-ECDSA-AES256-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES256-SHA384 +-B 4000,906 +-u 1024 +-f +-v 3 +-l ECDH-ECDSA-AES256-SHA384 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-PSK-AES128-CBC-SHA256 +-e +-s +-u 1024 +-f +-v 3 +-l ECDHE-PSK-AES128-CBC-SHA256 + +# client TLSv1.2 ECDHE-PSK-AES128-CBC-SHA256 +-B 4000,922 +-s +-u 1024 +-f +-v 3 +-l ECDHE-PSK-AES128-CBC-SHA256 + +# server TLSv1.2 ECDHE-PSK-AES128-SHA256 +-s +-u 1024 +-f +-v 3 +-l ECDHE-PSK-AES128-SHA256 + +# client TLSv1.2 ECDHE-PSK-AES128-SHA256 +-s +-u 1024 +-f +-v 3 +-l ECDHE-PSK-AES128-SHA256 + +# server TLSv1.2 ECDHE-PSK-NULL-SHA256 +-e +-s +-u 1024 +-f +-v 3 +-l ECDHE-PSK-NULL-SHA256 + +# client TLSv1.2 ECDHE-PSK-NULL-SHA256 +-B 4000,967 +-s +-u 1024 +-f +-v 3 +-l ECDHE-PSK-NULL-SHA256 + +# server DTLSv1 PSK-AES128 +-e +-s +-u 1024 +-f +-v 2 +-l PSK-AES128-CBC-SHA + +# client DTLSv1 PSK-AES128 +-B 4000,934 +-s +-u 1024 +-f +-v 2 +-l PSK-AES128-CBC-SHA + +# server DTLSv1 PSK-AES256 +-e +-s +-u 1024 +-f +-v 2 +-l PSK-AES256-CBC-SHA + +# client DTLSv1 PSK-AES256 +-B 4000,934 +-s +-u 1024 +-f +-v 2 +-l PSK-AES256-CBC-SHA + +# server DTLSv1.2 PSK-AES128 +-e +-s +-u 1024 +-f +-v 3 +-l PSK-AES128-CBC-SHA + +# client DTLSv1.2 PSK-AES128 +-B 4000,934 +-s +-u 1024 +-f +-v 3 +-l PSK-AES128-CBC-SHA + +# server DTLSv1.2 PSK-AES256 +-e +-s +-u 1024 +-f +-v 3 +-l PSK-AES256-CBC-SHA + +# client DTLSv1.2 PSK-AES256 +-B 4000,934 +-s +-u 1024 +-f +-v 3 +-l PSK-AES256-CBC-SHA + +# server DTLSv1.2 PSK-AES128-SHA256 +-e +-s +-u 1024 +-f +-v 3 +-l PSK-AES128-CBC-SHA256 + +# client DTLSv1.2 PSK-AES128-SHA256 +-B 4000,922 +-s +-u 1024 +-f +-v 3 +-l PSK-AES128-CBC-SHA256 + +# server DTLSv1.2 PSK-AES256-SHA384 +-e +-s +-u 1024 +-f +-v 3 +-l PSK-AES256-CBC-SHA384 + +# client DTLSv1.2 PSK-AES256-SHA384 +-B 4000,906 +-s +-u 1024 +-f +-v 3 +-l PSK-AES256-CBC-SHA384 + +# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 +-e +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 +-B 4000,975 +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-e +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-B 4000,975 +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 +-e +-u 1024 +-f +-v 3 +-l ECDH-ECDSA-AES128-GCM-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 +-B 4000,975 +-u 1024 +-f +-v 3 +-l ECDH-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 +-e +-u 1024 +-f +-v 3 +-l ECDH-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 +-B 4000,975 +-u 1024 +-f +-v 3 +-l ECDH-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 +-e +-u 1024 +-f +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 + +# client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 +-B 4000,975 +-u 1024 +-f +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 + +# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-e +-u 1024 +-f +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-B 4000,975 +-u 1024 +-f +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 +-e +-u 1024 +-f +-v 3 +-l ECDH-RSA-AES128-GCM-SHA256 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 +-B 4000,975 +-u 1024 +-f +-v 3 +-l ECDH-RSA-AES128-GCM-SHA256 + +# server DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 +-e +-u 1024 +-f +-v 3 +-l ECDH-RSA-AES256-GCM-SHA384 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 +-B 4000,975 +-u 1024 +-f +-v 3 +-l ECDH-RSA-AES256-GCM-SHA384 + +# server DTLSv1.2 PSK-AES128-GCM-SHA256 +-e +-u 1024 +-f +-s +-v 3 +-l PSK-AES128-GCM-SHA256 + +# client DTLSv1.2 PSK-AES128-GCM-SHA256 +-B 4000,975 +-u 1024 +-f +-s +-v 3 +-l PSK-AES128-GCM-SHA256 + +# server DTLSv1.2 PSK-AES256-GCM-SHA384 +-e +-u 1024 +-f +-s +-v 3 +-l PSK-AES256-GCM-SHA384 + +# client DTLSv1.2 PSK-AES256-GCM-SHA384 +-B 4000,975 +-u 1024 +-f +-s +-v 3 +-l PSK-AES256-GCM-SHA384 + +# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM +-e +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES128-CCM +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM +-B 4000,975 +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES128-CCM +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 +-e +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 +-B 4000,983 +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 +-e +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 +-B 4000,983 +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias) +-e +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES128-CCM8 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias) +-B 4000,983 +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES128-CCM8 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias) +-e +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES256-CCM8 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias) +-B 4000,983 +-u 1024 +-f +-v 3 +-l ECDHE-ECDSA-AES256-CCM8 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ADH-AES128-SHA +-e +-u 1024 +-f +-a +-v 3 +-l ADH-AES128-SHA + +# client DTLSv1.2 ADH-AES128-SHA +-B 4000,934 +-u 1024 +-f +-a +-v 3 +-l ADH-AES128-SHA + +# server DTLSv1.0 ADH-AES128-SHA +-e +-u 1024 +-f +-a +-v 2 +-l ADH-AES128-SHA + +# client DTLSv1.0 ADH-AES128-SHA +-B 4000,934 +-u 1024 +-f +-a +-v 2 +-l ADH-AES128-SHA + # server DTLSv1 IDEA-CBC-SHA -u 1024 -f @@ -226,879 +2332,36 @@ -v 3 -l AES256-SHA256 -# server DTLSv1.1 ECDHE-RSA-DES3 --u 1024 --f --v 2 --l ECDHE-RSA-DES-CBC3-SHA - -# client DTLSv1.1 ECDHE-RSA-DES3 --u 1024 --f --v 2 --l ECDHE-RSA-DES-CBC3-SHA - -# server DTLSv1.1 ECDHE-RSA-AES128 --u 1024 --f --v 2 --l ECDHE-RSA-AES128-SHA - -# client DTLSv1.1 ECDHE-RSA-AES128 --u 1024 --f --v 2 --l ECDHE-RSA-AES128-SHA - -# server DTLSv1.1 ECDHE-RSA-AES256 --u 1024 --f --v 2 --l ECDHE-RSA-AES256-SHA - -# client DTLSv1.1 ECDHE-RSA-AES256 --u 1024 --f --v 2 --l ECDHE-RSA-AES256-SHA - -# server DTLSv1.2 ECDHE-RSA-DES3 --u 1024 --f --v 3 --l ECDHE-RSA-DES-CBC3-SHA - -# client DTLSv1.2 ECDHE-RSA-DES3 --u 1024 --f --v 3 --l ECDHE-RSA-DES-CBC3-SHA - -# server DTLSv1.2 ECDHE-RSA-AES128 --u 1024 --f --v 3 --l ECDHE-RSA-AES128-SHA - -# client DTLSv1.2 ECDHE-RSA-AES128 --u 1024 --f --v 3 --l ECDHE-RSA-AES128-SHA - -# server DTLSv1.2 ECDHE-RSA-AES128-SHA256 --u 1024 --f --v 3 --l ECDHE-RSA-AES128-SHA256 - -# client DTLSv1.2 ECDHE-RSA-AES128-SHA256 --u 1024 --f --v 3 --l ECDHE-RSA-AES128-SHA256 - -# server DTLSv1.2 ECDHE-RSA-AES256 --u 1024 --f --v 3 --l ECDHE-RSA-AES256-SHA - -# client DTLSv1.2 ECDHE-RSA-AES256 --u 1024 --f --v 3 --l ECDHE-RSA-AES256-SHA - -# server TLSv1 ECDHE-ECDSA-NULL-SHA --u 1024 --f --v 1 --l ECDHE-ECDSA-NULL-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client TLSv1 ECDHE-ECDSA-NULL-SHA --u 1024 --f --v 1 --l ECDHE-ECDSA-NULL-SHA --A ./certs/ca-ecc-cert.pem - -# server TLSv1.1 ECDHE-ECDSA-NULL-SHA --u 1024 --f --v 2 --l ECDHE-ECDSA-NULL-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client TLSv1 ECDHE-ECDSA-NULL-SHA --u 1024 --f --v 2 --l ECDHE-ECDSA-NULL-SHA --A ./certs/ca-ecc-cert.pem - -# server TLSv1.2 ECDHE-ECDSA-NULL-SHA --u 1024 --f --v 3 --l ECDHE-ECDSA-NULL-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client TLSv1.2 ECDHE-ECDSA-NULL-SHA --u 1024 --f --v 3 --l ECDHE-ECDSA-NULL-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.1 ECDHE-ECDSA-DES3 --u 1024 --f --v 2 --l ECDHE-ECDSA-DES-CBC3-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.1 ECDHE-ECDSA-DES3 --u 1024 --f --v 2 --l ECDHE-ECDSA-DES-CBC3-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.1 ECDHE-ECDSA-AES128 --u 1024 --f --v 2 --l ECDHE-ECDSA-AES128-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.1 ECDHE-ECDSA-AES128 --u 1024 --f --v 2 --l ECDHE-ECDSA-AES128-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.1 ECDHE-ECDSA-AES256 --u 1024 --f --v 2 --l ECDHE-ECDSA-AES256-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.1 ECDHE-ECDSA-AES256 --u 1024 --f --v 2 --l ECDHE-ECDSA-AES256-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-ECDSA-DES3 --u 1024 --f --v 3 --l ECDHE-ECDSA-DES-CBC3-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-DES3 --u 1024 --f --v 3 --l ECDHE-ECDSA-DES-CBC3-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-ECDSA-AES128 --u 1024 --f --v 3 --l ECDHE-ECDSA-AES128-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES128 --u 1024 --f --v 3 --l ECDHE-ECDSA-AES128-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 --u 1024 --f --v 3 --l ECDHE-ECDSA-AES128-SHA256 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 --u 1024 --f --v 3 --l ECDHE-ECDSA-AES128-SHA256 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-ECDSA-AES256 --u 1024 --f --v 3 --l ECDHE-ECDSA-AES256-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES256 --u 1024 --f --v 3 --l ECDHE-ECDSA-AES256-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.1 ECDH-RSA-DES3 --u 1024 --f --v 2 --l ECDH-RSA-DES-CBC3-SHA --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.1 ECDH-RSA-DES3 --u 1024 --f --v 2 --l ECDH-RSA-DES-CBC3-SHA - -# server DTLSv1.1 ECDH-RSA-AES128 --u 1024 --f --v 2 --l ECDH-RSA-AES128-SHA --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.1 ECDH-RSA-AES128 --u 1024 --f --v 2 --l ECDH-RSA-AES128-SHA - -# server DTLSv1.1 ECDH-RSA-AES256 --u 1024 --f --v 2 --l ECDH-RSA-AES256-SHA --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.1 ECDH-RSA-AES256 --u 1024 --f --v 2 --l ECDH-RSA-AES256-SHA - -# server DTLSv1.2 ECDH-RSA-DES3 --u 1024 --f --v 3 --l ECDH-RSA-DES-CBC3-SHA --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-RSA-DES3 --u 1024 --f --v 3 --l ECDH-RSA-DES-CBC3-SHA - -# server DTLSv1.2 ECDH-RSA-AES128 --u 1024 --f --v 3 --l ECDH-RSA-AES128-SHA --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-RSA-AES128 --u 1024 --f --v 3 --l ECDH-RSA-AES128-SHA - -# server DTLSv1.2 ECDH-RSA-AES128-SHA256 --u 1024 --f --v 3 --l ECDH-RSA-AES128-SHA256 --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-RSA-AES128-SHA256 --u 1024 --f --v 3 --l ECDH-RSA-AES128-SHA256 - -# server DTLSv1.2 ECDH-RSA-AES256 --u 1024 --f --v 3 --l ECDH-RSA-AES256-SHA --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-RSA-AES256 --u 1024 --f --v 3 --l ECDH-RSA-AES256-SHA - -# server DTLSv1.1 ECDH-ECDSA-DES3 --u 1024 --f --v 2 --l ECDH-ECDSA-DES-CBC3-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.1 ECDH-ECDSA-DES3 --u 1024 --f --v 2 --l ECDH-ECDSA-DES-CBC3-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.1 ECDH-ECDSA-AES128 --u 1024 --f --v 2 --l ECDH-ECDSA-AES128-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.1 ECDH-ECDSA-AES128 --u 1024 --f --v 2 --l ECDH-ECDSA-AES128-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.1 ECDH-ECDSA-AES256 --u 1024 --f --v 2 --l ECDH-ECDSA-AES256-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.1 ECDH-ECDSA-AES256 --u 1024 --f --v 2 --l ECDH-ECDSA-AES256-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDH-ECDSA-DES3 --u 1024 --f --v 3 --l ECDH-ECDSA-DES-CBC3-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-ECDSA-DES3 --u 1024 --f --v 3 --l ECDH-ECDSA-DES-CBC3-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDH-ECDSA-AES128 --u 1024 --f --v 3 --l ECDH-ECDSA-AES128-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-ECDSA-AES128 --u 1024 --f --v 3 --l ECDH-ECDSA-AES128-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDH-ECDSA-AES128-SHA256 --u 1024 --f --v 3 --l ECDH-ECDSA-AES128-SHA256 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-ECDSA-AES128-SHA256 --u 1024 --f --v 3 --l ECDH-ECDSA-AES128-SHA256 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDH-ECDSA-AES256 --u 1024 --f --v 3 --l ECDH-ECDSA-AES256-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-ECDSA-AES256 --u 1024 --f --v 3 --l ECDH-ECDSA-AES256-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-RSA-AES256-SHA384 --u 1024 --f --v 3 --l ECDHE-RSA-AES256-SHA384 - -# client DTLSv1.2 ECDHE-RSA-AES256-SHA384 --u 1024 --f --v 3 --l ECDHE-RSA-AES256-SHA384 - -# server DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 --u 1024 --f --v 3 --l ECDHE-ECDSA-AES256-SHA384 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 --u 1024 --f --v 3 --l ECDHE-ECDSA-AES256-SHA384 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDH-RSA-AES256-SHA384 --u 1024 --f --v 3 --l ECDH-RSA-AES256-SHA384 --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-RSA-AES256-SHA384 --u 1024 --f --v 3 --l ECDH-RSA-AES256-SHA384 - -# server DTLSv1.2 ECDH-ECDSA-AES256-SHA384 --u 1024 --f --v 3 --l ECDH-ECDSA-AES256-SHA384 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-ECDSA-AES256-SHA384 --u 1024 --f --v 3 --l ECDH-ECDSA-AES256-SHA384 --A ./certs/ca-ecc-cert.pem - -# server TLSv1.2 ECDHE-PSK-AES128-SHA256 --s --u 1024 --f --v 3 --l ECDHE-PSK-AES128-SHA256 - -# client TLSv1.2 ECDHE-PSK-AES128-SHA256 --s --u 1024 --f --v 3 --l ECDHE-PSK-AES128-SHA256 - -# server TLSv1.2 ECDHE-PSK-NULL-SHA256 --s --u 1024 --f --v 3 --l ECDHE-PSK-NULL-SHA256 - -# client TLSv1.2 ECDHE-PSK-NULL-SHA256 --s --u 1024 --f --v 3 --l ECDHE-PSK-NULL-SHA256 - -# server DTLSv1 PSK-AES128 --s --u 1024 --f --v 2 --l PSK-AES128-CBC-SHA - -# client DTLSv1 PSK-AES128 --s --u 1024 --f --v 2 --l PSK-AES128-CBC-SHA - -# server DTLSv1 PSK-AES256 --s --u 1024 --f --v 2 --l PSK-AES256-CBC-SHA - -# client DTLSv1 PSK-AES256 --s --u 1024 --f --v 2 --l PSK-AES256-CBC-SHA - -# server DTLSv1.2 PSK-AES128 --s --u 1024 --f --v 3 --l PSK-AES128-CBC-SHA - -# client DTLSv1.2 PSK-AES128 --s --u 1024 --f --v 3 --l PSK-AES128-CBC-SHA - -# server DTLSv1.2 PSK-AES256 --s --u 1024 --f --v 3 --l PSK-AES256-CBC-SHA - -# client DTLSv1.2 PSK-AES256 --s --u 1024 --f --v 3 --l PSK-AES256-CBC-SHA - -# server DTLSv1.2 PSK-AES128-SHA256 --s --u 1024 --f --v 3 --l PSK-AES128-CBC-SHA256 - -# client DTLSv1.2 PSK-AES128-SHA256 --s --u 1024 --f --v 3 --l PSK-AES128-CBC-SHA256 - -# server DTLSv1.2 PSK-AES256-SHA384 --s --u 1024 --f --v 3 --l PSK-AES256-CBC-SHA384 - -# client DTLSv1.2 PSK-AES256-SHA384 --s --u 1024 --f --v 3 --l PSK-AES256-CBC-SHA384 - -# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 --u 1024 --f --v 3 --l ECDHE-ECDSA-AES128-GCM-SHA256 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 --u 1024 --f --v 3 --l ECDHE-ECDSA-AES128-GCM-SHA256 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 --u 1024 --f --v 3 --l ECDHE-ECDSA-AES256-GCM-SHA384 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 --u 1024 --f --v 3 --l ECDHE-ECDSA-AES256-GCM-SHA384 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 --u 1024 --f --v 3 --l ECDH-ECDSA-AES128-GCM-SHA256 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 --u 1024 --f --v 3 --l ECDH-ECDSA-AES128-GCM-SHA256 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 --u 1024 --f --v 3 --l ECDH-ECDSA-AES256-GCM-SHA384 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 --u 1024 --f --v 3 --l ECDH-ECDSA-AES256-GCM-SHA384 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 --u 1024 --f --v 3 --l ECDHE-RSA-AES128-GCM-SHA256 - -# client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 --u 1024 --f --v 3 --l ECDHE-RSA-AES128-GCM-SHA256 - -# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 --u 1024 --f --v 3 --l ECDHE-RSA-AES256-GCM-SHA384 - -# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 --u 1024 --f --v 3 --l ECDHE-RSA-AES256-GCM-SHA384 - -# server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 --u 1024 --f --v 3 --l ECDH-RSA-AES128-GCM-SHA256 --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 --u 1024 --f --v 3 --l ECDH-RSA-AES128-GCM-SHA256 - -# server DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 --u 1024 --f --v 3 --l ECDH-RSA-AES256-GCM-SHA384 --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 --u 1024 --f --v 3 --l ECDH-RSA-AES256-GCM-SHA384 - -# server DTLSv1.2 PSK-AES128-GCM-SHA256 --u 1024 --f --s --v 3 --l PSK-AES128-GCM-SHA256 - -# client DTLSv1.2 PSK-AES128-GCM-SHA256 --u 1024 --f --s --v 3 --l PSK-AES128-GCM-SHA256 - -# server DTLSv1.2 PSK-AES256-GCM-SHA384 --u 1024 --f --s --v 3 --l PSK-AES256-GCM-SHA384 - -# client DTLSv1.2 PSK-AES256-GCM-SHA384 --u 1024 --f --s --v 3 --l PSK-AES256-GCM-SHA384 - -# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM --u 1024 --f --v 3 --l ECDHE-ECDSA-AES128-CCM --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM --u 1024 --f --v 3 --l ECDHE-ECDSA-AES128-CCM --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 --u 1024 --f --v 3 --l ECDHE-ECDSA-AES128-CCM-8 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 --u 1024 --f --v 3 --l ECDHE-ECDSA-AES128-CCM-8 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 --u 1024 --f --v 3 --l ECDHE-ECDSA-AES256-CCM-8 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 --u 1024 --f --v 3 --l ECDHE-ECDSA-AES256-CCM-8 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias) --u 1024 --f --v 3 --l ECDHE-ECDSA-AES128-CCM8 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias) --u 1024 --f --v 3 --l ECDHE-ECDSA-AES128-CCM8 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias) --u 1024 --f --v 3 --l ECDHE-ECDSA-AES256-CCM8 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias) --u 1024 --f --v 3 --l ECDHE-ECDSA-AES256-CCM8 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ADH-AES128-SHA --u 1024 --f --a --v 3 --l ADH-AES128-SHA - -# client DTLSv1.2 ADH-AES128-SHA --u 1024 --f --a --v 3 --l ADH-AES128-SHA - -# server DTLSv1.0 ADH-AES128-SHA --u 1024 --f --a --v 2 --l ADH-AES128-SHA - -# client DTLSv1.0 ADH-AES128-SHA --u 1024 --f --a --v 2 --l ADH-AES128-SHA - # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 +-e -u 512 -f -v 3 -l DHE-RSA-CHACHA20-POLY1305 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 +-B 4000,471 -u 512 -f -v 3 -l DHE-RSA-CHACHA20-POLY1305 # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 +-e -u 512 -f -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 +-B 4000,471 -u 512 -f -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 +-e -u 512 -f -v 3 @@ -1107,6 +2370,7 @@ -k ./certs/ecc-key.pem # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 +-B 4000,471 -u 512 -f -v 3 @@ -1114,6 +2378,7 @@ -A ./certs/ca-ecc-cert.pem # server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 +-e -u 512 -f -v 3 @@ -1121,6 +2386,7 @@ -l DHE-PSK-CHACHA20-POLY1305 # client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 +-B 4000,471 -u 512 -f -v 3 @@ -1128,6 +2394,7 @@ -l DHE-PSK-CHACHA20-POLY1305 # server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 +-e -u 512 -f -v 3 @@ -1135,6 +2402,7 @@ -l ECDHE-PSK-CHACHA20-POLY1305 # client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 +-B 4000,471 -u 512 -f -v 3 @@ -1142,6 +2410,7 @@ -l ECDHE-PSK-CHACHA20-POLY1305 # server TLSv1.2 PSK-CHACHA20-POLY1305 +-e -u 512 -f -v 3 @@ -1149,6 +2418,7 @@ -l PSK-CHACHA20-POLY1305 # client TLSv1.2 PSK-CHACHA20-POLY1305 +-B 4000,471 -u 512 -f -v 3 @@ -1156,30 +2426,35 @@ -l PSK-CHACHA20-POLY1305 # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD +-e -u 512 -f -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD +-B 4000,471 -u 512 -f -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD +-e -u 512 -f -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD +-B 4000,471 -u 512 -f -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD +-e -u 512 -f -v 3 @@ -1188,12 +2463,981 @@ -k ./certs/ecc-key.pem # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD +-B 4000,471 -u 512 -f -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -A ./certs/ca-ecc-cert.pem +# server DTLSv1.1 ECDHE-RSA-DES3 +-e +-u 512 +-f +-v 2 +-l ECDHE-RSA-DES-CBC3-SHA + +# client DTLSv1.1 ECDHE-RSA-DES3 +-B 4000,446 +-u 512 +-f +-v 2 +-l ECDHE-RSA-DES-CBC3-SHA + +# server DTLSv1.1 ECDHE-RSA-AES128 +-e +-u 512 +-f +-v 2 +-l ECDHE-RSA-AES128-SHA + +# client DTLSv1.1 ECDHE-RSA-AES128 +-B 4000,422 +-u 512 +-f +-v 2 +-l ECDHE-RSA-AES128-SHA + +# server DTLSv1.1 ECDHE-RSA-AES256 +-e +-u 512 +-f +-v 2 +-l ECDHE-RSA-AES256-SHA + +# client DTLSv1.1 ECDHE-RSA-AES256 +-B 4000,422 +-u 512 +-f +-v 2 +-l ECDHE-RSA-AES256-SHA + +# server DTLSv1.2 ECDHE-RSA-DES3 +-e +-u 512 +-f +-v 3 +-l ECDHE-RSA-DES-CBC3-SHA + +# client DTLSv1.2 ECDHE-RSA-DES3 +-B 4000,446 +-u 512 +-f +-v 3 +-l ECDHE-RSA-DES-CBC3-SHA + +# server DTLSv1.2 ECDHE-RSA-AES128 +-e +-u 512 +-f +-v 3 +-l ECDHE-RSA-AES128-SHA + +# client DTLSv1.2 ECDHE-RSA-AES128 +-B 4000,422 +-u 512 +-f +-v 3 +-l ECDHE-RSA-AES128-SHA + +# server DTLSv1.2 ECDHE-RSA-AES128-SHA256 +-e +-u 512 +-f +-v 3 +-l ECDHE-RSA-AES128-SHA256 + +# client DTLSv1.2 ECDHE-RSA-AES128-SHA256 +-B 4000,410 +-u 512 +-f +-v 3 +-l ECDHE-RSA-AES128-SHA256 + +# server DTLSv1.2 ECDHE-RSA-AES256 +-e +-u 512 +-f +-v 3 +-l ECDHE-RSA-AES256-SHA + +# client DTLSv1.2 ECDHE-RSA-AES256 +-B 4000,422 +-u 512 +-f +-v 3 +-l ECDHE-RSA-AES256-SHA + +# server TLSv1 ECDHE-ECDSA-NULL-SHA +-e +-u 512 +-f +-v 1 +-l ECDHE-ECDSA-NULL-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDHE-ECDSA-NULL-SHA +-B 4000,467 +-u 512 +-f +-v 1 +-l ECDHE-ECDSA-NULL-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.1 ECDHE-ECDSA-NULL-SHA +-e +-u 512 +-f +-v 2 +-l ECDHE-ECDSA-NULL-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDHE-ECDSA-NULL-SHA +-B 4000,467 +-u 512 +-f +-v 2 +-l ECDHE-ECDSA-NULL-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-NULL-SHA +-e +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-NULL-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-NULL-SHA +-B 4000,467 +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-NULL-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.1 ECDHE-ECDSA-DES3 +-e +-u 512 +-f +-v 2 +-l ECDHE-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDHE-ECDSA-DES3 +-B 4000,446 +-u 512 +-f +-v 2 +-l ECDHE-ECDSA-DES-CBC3-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.1 ECDHE-ECDSA-AES128 +-e +-u 512 +-f +-v 2 +-l ECDHE-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDHE-ECDSA-AES128 +-B 4000,422 +-u 512 +-f +-v 2 +-l ECDHE-ECDSA-AES128-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.1 ECDHE-ECDSA-AES256 +-e +-u 512 +-f +-v 2 +-l ECDHE-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDHE-ECDSA-AES256 +-B 4000,422 +-u 512 +-f +-v 2 +-l ECDHE-ECDSA-AES256-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-DES3 +-e +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-DES3 +-B 4000,446 +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-DES-CBC3-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES128 +-e +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128 +-B 4000,422 +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES128-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 +-e +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES128-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 +-B 4000,410 +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES128-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES256 +-e +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256 +-B 4000,422 +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES256-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.1 ECDH-RSA-DES3 +-e +-u 512 +-f +-v 2 +-l ECDH-RSA-DES-CBC3-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-RSA-DES3 +-B 4000,446 +-u 512 +-f +-v 2 +-l ECDH-RSA-DES-CBC3-SHA + +# server DTLSv1.1 ECDH-RSA-AES128 +-e +-u 512 +-f +-v 2 +-l ECDH-RSA-AES128-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-RSA-AES128 +-B 4000,422 +-u 512 +-f +-v 2 +-l ECDH-RSA-AES128-SHA + +# server DTLSv1.1 ECDH-RSA-AES256 +-e +-u 512 +-f +-v 2 +-l ECDH-RSA-AES256-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-RSA-AES256 +-B 4000,422 +-u 512 +-f +-v 2 +-l ECDH-RSA-AES256-SHA + +# server DTLSv1.2 ECDH-RSA-DES3 +-e +-u 512 +-f +-v 3 +-l ECDH-RSA-DES-CBC3-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-DES3 +-B 4000,446 +-u 512 +-f +-v 3 +-l ECDH-RSA-DES-CBC3-SHA + +# server DTLSv1.2 ECDH-RSA-AES128 +-e +-u 512 +-f +-v 3 +-l ECDH-RSA-AES128-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES128 +-B 4000,422 +-u 512 +-f +-v 3 +-l ECDH-RSA-AES128-SHA + +# server DTLSv1.2 ECDH-RSA-AES128-SHA256 +-e +-u 512 +-f +-v 3 +-l ECDH-RSA-AES128-SHA256 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES128-SHA256 +-B 4000,410 +-u 512 +-f +-v 3 +-l ECDH-RSA-AES128-SHA256 + +# server DTLSv1.2 ECDH-RSA-AES256 +-e +-u 512 +-f +-v 3 +-l ECDH-RSA-AES256-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES256 +-B 4000,422 +-u 512 +-f +-v 3 +-l ECDH-RSA-AES256-SHA + +# server DTLSv1.1 ECDH-ECDSA-DES3 +-e +-u 512 +-f +-v 2 +-l ECDH-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-ECDSA-DES3 +-B 4000,446 +-u 512 +-f +-v 2 +-l ECDH-ECDSA-DES-CBC3-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.1 ECDH-ECDSA-AES128 +-e +-u 512 +-f +-v 2 +-l ECDH-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-ECDSA-AES128 +-B 4000,422 +-u 512 +-f +-v 2 +-l ECDH-ECDSA-AES128-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.1 ECDH-ECDSA-AES256 +-e +-u 512 +-f +-v 2 +-l ECDH-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-ECDSA-AES256 +-B 4000,422 +-u 512 +-f +-v 2 +-l ECDH-ECDSA-AES256-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-ECDSA-DES3 +-e +-u 512 +-f +-v 3 +-l ECDH-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-DES3 +-B 4000,446 +-u 512 +-f +-v 3 +-l ECDH-ECDSA-DES-CBC3-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-ECDSA-AES128 +-e +-u 512 +-f +-v 3 +-l ECDH-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES128 +-B 4000,422 +-u 512 +-f +-v 3 +-l ECDH-ECDSA-AES128-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-ECDSA-AES128-SHA256 +-e +-u 512 +-f +-v 3 +-l ECDH-ECDSA-AES128-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES128-SHA256 +-B 4000,410 +-u 512 +-f +-v 3 +-l ECDH-ECDSA-AES128-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-ECDSA-AES256 +-e +-u 512 +-f +-v 3 +-l ECDH-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES256 +-B 4000,422 +-u 512 +-f +-v 3 +-l ECDH-ECDSA-AES256-SHA +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-RSA-AES256-SHA384 +-e +-u 512 +-f +-v 3 +-l ECDHE-RSA-AES256-SHA384 + +# client DTLSv1.2 ECDHE-RSA-AES256-SHA384 +-B 4000,394 +-u 512 +-f +-v 3 +-l ECDHE-RSA-AES256-SHA384 + +# server DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 +-e +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES256-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 +-B 4000,394 +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES256-SHA384 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-RSA-AES256-SHA384 +-e +-u 512 +-f +-v 3 +-l ECDH-RSA-AES256-SHA384 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES256-SHA384 +-B 4000,394 +-u 512 +-f +-v 3 +-l ECDH-RSA-AES256-SHA384 + +# server DTLSv1.2 ECDH-ECDSA-AES256-SHA384 +-e +-u 512 +-f +-v 3 +-l ECDH-ECDSA-AES256-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES256-SHA384 +-B 4000,394 +-u 512 +-f +-v 3 +-l ECDH-ECDSA-AES256-SHA384 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-PSK-AES128-CBC-SHA256 +-e +-s +-u 512 +-f +-v 3 +-l ECDHE-PSK-AES128-CBC-SHA256 + +# client TLSv1.2 ECDHE-PSK-AES128-CBC-SHA256 +-B 4000,410 +-s +-u 512 +-f +-v 3 +-l ECDHE-PSK-AES128-CBC-SHA256 + +# server TLSv1.2 ECDHE-PSK-NULL-SHA256 +-e +-s +-u 512 +-f +-v 3 +-l ECDHE-PSK-NULL-SHA256 + +# client TLSv1.2 ECDHE-PSK-NULL-SHA256 +-B 4000,455 +-s +-u 512 +-f +-v 3 +-l ECDHE-PSK-NULL-SHA256 + +# server DTLSv1 PSK-AES128 +-e +-s +-u 512 +-f +-v 2 +-l PSK-AES128-CBC-SHA + +# client DTLSv1 PSK-AES128 +-B 4000,422 +-s +-u 512 +-f +-v 2 +-l PSK-AES128-CBC-SHA + +# server DTLSv1 PSK-AES256 +-e +-s +-u 512 +-f +-v 2 +-l PSK-AES256-CBC-SHA + +# client DTLSv1 PSK-AES256 +-B 4000,422 +-s +-u 512 +-f +-v 2 +-l PSK-AES256-CBC-SHA + +# server DTLSv1.2 PSK-AES128 +-e +-s +-u 512 +-f +-v 3 +-l PSK-AES128-CBC-SHA + +# client DTLSv1.2 PSK-AES128 +-B 4000,422 +-s +-u 512 +-f +-v 3 +-l PSK-AES128-CBC-SHA + +# server DTLSv1.2 PSK-AES256 +-e +-s +-u 512 +-f +-v 3 +-l PSK-AES256-CBC-SHA + +# client DTLSv1.2 PSK-AES256 +-B 4000,422 +-s +-u 512 +-f +-v 3 +-l PSK-AES256-CBC-SHA + +# server DTLSv1.2 PSK-AES128-SHA256 +-e +-s +-u 512 +-f +-v 3 +-l PSK-AES128-CBC-SHA256 + +# client DTLSv1.2 PSK-AES128-SHA256 +-B 4000,410 +-s +-u 512 +-f +-v 3 +-l PSK-AES128-CBC-SHA256 + +# server DTLSv1.2 PSK-AES256-SHA384 +-e +-s +-u 512 +-f +-v 3 +-l PSK-AES256-CBC-SHA384 + +# client DTLSv1.2 PSK-AES256-SHA384 +-B 4000,394 +-s +-u 512 +-f +-v 3 +-l PSK-AES256-CBC-SHA384 + +# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 +-e +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 +-B 4000,463 +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-e +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-B 4000,463 +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 +-e +-u 512 +-f +-v 3 +-l ECDH-ECDSA-AES128-GCM-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 +-B 4000,463 +-u 512 +-f +-v 3 +-l ECDH-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 +-e +-u 512 +-f +-v 3 +-l ECDH-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 +-B 4000,463 +-u 512 +-f +-v 3 +-l ECDH-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 +-e +-u 512 +-f +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 + +# client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 +-B 4000,463 +-u 512 +-f +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 + +# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-e +-u 512 +-f +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-B 4000,463 +-u 512 +-f +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 +-e +-u 512 +-f +-v 3 +-l ECDH-RSA-AES128-GCM-SHA256 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 +-B 4000,463 +-u 512 +-f +-v 3 +-l ECDH-RSA-AES128-GCM-SHA256 + +# server DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 +-e +-u 512 +-f +-v 3 +-l ECDH-RSA-AES256-GCM-SHA384 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 +-B 4000,463 +-u 512 +-f +-v 3 +-l ECDH-RSA-AES256-GCM-SHA384 + +# server DTLSv1.2 PSK-AES128-GCM-SHA256 +-e +-u 512 +-f +-s +-v 3 +-l PSK-AES128-GCM-SHA256 + +# client DTLSv1.2 PSK-AES128-GCM-SHA256 +-B 4000,463 +-u 512 +-f +-s +-v 3 +-l PSK-AES128-GCM-SHA256 + +# server DTLSv1.2 PSK-AES256-GCM-SHA384 +-e +-u 512 +-f +-s +-v 3 +-l PSK-AES256-GCM-SHA384 + +# client DTLSv1.2 PSK-AES256-GCM-SHA384 +-B 4000,463 +-u 512 +-f +-s +-v 3 +-l PSK-AES256-GCM-SHA384 + +# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM +-e +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES128-CCM +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM +-B 4000,463 +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES128-CCM +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 +-e +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 +-B 4000,471 +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 +-e +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 +-B 4000,471 +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias) +-e +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES128-CCM8 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias) +-B 4000,471 +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES128-CCM8 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias) +-e +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES256-CCM8 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias) +-B 4000,471 +-u 512 +-f +-v 3 +-l ECDHE-ECDSA-AES256-CCM8 +-A ./certs/ca-ecc-cert.pem + +# server DTLSv1.2 ADH-AES128-SHA +-e +-u 512 +-f +-a +-v 3 +-l ADH-AES128-SHA + +# client DTLSv1.2 ADH-AES128-SHA +-B 4000,422 +-u 512 +-f +-a +-v 3 +-l ADH-AES128-SHA + +# server DTLSv1.0 ADH-AES128-SHA +-e +-u 512 +-f +-a +-v 2 +-l ADH-AES128-SHA + +# client DTLSv1.0 ADH-AES128-SHA +-B 4000,422 +-u 512 +-f +-a +-v 2 +-l ADH-AES128-SHA + # server DTLSv1 IDEA-CBC-SHA -u 512 -f @@ -1301,851 +3545,3 @@ -f -v 3 -l AES256-SHA256 - -# server DTLSv1.1 ECDHE-RSA-DES3 --u 512 --f --v 2 --l ECDHE-RSA-DES-CBC3-SHA - -# client DTLSv1.1 ECDHE-RSA-DES3 --u 512 --f --v 2 --l ECDHE-RSA-DES-CBC3-SHA - -# server DTLSv1.1 ECDHE-RSA-AES128 --u 512 --f --v 2 --l ECDHE-RSA-AES128-SHA - -# client DTLSv1.1 ECDHE-RSA-AES128 --u 512 --f --v 2 --l ECDHE-RSA-AES128-SHA - -# server DTLSv1.1 ECDHE-RSA-AES256 --u 512 --f --v 2 --l ECDHE-RSA-AES256-SHA - -# client DTLSv1.1 ECDHE-RSA-AES256 --u 512 --f --v 2 --l ECDHE-RSA-AES256-SHA - -# server DTLSv1.2 ECDHE-RSA-DES3 --u 512 --f --v 3 --l ECDHE-RSA-DES-CBC3-SHA - -# client DTLSv1.2 ECDHE-RSA-DES3 --u 512 --f --v 3 --l ECDHE-RSA-DES-CBC3-SHA - -# server DTLSv1.2 ECDHE-RSA-AES128 --u 512 --f --v 3 --l ECDHE-RSA-AES128-SHA - -# client DTLSv1.2 ECDHE-RSA-AES128 --u 512 --f --v 3 --l ECDHE-RSA-AES128-SHA - -# server DTLSv1.2 ECDHE-RSA-AES128-SHA256 --u 512 --f --v 3 --l ECDHE-RSA-AES128-SHA256 - -# client DTLSv1.2 ECDHE-RSA-AES128-SHA256 --u 512 --f --v 3 --l ECDHE-RSA-AES128-SHA256 - -# server DTLSv1.2 ECDHE-RSA-AES256 --u 512 --f --v 3 --l ECDHE-RSA-AES256-SHA - -# client DTLSv1.2 ECDHE-RSA-AES256 --u 512 --f --v 3 --l ECDHE-RSA-AES256-SHA - -# server TLSv1 ECDHE-ECDSA-NULL-SHA --u 512 --f --v 1 --l ECDHE-ECDSA-NULL-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client TLSv1 ECDHE-ECDSA-NULL-SHA --u 512 --f --v 1 --l ECDHE-ECDSA-NULL-SHA --A ./certs/ca-ecc-cert.pem - -# server TLSv1.1 ECDHE-ECDSA-NULL-SHA --u 512 --f --v 2 --l ECDHE-ECDSA-NULL-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client TLSv1 ECDHE-ECDSA-NULL-SHA --u 512 --f --v 2 --l ECDHE-ECDSA-NULL-SHA --A ./certs/ca-ecc-cert.pem - -# server TLSv1.2 ECDHE-ECDSA-NULL-SHA --u 512 --f --v 3 --l ECDHE-ECDSA-NULL-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client TLSv1.2 ECDHE-ECDSA-NULL-SHA --u 512 --f --v 3 --l ECDHE-ECDSA-NULL-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.1 ECDHE-ECDSA-DES3 --u 512 --f --v 2 --l ECDHE-ECDSA-DES-CBC3-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.1 ECDHE-ECDSA-DES3 --u 512 --f --v 2 --l ECDHE-ECDSA-DES-CBC3-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.1 ECDHE-ECDSA-AES128 --u 512 --f --v 2 --l ECDHE-ECDSA-AES128-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.1 ECDHE-ECDSA-AES128 --u 512 --f --v 2 --l ECDHE-ECDSA-AES128-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.1 ECDHE-ECDSA-AES256 --u 512 --f --v 2 --l ECDHE-ECDSA-AES256-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.1 ECDHE-ECDSA-AES256 --u 512 --f --v 2 --l ECDHE-ECDSA-AES256-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-ECDSA-DES3 --u 512 --f --v 3 --l ECDHE-ECDSA-DES-CBC3-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-DES3 --u 512 --f --v 3 --l ECDHE-ECDSA-DES-CBC3-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-ECDSA-AES128 --u 512 --f --v 3 --l ECDHE-ECDSA-AES128-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES128 --u 512 --f --v 3 --l ECDHE-ECDSA-AES128-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 --u 512 --f --v 3 --l ECDHE-ECDSA-AES128-SHA256 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 --u 512 --f --v 3 --l ECDHE-ECDSA-AES128-SHA256 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-ECDSA-AES256 --u 512 --f --v 3 --l ECDHE-ECDSA-AES256-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES256 --u 512 --f --v 3 --l ECDHE-ECDSA-AES256-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.1 ECDH-RSA-DES3 --u 512 --f --v 2 --l ECDH-RSA-DES-CBC3-SHA --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.1 ECDH-RSA-DES3 --u 512 --f --v 2 --l ECDH-RSA-DES-CBC3-SHA - -# server DTLSv1.1 ECDH-RSA-AES128 --u 512 --f --v 2 --l ECDH-RSA-AES128-SHA --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.1 ECDH-RSA-AES128 --u 512 --f --v 2 --l ECDH-RSA-AES128-SHA - -# server DTLSv1.1 ECDH-RSA-AES256 --u 512 --f --v 2 --l ECDH-RSA-AES256-SHA --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.1 ECDH-RSA-AES256 --u 512 --f --v 2 --l ECDH-RSA-AES256-SHA - -# server DTLSv1.2 ECDH-RSA-DES3 --u 512 --f --v 3 --l ECDH-RSA-DES-CBC3-SHA --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-RSA-DES3 --u 512 --f --v 3 --l ECDH-RSA-DES-CBC3-SHA - -# server DTLSv1.2 ECDH-RSA-AES128 --u 512 --f --v 3 --l ECDH-RSA-AES128-SHA --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-RSA-AES128 --u 512 --f --v 3 --l ECDH-RSA-AES128-SHA - -# server DTLSv1.2 ECDH-RSA-AES128-SHA256 --u 512 --f --v 3 --l ECDH-RSA-AES128-SHA256 --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-RSA-AES128-SHA256 --u 512 --f --v 3 --l ECDH-RSA-AES128-SHA256 - -# server DTLSv1.2 ECDH-RSA-AES256 --u 512 --f --v 3 --l ECDH-RSA-AES256-SHA --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-RSA-AES256 --u 512 --f --v 3 --l ECDH-RSA-AES256-SHA - -# server DTLSv1.1 ECDH-ECDSA-DES3 --u 512 --f --v 2 --l ECDH-ECDSA-DES-CBC3-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.1 ECDH-ECDSA-DES3 --u 512 --f --v 2 --l ECDH-ECDSA-DES-CBC3-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.1 ECDH-ECDSA-AES128 --u 512 --f --v 2 --l ECDH-ECDSA-AES128-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.1 ECDH-ECDSA-AES128 --u 512 --f --v 2 --l ECDH-ECDSA-AES128-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.1 ECDH-ECDSA-AES256 --u 512 --f --v 2 --l ECDH-ECDSA-AES256-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.1 ECDH-ECDSA-AES256 --u 512 --f --v 2 --l ECDH-ECDSA-AES256-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDH-ECDSA-DES3 --u 512 --f --v 3 --l ECDH-ECDSA-DES-CBC3-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-ECDSA-DES3 --u 512 --f --v 3 --l ECDH-ECDSA-DES-CBC3-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDH-ECDSA-AES128 --u 512 --f --v 3 --l ECDH-ECDSA-AES128-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-ECDSA-AES128 --u 512 --f --v 3 --l ECDH-ECDSA-AES128-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDH-ECDSA-AES128-SHA256 --u 512 --f --v 3 --l ECDH-ECDSA-AES128-SHA256 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-ECDSA-AES128-SHA256 --u 512 --f --v 3 --l ECDH-ECDSA-AES128-SHA256 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDH-ECDSA-AES256 --u 512 --f --v 3 --l ECDH-ECDSA-AES256-SHA --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-ECDSA-AES256 --u 512 --f --v 3 --l ECDH-ECDSA-AES256-SHA --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-RSA-AES256-SHA384 --u 512 --f --v 3 --l ECDHE-RSA-AES256-SHA384 - -# client DTLSv1.2 ECDHE-RSA-AES256-SHA384 --u 512 --f --v 3 --l ECDHE-RSA-AES256-SHA384 - -# server DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 --u 512 --f --v 3 --l ECDHE-ECDSA-AES256-SHA384 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 --u 512 --f --v 3 --l ECDHE-ECDSA-AES256-SHA384 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDH-RSA-AES256-SHA384 --u 512 --f --v 3 --l ECDH-RSA-AES256-SHA384 --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-RSA-AES256-SHA384 --u 512 --f --v 3 --l ECDH-RSA-AES256-SHA384 - -# server DTLSv1.2 ECDH-ECDSA-AES256-SHA384 --u 512 --f --v 3 --l ECDH-ECDSA-AES256-SHA384 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-ECDSA-AES256-SHA384 --u 512 --f --v 3 --l ECDH-ECDSA-AES256-SHA384 --A ./certs/ca-ecc-cert.pem - -# server TLSv1.2 ECDHE-PSK-AES128-SHA256 --s --u 512 --f --v 3 --l ECDHE-PSK-AES128-SHA256 - -# client TLSv1.2 ECDHE-PSK-AES128-SHA256 --s --u 512 --f --v 3 --l ECDHE-PSK-AES128-SHA256 - -# server TLSv1.2 ECDHE-PSK-NULL-SHA256 --s --u 512 --f --v 3 --l ECDHE-PSK-NULL-SHA256 - -# client TLSv1.2 ECDHE-PSK-NULL-SHA256 --s --u 512 --f --v 3 --l ECDHE-PSK-NULL-SHA256 - -# server DTLSv1 PSK-AES128 --s --u 512 --f --v 2 --l PSK-AES128-CBC-SHA - -# client DTLSv1 PSK-AES128 --s --u 512 --f --v 2 --l PSK-AES128-CBC-SHA - -# server DTLSv1 PSK-AES256 --s --u 512 --f --v 2 --l PSK-AES256-CBC-SHA - -# client DTLSv1 PSK-AES256 --s --u 512 --f --v 2 --l PSK-AES256-CBC-SHA - -# server DTLSv1.2 PSK-AES128 --s --u 512 --f --v 3 --l PSK-AES128-CBC-SHA - -# client DTLSv1.2 PSK-AES128 --s --u 512 --f --v 3 --l PSK-AES128-CBC-SHA - -# server DTLSv1.2 PSK-AES256 --s --u 512 --f --v 3 --l PSK-AES256-CBC-SHA - -# client DTLSv1.2 PSK-AES256 --s --u 512 --f --v 3 --l PSK-AES256-CBC-SHA - -# server DTLSv1.2 PSK-AES128-SHA256 --s --u 512 --f --v 3 --l PSK-AES128-CBC-SHA256 - -# client DTLSv1.2 PSK-AES128-SHA256 --s --u 512 --f --v 3 --l PSK-AES128-CBC-SHA256 - -# server DTLSv1.2 PSK-AES256-SHA384 --s --u 512 --f --v 3 --l PSK-AES256-CBC-SHA384 - -# client DTLSv1.2 PSK-AES256-SHA384 --s --u 512 --f --v 3 --l PSK-AES256-CBC-SHA384 - -# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 --u 512 --f --v 3 --l ECDHE-ECDSA-AES128-GCM-SHA256 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 --u 512 --f --v 3 --l ECDHE-ECDSA-AES128-GCM-SHA256 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 --u 512 --f --v 3 --l ECDHE-ECDSA-AES256-GCM-SHA384 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 --u 512 --f --v 3 --l ECDHE-ECDSA-AES256-GCM-SHA384 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 --u 512 --f --v 3 --l ECDH-ECDSA-AES128-GCM-SHA256 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 --u 512 --f --v 3 --l ECDH-ECDSA-AES128-GCM-SHA256 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 --u 512 --f --v 3 --l ECDH-ECDSA-AES256-GCM-SHA384 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 --u 512 --f --v 3 --l ECDH-ECDSA-AES256-GCM-SHA384 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 --u 512 --f --v 3 --l ECDHE-RSA-AES128-GCM-SHA256 - -# client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 --u 512 --f --v 3 --l ECDHE-RSA-AES128-GCM-SHA256 - -# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 --u 512 --f --v 3 --l ECDHE-RSA-AES256-GCM-SHA384 - -# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 --u 512 --f --v 3 --l ECDHE-RSA-AES256-GCM-SHA384 - -# server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 --u 512 --f --v 3 --l ECDH-RSA-AES128-GCM-SHA256 --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 --u 512 --f --v 3 --l ECDH-RSA-AES128-GCM-SHA256 - -# server DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 --u 512 --f --v 3 --l ECDH-RSA-AES256-GCM-SHA384 --c ./certs/server-ecc-rsa.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 --u 512 --f --v 3 --l ECDH-RSA-AES256-GCM-SHA384 - -# server DTLSv1.2 PSK-AES128-GCM-SHA256 --u 512 --f --s --v 3 --l PSK-AES128-GCM-SHA256 - -# client DTLSv1.2 PSK-AES128-GCM-SHA256 --u 512 --f --s --v 3 --l PSK-AES128-GCM-SHA256 - -# server DTLSv1.2 PSK-AES256-GCM-SHA384 --u 512 --f --s --v 3 --l PSK-AES256-GCM-SHA384 - -# client DTLSv1.2 PSK-AES256-GCM-SHA384 --u 512 --f --s --v 3 --l PSK-AES256-GCM-SHA384 - -# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM --u 512 --f --v 3 --l ECDHE-ECDSA-AES128-CCM --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM --u 512 --f --v 3 --l ECDHE-ECDSA-AES128-CCM --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 --u 512 --f --v 3 --l ECDHE-ECDSA-AES128-CCM-8 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 --u 512 --f --v 3 --l ECDHE-ECDSA-AES128-CCM-8 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 --u 512 --f --v 3 --l ECDHE-ECDSA-AES256-CCM-8 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 --u 512 --f --v 3 --l ECDHE-ECDSA-AES256-CCM-8 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias) --u 512 --f --v 3 --l ECDHE-ECDSA-AES128-CCM8 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias) --u 512 --f --v 3 --l ECDHE-ECDSA-AES128-CCM8 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias) --u 512 --f --v 3 --l ECDHE-ECDSA-AES256-CCM8 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias) --u 512 --f --v 3 --l ECDHE-ECDSA-AES256-CCM8 --A ./certs/ca-ecc-cert.pem - -# server DTLSv1.2 ADH-AES128-SHA --u 512 --f --a --v 3 --l ADH-AES128-SHA - -# client DTLSv1.2 ADH-AES128-SHA --u 512 --f --a --v 3 --l ADH-AES128-SHA - -# server DTLSv1.0 ADH-AES128-SHA --u 512 --f --a --v 2 --l ADH-AES128-SHA - -# client DTLSv1.0 ADH-AES128-SHA --u 512 --f --a --v 2 --l ADH-AES128-SHA diff --git a/tests/unit.c b/tests/unit.c index d5a1f375c..e3f29528b 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -122,11 +122,16 @@ int unit_test(int argc, char** argv) } #endif - ApiTest(); +#ifdef WOLFSSL_ALLOW_SKIP_UNIT_TESTS + if (argc == 1) +#endif + { + ApiTest(); - if ( (ret = HashTest()) != 0){ - printf("hash test failed with %d\n", ret); - goto exit; + if ( (ret = HashTest()) != 0){ + printf("hash test failed with %d\n", ret); + goto exit; + } } #ifndef NO_WOLFSSL_CIPHER_SUITE_TEST From adee6a86d155a70ff966459c75da1dbe230574d3 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 28 Oct 2021 20:53:58 +0200 Subject: [PATCH 7/7] Return the close notify error when expecting an error. --- examples/server/server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/server/server.c b/examples/server/server.c index 048bf9e70..cd1a79132 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -3180,7 +3180,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) } else if (err == 0 || err == WOLFSSL_ERROR_ZERO_RETURN) { err = ServerEchoData(ssl, clientfd, echoData, block, throughput); - if (err == WOLFSSL_ERROR_ZERO_RETURN) /* Got close notify */ + if (err == WOLFSSL_ERROR_ZERO_RETURN && runWithErrors == 1) /* Got close notify */ err = 0; if (err != 0) { SSL_free(ssl); ssl = NULL;