From 9733076fe091c366f4f6c31d75a664114ab430de Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 21 Dec 2018 08:20:04 -0800 Subject: [PATCH 1/4] Fixes and cleanups for processing peer certificates: * Fix with `WOLFSSL_ALT_CERT_CHAINS` to resolve issue with using a trusted intermediate to validate a partial chain. With the alt cert chain enabled a CA may fail with only `ASN_NO_SIGNER_E` and the connection is allowed if the peer's certificate validates to a trusted CA. Eliminates overly complex 1 deep error alternate chain detection logic. Resolves ZD 4525. * Refactor and cleanup of ProcessPeerPerts to combine duplicate code and improve code commenting. * Fix for CA path len check in `ParseCertRelative` to always check for self-signed case (was previously only in NO_SKID case). * Improvement to include self-signed flag in the DecodedCert struct. --- src/internal.c | 717 +++++++++++++++++----------------------- wolfcrypt/src/asn.c | 30 +- wolfssl/wolfcrypt/asn.h | 1 + 3 files changed, 325 insertions(+), 423 deletions(-) diff --git a/src/internal.c b/src/internal.c index 59efc5a3e..6d16042ef 100644 --- a/src/internal.c +++ b/src/internal.c @@ -30,7 +30,13 @@ /* * WOLFSSL_SMALL_CERT_VERIFY: * Verify the certificate signature without using DecodedCert. Doubles up - * on some code but allows smaller dynamic memory usage. + * on some code but allows smaller peak heap memory usage. + * Cannot be used with WOLFSSL_NONBLOCK_OCSP. + * WOLFSSL_ALT_CERT_CHAINS: + * Allows CA's to be presented by peer, but not part of a valid chain. + * Default wolfSSL behavior is to require validation of all presented peer + * certificates. This also allows loading intermediate CA's as trusted + * and ignoring no signer failures for CA's up the chain to root. */ #ifndef WOLFCRYPT_ONLY @@ -8546,13 +8552,10 @@ typedef struct ProcPeerCertArgs { int count; int certIdx; int lastErr; -#ifdef WOLFSSL_ALT_CERT_CHAINS - int lastCaErr; -#endif #ifdef WOLFSSL_TLS13 byte ctxSz; #endif -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#ifdef OPENSSL_EXTRA char untrustedDepth; #endif word16 fatal:1; @@ -8779,10 +8782,187 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs) } } +static int ProcessPeerCertParse(WOLFSSL* ssl, ProcPeerCertArgs* args, + int certType, int verify, byte** pSubjectHash, int* pAlreadySigner) +{ + int ret = 0; + buffer* cert; + byte* subjectHash = NULL; + int alreadySigner = 0; +#ifdef WOLFSSL_SMALL_CERT_VERIFY + int sigRet = 0; +#endif + + if (ssl == NULL || args == NULL) + return BAD_FUNC_ARG; + + /* check to make sure certificate index is valid */ + if (args->certIdx > args->count) + return BUFFER_E; + + /* check if returning from non-blocking OCSP */ + /* skip this section because cert is already initialized and parsed */ +#ifdef WOLFSSL_NONBLOCK_OCSP + if (args->lastErr == OCSP_WANT_READ) { + args->lastErr = 0; /* clear error */ + return 0; + } +#endif + +#ifdef WOLFSSL_TRUST_PEER_CERT + /* we have trusted peer */ + if (args->haveTrustPeer) { + return 0; + } +#endif + + /* get certificate buffer */ + cert = &args->certs[args->certIdx]; + +#ifdef WOLFSSL_SMALL_CERT_VERIFY + if (verify == VERIFY) { + /* for small cert verify, release decoded cert during signature check to + reduce peak memory usage */ + if (args->dCert != NULL) { + if (args->dCertInit) { + FreeDecodedCert(args->dCert); + args->dCertInit = 0; + } + XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_DCERT); + args->dCert = NULL; + } + + /* perform cert parsing and signature check */ + sigRet = CheckCertSignature(cert->buffer, cert->length, + ssl->heap, ssl->ctx->cm); + /* fail on errors here after the ParseCertRelative call, so dCert is populated */ + + /* verify name only in ParseCertRelative below, signature check done */ + verify = VERIFY_NAME; + } +#endif /* WOLFSSL_SMALL_CERT_VERIFY */ + + /* make sure the decoded cert structure is allocated and initialized */ + if (!args->dCertInit) { + #ifdef WOLFSSL_SMALL_CERT_VERIFY + if (args->dCert == NULL) { + args->dCert = (DecodedCert*)XMALLOC( + sizeof(DecodedCert), ssl->heap, + DYNAMIC_TYPE_DCERT); + if (args->dCert == NULL) { + return MEMORY_E; + } + } + #endif + + InitDecodedCert(args->dCert, cert->buffer, cert->length, ssl->heap); + + args->dCertInit = 1; + args->dCert->sigCtx.devId = ssl->devId; + #ifdef WOLFSSL_ASYNC_CRYPT + args->dCert->sigCtx.asyncCtx = ssl; + #endif + + #ifdef HAVE_PK_CALLBACKS + /* setup the PK callback context */ + ret = InitSigPkCb(ssl, &args->dCert->sigCtx); + if (ret != 0) + return ret; + #endif + } + + /* Parse Certificate */ + ret = ParseCertRelative(args->dCert, certType, verify, ssl->ctx->cm); + if (ret == 0) { + /* get subject and determine if already loaded */ + #ifndef NO_SKID + if (args->dCert->extAuthKeyIdSet) + subjectHash = args->dCert->extSubjKeyId; + else + #endif + subjectHash = args->dCert->subjectHash; + alreadySigner = AlreadySigner(ssl->ctx->cm, subjectHash); + } + +#ifdef WOLFSSL_SMALL_CERT_VERIFY + /* get signature check failures from above */ + if (ret == 0) + ret = sigRet; +#endif + + if (pSubjectHash) + *pSubjectHash = subjectHash; + if (pAlreadySigner) + *pAlreadySigner = alreadySigner; + +#ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_PENDING_E) { + ret = wolfSSL_AsyncPush(ssl, + args->dCert->sigCtx.asyncDev); + } +#endif + + return ret; +} + +/* Check key sizes for certs. Is redundant check since + ProcessBuffer also performs this check. */ +static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args) +{ + int ret = 0; + + if (ssl->options.verifyNone) { + return ret; + } + + switch (args->dCert->keyOID) { + #ifndef NO_RSA + case RSAk: + if (ssl->options.minRsaKeySz < 0 || + args->dCert->pubKeySize < + (word16)ssl->options.minRsaKeySz) { + WOLFSSL_MSG( + "RSA key size in cert chain error"); + ret = RSA_KEY_SIZE_E; + } + break; + #endif /* !NO_RSA */ + #ifdef HAVE_ECC + case ECDSAk: + if (ssl->options.minEccKeySz < 0 || + args->dCert->pubKeySize < + (word16)ssl->options.minEccKeySz) { + WOLFSSL_MSG( + "ECC key size in cert chain error"); + ret = ECC_KEY_SIZE_E; + } + break; + #endif /* HAVE_ECC */ + #ifdef HAVE_ED25519 + case ED25519k: + if (ssl->options.minEccKeySz < 0 || + ED25519_KEY_SIZE < + (word16)ssl->options.minEccKeySz) { + WOLFSSL_MSG( + "ECC key size in cert chain error"); + ret = ECC_KEY_SIZE_E; + } + break; + #endif /* HAVE_ED25519 */ + default: + WOLFSSL_MSG("Key size not checked"); + /* key not being checked for size if not in + switch */ + break; + } + + return ret; +} + int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz) { - int ret = 0, sigRet = 0; + int ret = 0; #ifdef WOLFSSL_ASYNC_CRYPT ProcPeerCertArgs* args = (ProcPeerCertArgs*)ssl->async.args; typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1]; @@ -8794,11 +8974,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, #else ProcPeerCertArgs args[1]; #endif - - buffer* cert; -#ifdef WOLFSSL_TRUST_PEER_CERT - byte haveTrustPeer = 0; /* was cert verified by loaded trusted peer cert */ -#endif + byte* subjectHash = NULL; + int alreadySigner = 0; WOLFSSL_ENTER("ProcessPeerCerts"); @@ -8931,6 +9108,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } XMEMSET(args->certs, 0, sizeof(buffer) * MAX_CHAIN_DEPTH); #endif /* OPENSSL_EXTRA */ + /* Certificate List */ if ((args->idx - args->begin) + OPAQUE24_LEN > totalSz) { ERROR_OUT(BUFFER_ERROR, exit_ppc); @@ -9012,16 +9190,16 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } /* while (listSz) */ args->count = args->totalCerts; - args->certIdx = 0; + args->certIdx = 0; /* select peer cert (first one) */ args->dCertInit = 0; -#ifndef WOLFSSL_SMALL_CERT_VERIFY + #ifndef WOLFSSL_SMALL_CERT_VERIFY args->dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap, DYNAMIC_TYPE_DCERT); if (args->dCert == NULL) { ERROR_OUT(MEMORY_E, exit_ppc); } -#endif + #endif /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_BUILD; @@ -9031,343 +9209,129 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, case TLS_ASYNC_BUILD: { if (args->count > 0) { - #ifdef WOLFSSL_TRUST_PEER_CERT + + /* check for trusted peer and get untrustedDepth */ + #if defined(WOLFSSL_TRUST_PEER_CERT) || defined(OPENSSL_EXTRA) if (args->certIdx == 0) { - /* if using trusted peer certs check before verify chain - and CA test */ + #ifdef WOLFSSL_TRUST_PEER_CERT TrustedPeerCert* tp; - - cert = &args->certs[args->certIdx]; - - if (!args->dCertInit) { -#ifdef WOLFSSL_SMALL_CERT_VERIFY - if (args->dCert == NULL) { - args->dCert = (DecodedCert*)XMALLOC( - sizeof(DecodedCert), ssl->heap, - DYNAMIC_TYPE_DCERT); - if (args->dCert == NULL) { - ERROR_OUT(MEMORY_E, exit_ppc); - } - } -#endif - - InitDecodedCert(args->dCert, - cert->buffer, cert->length, ssl->heap); - args->dCert->sigCtx.devId = ssl->devId; /* setup async dev */ - #ifdef WOLFSSL_ASYNC_CRYPT - args->dCert->sigCtx.asyncCtx = ssl; - #endif - args->dCertInit = 1; - #ifdef HAVE_PK_CALLBACKS - ret = InitSigPkCb(ssl, &args->dCert->sigCtx); - if (ret != 0) - goto exit_ppc; - #endif - } - - ret = ParseCertRelative(args->dCert, CERT_TYPE, 0, - ssl->ctx->cm); - #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { - ret = wolfSSL_AsyncPush(ssl, - args->dCert->sigCtx.asyncDev); - goto exit_ppc; - } + int matchType = WC_MATCH_NAME; #endif + + ret = ProcessPeerCertParse(ssl, args, CERT_TYPE, NO_VERIFY, + &subjectHash, &alreadySigner); if (ret != 0) goto exit_ppc; - #ifndef NO_SKID - if (args->dCert->extAuthKeyIdSet) { - tp = GetTrustedPeer(ssl->ctx->cm, - args->dCert->extSubjKeyId, WC_MATCH_SKID); + #ifdef OPENSSL_EXTRA + /* Determine untrusted depth */ + if (!alreadySigner) { + args->untrustedDepth = 1; } - else { /* if the cert has no SKID try to match by name */ - tp = GetTrustedPeer(ssl->ctx->cm, - args->dCert->subjectHash, WC_MATCH_NAME); - } - #else /* NO_SKID */ - tp = GetTrustedPeer(ssl->ctx->cm, args->dCert->subjectHash, - WC_MATCH_NAME); - #endif /* NO SKID */ + #endif + + #ifdef WOLFSSL_TRUST_PEER_CERT + #ifndef NO_SKID + if (args->dCert->extAuthKeyIdSet) + matchType = WC_MATCH_SKID; + #endif + tp = GetTrustedPeer(ssl->ctx->cm, subjectHash, matchType); WOLFSSL_MSG("Checking for trusted peer cert"); - if (tp == NULL) { - /* no trusted peer cert */ - WOLFSSL_MSG("No matching trusted peer cert. " - "Checking CAs"); - FreeDecodedCert(args->dCert); - args->dCertInit = 0; - #ifdef OPENSSL_EXTRA - args->untrustedDepth = 1; - #endif - } else if (MatchTrustedPeer(tp, args->dCert)){ + if (tp && MatchTrustedPeer(tp, args->dCert)) { WOLFSSL_MSG("Found matching trusted peer cert"); - haveTrustPeer = 1; - } else { + args->haveTrustPeer = 1; + } + else if (tp == NULL) { + /* no trusted peer cert */ + WOLFSSL_MSG("No matching trusted peer cert. Checking CAs"); + } + else { WOLFSSL_MSG("Trusted peer cert did not match!"); + } + if (!args->haveTrustPeer) + #endif + { + /* free cert if not trusted peer */ FreeDecodedCert(args->dCert); args->dCertInit = 0; - #ifdef OPENSSL_EXTRA - args->untrustedDepth = 1; - #endif } } - #endif /* WOLFSSL_TRUST_PEER_CERT */ - #ifdef OPENSSL_EXTRA - #ifdef WOLFSSL_TRUST_PEER_CERT - else - #endif - if (args->certIdx == 0) { - byte* subjectHash; - cert = &args->certs[args->certIdx]; + #endif /* WOLFSSL_TRUST_PEER_CERT || OPENSSL_EXTRA */ - if (!args->dCertInit) { -#ifdef WOLFSSL_SMALL_CERT_VERIFY - if (args->dCert == NULL) { - args->dCert = (DecodedCert*)XMALLOC( - sizeof(DecodedCert), ssl->heap, - DYNAMIC_TYPE_DCERT); - if (args->dCert == NULL) { - ERROR_OUT(MEMORY_E, exit_ppc); - } - } -#endif - - InitDecodedCert(args->dCert, - cert->buffer, cert->length, ssl->heap); - args->dCert->sigCtx.devId = ssl->devId; - #ifdef WOLFSSL_ASYNC_CRYPT - args->dCert->sigCtx.asyncCtx = ssl; - #endif - args->dCertInit = 1; - #ifdef HAVE_PK_CALLBACKS - ret = InitSigPkCb(ssl, &args->dCert->sigCtx); - if (ret != 0) - goto exit_ppc; - #endif - } - - ret = ParseCertRelative(args->dCert, CERT_TYPE, 0, - ssl->ctx->cm); - #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { - ret = wolfSSL_AsyncPush(ssl, - args->dCert->sigCtx.asyncDev); - goto exit_ppc; - } - #endif - if (ret != 0) { - goto exit_ppc; - } - - #ifndef NO_SKID - subjectHash = args->dCert->extSubjKeyId; - #else - subjectHash = args->dCert->subjectHash; - #endif - if (!AlreadySigner(ssl->ctx->cm, subjectHash)) - args->untrustedDepth = 1; - - FreeDecodedCert(args->dCert); - args->dCertInit = 0; - } - #endif - - /* verify up to peer's first */ + /* check certificate up to peer's first */ /* do not verify chain if trusted peer cert found */ while (args->count > 1 #ifdef WOLFSSL_TRUST_PEER_CERT - && !haveTrustPeer + && !args->haveTrustPeer #endif /* WOLFSSL_TRUST_PEER_CERT */ ) { - byte *subjectHash; - + /* select last certificate */ args->certIdx = args->count - 1; - cert = &args->certs[args->certIdx]; -#ifdef WOLFSSL_SMALL_CERT_VERIFY - sigRet = 0; - - if (!ssl->options.verifyNone) { - if (args->dCert != NULL) { - if (args->dCertInit) { - FreeDecodedCert(args->dCert); - args->dCertInit = 0; - } - XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_DCERT); - args->dCert = NULL; - } - sigRet = CheckCertSignature(cert->buffer, cert->length, - ssl->heap, ssl->ctx->cm); - } -#endif - if (!args->dCertInit) { -#ifdef WOLFSSL_SMALL_CERT_VERIFY - if (args->dCert == NULL) { - args->dCert = (DecodedCert*)XMALLOC( - sizeof(DecodedCert), ssl->heap, - DYNAMIC_TYPE_DCERT); - if (args->dCert == NULL) { - ERROR_OUT(MEMORY_E, exit_ppc); - } - } -#endif - - InitDecodedCert(args->dCert, - cert->buffer, cert->length, ssl->heap); - args->dCert->sigCtx.devId = ssl->devId; /* setup async dev */ - #ifdef WOLFSSL_ASYNC_CRYPT - args->dCert->sigCtx.asyncCtx = ssl; - #endif - args->dCertInit = 1; - #ifdef HAVE_PK_CALLBACKS - ret = InitSigPkCb(ssl, &args->dCert->sigCtx); - if (ret != 0) - goto exit_ppc; - #endif - } - - /* check if returning from non-blocking OCSP */ - #ifdef WOLFSSL_NONBLOCK_OCSP - if (args->lastErr != OCSP_WANT_READ) - { - #endif - -#ifndef WOLFSSL_SMALL_CERT_VERIFY - sigRet = ParseCertRelative(args->dCert, CERT_TYPE, - !ssl->options.verifyNone, ssl->ctx->cm); -#else - ret = ParseCertRelative(args->dCert, CERT_TYPE, - !ssl->options.verifyNone ? VERIFY_NAME : NO_VERIFY, - ssl->ctx->cm); - if (ret != 0) { - sigRet = ret; - ret = 0; - } -#endif + ret = ProcessPeerCertParse(ssl, args, CERT_TYPE, + !ssl->options.verifyNone ? VERIFY : NO_VERIFY, + &subjectHash, &alreadySigner); #ifdef WOLFSSL_ASYNC_CRYPT - if (sigRet == WC_PENDING_E) { - ret = wolfSSL_AsyncPush(ssl, - args->dCert->sigCtx.asyncDev); + if (ret == WC_PENDING_E) goto exit_ppc; + #endif + if (ret == 0) { + ret = ProcessPeerCertCheckKey(ssl, args); } - #endif - #ifndef NO_SKID - subjectHash = args->dCert->extSubjKeyId; - #else - subjectHash = args->dCert->subjectHash; - #endif - - /* Check key sizes for certs. Is redundent check since - ProcessBuffer also performs this check. */ - if (!ssl->options.verifyNone) { - switch (args->dCert->keyOID) { - #ifndef NO_RSA - case RSAk: - if (ssl->options.minRsaKeySz < 0 || - args->dCert->pubKeySize < - (word16)ssl->options.minRsaKeySz) { - WOLFSSL_MSG( - "RSA key size in cert chain error"); - sigRet = RSA_KEY_SIZE_E; - } - break; - #endif /* !NO_RSA */ - #ifdef HAVE_ECC - case ECDSAk: - if (ssl->options.minEccKeySz < 0 || - args->dCert->pubKeySize < - (word16)ssl->options.minEccKeySz) { - WOLFSSL_MSG( - "ECC key size in cert chain error"); - sigRet = ECC_KEY_SIZE_E; - } - break; - #endif /* HAVE_ECC */ - #ifdef HAVE_ED25519 - case ED25519k: - if (ssl->options.minEccKeySz < 0 || - ED25519_KEY_SIZE < - (word16)ssl->options.minEccKeySz) { - WOLFSSL_MSG( - "ECC key size in cert chain error"); - sigRet = ECC_KEY_SIZE_E; - } - break; - #endif /* HAVE_ED25519 */ - default: - WOLFSSL_MSG("Key size not checked"); - /* key not being checked for size if not in - switch */ - break; - } /* switch (dCert->keyOID) */ - } /* if (!ssl->options.verifyNone) */ - - if (sigRet == 0 && args->dCert->isCA == 0) { + if (ret == 0 && args->dCert->isCA == 0) { WOLFSSL_MSG("Chain cert is not a CA, not adding as one"); } - else if (sigRet == 0 && ssl->options.verifyNone) { - WOLFSSL_MSG("Chain cert not verified by option, not adding as CA"); + else if (ret == 0 && ssl->options.verifyNone) { + WOLFSSL_MSG("Chain cert not verified by option, " + "not adding as CA"); } - else if (sigRet == 0 && !AlreadySigner(ssl->ctx->cm, subjectHash)) { - DerBuffer* add = NULL; - ret = AllocDer(&add, cert->length, CA_TYPE, ssl->heap); - if (ret < 0) - goto exit_ppc; + else if (ret == 0) { + buffer* cert = &args->certs[args->certIdx]; - WOLFSSL_MSG("Adding CA from chain"); - - XMEMCPY(add->buffer, cert->buffer, cert->length); - - #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) - if (args->certIdx > args->untrustedDepth) - args->untrustedDepth = (char)args->certIdx + 1; - #endif - - /* already verified above */ - ret = AddCA(ssl->ctx->cm, &add, WOLFSSL_CHAIN_CA, 0); - if (ret == 1) { - ret = 0; /* WOLFSSL_SUCCESS for external */ - } - - #ifdef WOLFSSL_ALT_CERT_CHAINS - /* if the previous CA cert failed, clear last error */ - if (args->lastCaErr != 0) { - WOLFSSL_MSG("Using alternate cert chain"); - ssl->options.usingAltCertChain = 1; - - /* clear last CA fail since CA cert was validated */ - if (!args->verifyErr) - args->lastCaErr = 0; - - #ifdef SESSION_CERTS + /* Is valid CA */ + #if defined(SESSION_CERTS) && defined(WOLFSSL_ALT_CERT_CHAINS) + /* if using alternate chain, store the cert used */ + if (ssl->options.usingAltCertChain) { AddSessionCertToChain(&ssl->session.altChain, cert->buffer, cert->length); - #endif /* SESSION_CERTS */ + } + #endif /* SESSION_CERTS && WOLFSSL_ALT_CERT_CHAINS */ + #ifdef OPENSSL_EXTRA + if (args->certIdx > args->untrustedDepth) { + args->untrustedDepth = (char)args->certIdx + 1; } #endif + + if (!alreadySigner) { + DerBuffer* add = NULL; + ret = AllocDer(&add, cert->length, CA_TYPE, ssl->heap); + if (ret < 0) + goto exit_ppc; + + XMEMCPY(add->buffer, cert->buffer, cert->length); + + /* CA already verified above in ParseCertRelative */ + WOLFSSL_MSG("Adding CA from chain"); + ret = AddCA(ssl->ctx->cm, &add, WOLFSSL_CHAIN_CA, 0); + if (ret == WOLFSSL_SUCCESS) { + ret = 0; + } + } + else { + WOLFSSL_MSG("Verified CA from chain and already had it"); + } } - else if (sigRet != 0) { + else { WOLFSSL_MSG("Failed to verify CA from chain"); #ifdef OPENSSL_EXTRA ssl->peerVerifyRet = X509_V_ERR_INVALID_CA; #endif } - else { - WOLFSSL_MSG("Verified CA from chain and already had it"); - } - - #ifdef WOLFSSL_NONBLOCK_OCSP - } - else { - args->lastErr = 0; /* clear last error */ - } - #endif #if defined(HAVE_OCSP) || defined(HAVE_CRL) - if (ret == 0 && sigRet == 0) { + if (ret == 0) { int doCrlLookup = 1; #ifdef HAVE_OCSP #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 @@ -9414,39 +9378,41 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } #endif /* HAVE_CRL */ (void)doCrlLookup; - - if (ret != 0) - sigRet = ret; } #endif /* HAVE_OCSP || HAVE_CRL */ + #ifdef WOLFSSL_ALT_CERT_CHAINS + /* For alternate cert chain, its okay for a CA cert to fail + with ASN_NO_SIGNER_E here. The "alternate" certificate + chain mode only requires that the peer certificate + validate to a trusted CA */ + if (ret != 0) { + if (ret == ASN_NO_SIGNER_E) { + if (!ssl->options.usingAltCertChain) { + WOLFSSL_MSG("Trying alternate cert chain"); + ssl->options.usingAltCertChain = 1; + } + + ret = 0; /* clear error and continue */ + } + } + #endif /* WOLFSSL_ALT_CERT_CHAINS */ + /* Do verify callback */ - sigRet = DoVerifyCallback(ssl, sigRet, args); + ret = DoVerifyCallback(ssl, ret, args); /* Handle error codes */ - #ifdef WOLFSSL_ALT_CERT_CHAINS - if (args->lastCaErr == 0) { - /* capture CA error and proceed to next cert */ - args->lastCaErr = sigRet; - sigRet = 0; - } - else { - args->lastErr = args->lastCaErr; - } - #endif - if (sigRet != 0 && args->lastErr == 0) { - args->lastErr = sigRet; /* save error from last time */ - sigRet = 0; /* reset error */ + if (ret != 0 && args->lastErr == 0) { + args->lastErr = ret; /* save error from last time */ + ret = 0; /* reset error */ } FreeDecodedCert(args->dCert); args->dCertInit = 0; args->count--; - } /* while (count > 0 && !haveTrustPeer) */ + } /* while (count > 0 && !args->haveTrustPeer) */ } /* if (count > 0) */ - if (sigRet != 0) - ret = sigRet; /* Check for error */ if (ret != 0) { goto exit_ppc; @@ -9463,81 +9429,25 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (args->count > 0) { WOLFSSL_MSG("Verifying Peer's cert"); + /* select peer cert (first one) */ args->certIdx = 0; - cert = &args->certs[args->certIdx]; -#ifdef WOLFSSL_SMALL_CERT_VERIFY - sigRet = 0; - - if (!ssl->options.verifyNone) { - if (args->dCert != NULL) { - if (args->dCertInit) { - FreeDecodedCert(args->dCert); - args->dCertInit = 0; - } - XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_DCERT); - args->dCert = NULL; - } - sigRet = CheckCertSignature(cert->buffer, cert->length, - ssl->heap, ssl->ctx->cm); - } -#endif - if (!args->dCertInit) { - if (args->dCert == NULL) { - args->dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), - ssl->heap, DYNAMIC_TYPE_DCERT); - if (args->dCert == NULL) { - ERROR_OUT(MEMORY_E, exit_ppc); - } - } - - InitDecodedCert(args->dCert, - cert->buffer, cert->length, ssl->heap); - args->dCert->sigCtx.devId = ssl->devId; /* setup async dev */ - #ifdef WOLFSSL_ASYNC_CRYPT - args->dCert->sigCtx.asyncCtx = ssl; - #endif - args->dCertInit = 1; - #ifdef HAVE_PK_CALLBACKS - ret = InitSigPkCb(ssl, &args->dCert->sigCtx); - if (ret != 0) - goto exit_ppc; - #endif - } - - #ifdef WOLFSSL_TRUST_PEER_CERT - if (!haveTrustPeer) + ret = ProcessPeerCertParse(ssl, args, CERT_TYPE, + !ssl->options.verifyNone ? VERIFY : NO_VERIFY, + &subjectHash, &alreadySigner); + #ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_PENDING_E) + goto exit_ppc; #endif - { - /* only parse if not already present in dCert from above */ -#ifndef WOLFSSL_SMALL_CERT_VERIFY - sigRet = ParseCertRelative(args->dCert, CERT_TYPE, - !ssl->options.verifyNone, ssl->ctx->cm); -#else - ret = ParseCertRelative(args->dCert, CERT_TYPE, - !ssl->options.verifyNone ? VERIFY_NAME : NO_VERIFY, - ssl->ctx->cm); - if (ret != 0) { - sigRet = ret; - ret = 0; - } -#endif - #ifdef WOLFSSL_ASYNC_CRYPT - if (sigRet == WC_PENDING_E) { - ret = wolfSSL_AsyncPush(ssl, - args->dCert->sigCtx.asyncDev); - goto exit_ppc; - } - #endif - } - - if (sigRet == 0) { + if (ret == 0) { WOLFSSL_MSG("Verified Peer's cert"); #ifdef OPENSSL_EXTRA ssl->peerVerifyRet = X509_V_OK; #endif #if defined(SESSION_CERTS) && defined(WOLFSSL_ALT_CERT_CHAINS) + /* if using alternate chain, store the cert used */ if (ssl->options.usingAltCertChain) { + buffer* cert = &args->certs[args->certIdx]; AddSessionCertToChain(&ssl->session.altChain, cert->buffer, cert->length); } @@ -9546,20 +9456,15 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* check if fatal error */ if (args->verifyErr) { args->fatal = 1; - if (sigRet == 0) { - sigRet = args->lastErr; + if (ret == 0) { + ret = args->lastErr; } - #ifdef WOLFSSL_ALT_CERT_CHAINS - if (sigRet == 0) { - sigRet = args->lastCaErr; - } - #endif } else { args->fatal = 0; } } - else if (sigRet == ASN_PARSE_E || sigRet == BUFFER_E) { + else if (ret == ASN_PARSE_E || ret == BUFFER_E) { WOLFSSL_MSG("Got Peer cert ASN PARSE or BUFFER ERROR"); #ifdef OPENSSL_EXTRA SendAlert(ssl, alert_fatal, bad_certificate); @@ -9599,7 +9504,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, WOLFSSL_MSG( "Peer sent different cert during scr, fatal"); args->fatal = 1; - sigRet = SCR_DIFFERENT_CERT_E; + ret = SCR_DIFFERENT_CERT_E; } } @@ -9612,8 +9517,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif /* HAVE_SECURE_RENEGOTIATION */ } /* if (count > 0) */ - if (sigRet != 0) - ret = sigRet; /* Check for error */ if (args->fatal && ret != 0) { goto exit_ppc; @@ -10017,7 +9920,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = args->lastErr; } - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) if (args->untrustedDepth > ssl->options.verifyDepth) { ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG; ret = MAX_CHAIN_ERROR; @@ -22151,7 +22054,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif } - /* Signtaure length will be written later, when we're sure what it is */ + /* Signature length will be written later, when we're sure what it is */ #ifdef HAVE_FUZZER if (ssl->fuzzerCb) { diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 122987de4..1e953360d 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -44,8 +44,6 @@ ASN Options: Only enabled for OCSP. * WOLFSSL_NO_OCSP_ISSUER_CHECK: Can be defined for backwards compatibility to disable checking of OCSP subject hash with issuer hash. - * WOLFSSL_ALT_CERT_CHAINS: Allows matching multiple CA's to validate - chain based on issuer and public key (includes signature confirmation) * WOLFSSL_SMALL_CERT_VERIFY: Verify the certificate signature without using DecodedCert. Doubles up on some code but allows smaller dynamic memory usage. @@ -4223,6 +4221,8 @@ void FreeNameSubtrees(Base_entry* names, void* heap) void FreeDecodedCert(DecodedCert* cert) { + if (cert == NULL) + return; if (cert->subjectCNStored == 1) XFREE(cert->subjectCN, cert->heap, DYNAMIC_TYPE_SUBJECT_CN); if (cert->pubKeyStored == 1) @@ -5385,7 +5385,7 @@ int ValidateDate(const byte* date, byte format, int dateType) GetTime(&diffMM, date, &i); timeDiff = diffSign * (diffHH*60 + diffMM) * 60 ; } else if (date[i] != 'Z') { - WOLFSSL_MSG("UTCtime, niether Zulu or time differential") ; + WOLFSSL_MSG("UTCtime, neither Zulu or time differential") ; return 0; } @@ -5614,6 +5614,11 @@ int DecodeToKey(DecodedCert* cert, int verify) WOLFSSL_MSG("Got Subject Name"); + /* Determine if self signed */ + cert->selfSigned = XMEMCMP(cert->issuerHash, + cert->subjectHash, + KEYID_SIZE) == 0 ? 1 : 0; + if ( (ret = GetKey(cert)) < 0) return ret; @@ -7664,8 +7669,7 @@ Signer* GetCAByName(void* signers, byte* hash) #endif /* WOLFCRYPT_ONLY || NO_CERTS */ -#if (defined(WOLFSSL_ALT_CERT_CHAINS) || \ - defined(WOLFSSL_NO_TRUSTED_CERTS_VERIFY)) && !defined(NO_SKID) +#if defined(WOLFSSL_NO_TRUSTED_CERTS_VERIFY) && !defined(NO_SKID) static Signer* GetCABySubjectAndPubKey(DecodedCert* cert, void* cm) { Signer* ca = NULL; @@ -7955,7 +7959,6 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) int badDate = 0; int criticalExt = 0; word32 confirmOID; - int selfSigned = 0; if (cert == NULL) { return BAD_FUNC_ARG; @@ -8033,34 +8036,29 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) } } #endif /* WOLFSSL_NO_TRUSTED_CERTS_VERIFY */ - - /* alt lookup using subject and public key */ - #ifdef WOLFSSL_ALT_CERT_CHAINS - if (cert->ca == NULL) - cert->ca = GetCABySubjectAndPubKey(cert, cm); - #endif #else cert->ca = GetCA(cm, cert->issuerHash); - if (XMEMCMP(cert->issuerHash, cert->subjectHash, KEYID_SIZE) == 0) - selfSigned = 1; #endif /* !NO_SKID */ WOLFSSL_MSG("About to verify certificate signature"); + if (cert->ca) { + /* Check if cert is CA type and has path length set */ if (cert->isCA && cert->ca->pathLengthSet) { - if (selfSigned) { + /* Check root CA (self-signed) has path length > 0 */ + if (cert->selfSigned) { if (cert->ca->pathLength != 0) { WOLFSSL_MSG("Root CA with path length > 0"); return ASN_PATHLEN_INV_E; } } else { + /* Check path lengths are valid between two CA's */ if (cert->ca->pathLength == 0) { WOLFSSL_MSG("CA with path length 0 signing a CA"); return ASN_PATHLEN_INV_E; } else if (cert->pathLength >= cert->ca->pathLength) { - WOLFSSL_MSG("CA signing CA with longer path length"); return ASN_PATHLEN_INV_E; } diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index c2b09ec8f..eab379bd6 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -855,6 +855,7 @@ struct DecodedCert { byte extBasicConstSet : 1; byte extSubjAltNameSet : 1; byte inhibitAnyOidSet : 1; + byte selfSigned : 1; /* Indicates subject and issuer are same */ #ifdef WOLFSSL_SEP byte extCertPolicySet : 1; #endif From 00dd222aa573edabc30aba95e641b502a0b6c87a Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 21 Dec 2018 08:21:59 -0800 Subject: [PATCH 2/4] Fix for example client with `-X` external tests to not disable for PSK build unless `usePsk` is set. Resolves issue with external tests being skipped if building with PSK enabled. --- examples/client/client.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 502db65e2..30739516b 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1860,9 +1860,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) int done = 0; #ifdef NO_RSA - done += 1; + done += 1; /* require RSA for external tests */ #endif + if (!XSTRNCMP(domain, "www.globalsign.com", 14)) { /* www.globalsign.com does not respond to ipv6 ocsp requests */ #if defined(TEST_IPV6) && defined(HAVE_OCSP) done += 1; @@ -1880,9 +1881,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #if defined(HAVE_OCSP) && !defined(HAVE_ECC) done += 1; #endif + } #ifndef NO_PSK - done += 1; + if (usePsk) { + done += 1; /* don't perform exernal tests if PSK is enabled */ + } #endif #ifdef NO_SHA @@ -1912,7 +1916,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #if !defined(HAVE_AESGCM) && defined(NO_AES) && \ !(defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) - /* need at least on of these for external tests */ + /* need at least one of these for external tests */ done += 1; #endif From 59a3b4a11060b541e241b943ab5d07f1768b72d3 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 21 Dec 2018 09:33:54 -0800 Subject: [PATCH 3/4] New tests for cert chains, alternate cert chains, trusted peer certs and DH prime cleanup: * Added ECC and RSA intermediate CA's and server/client chain certificates for testing. * Enhanced suites test to support expected fail arg `-H exitWithRet` in any test .conf file. * Added new `test-altchains.conf` for testing with `WOLFSSL_ALT_CERT_CHAINS` defined. * Added new `test-chains` for testing chains. * Added new `test-dhprime.conf` for DH prime check tests. * Added new `test-trustedpeer.conf` for testing `WOLFSSL_TRUST_PEER_CERT`. * Refactor to add `-2` to disable DH prime check by default (except for new test-dhprime.conf). * Added ability to run a specific test.conf file using syntax like `./tests/unit.test tests/test-altchains.conf`. --- certs/crl/ca-int-ecc.pem | 10 + certs/crl/ca-int.pem | 14 + certs/crl/client-int-ecc.pem | 10 + certs/crl/client-int.pem | 14 + certs/crl/include.am | 9 + certs/crl/server-int-ecc.pem | 10 + certs/crl/server-int.pem | 14 + certs/include.am | 1 + certs/intermediate/ca-int-cert.der | Bin 0 -> 1051 bytes certs/intermediate/ca-int-cert.pem | 83 +++ certs/intermediate/ca-int-ecc-cert.der | Bin 0 -> 661 bytes certs/intermediate/ca-int-ecc-cert.pem | 52 ++ certs/intermediate/ca-int-ecc-key.der | Bin 0 -> 121 bytes certs/intermediate/ca-int-ecc-key.pem | 5 + certs/intermediate/ca-int-key.der | Bin 0 -> 1194 bytes certs/intermediate/ca-int-key.pem | 27 + certs/intermediate/client-chain-alt-ecc.pem | 55 ++ certs/intermediate/client-chain-alt.pem | 71 +++ certs/intermediate/client-chain-ecc.der | Bin 0 -> 1375 bytes certs/intermediate/client-chain-ecc.pem | 33 ++ certs/intermediate/client-chain.der | Bin 0 -> 2153 bytes certs/intermediate/client-chain.pem | 49 ++ certs/intermediate/client-int-cert.der | Bin 0 -> 1102 bytes certs/intermediate/client-int-cert.pem | 88 ++++ certs/intermediate/client-int-ecc-cert.der | Bin 0 -> 714 bytes certs/intermediate/client-int-ecc-cert.pem | 57 +++ certs/intermediate/genintcerts.sh | 293 +++++++++++ certs/intermediate/include.am | 34 ++ certs/intermediate/server-chain-alt-ecc.pem | 59 +++ certs/intermediate/server-chain-alt.pem | 75 +++ certs/intermediate/server-chain-ecc.der | Bin 0 -> 1533 bytes certs/intermediate/server-chain-ecc.pem | 37 ++ certs/intermediate/server-chain.der | Bin 0 -> 2309 bytes certs/intermediate/server-chain.pem | 53 ++ certs/intermediate/server-int-cert.der | Bin 0 -> 1258 bytes certs/intermediate/server-int-cert.pem | 94 ++++ certs/intermediate/server-int-ecc-cert.der | Bin 0 -> 872 bytes certs/intermediate/server-int-ecc-cert.pem | 63 +++ tests/include.am | 6 +- tests/suites.c | 210 +++++--- tests/test-altchains.conf | 212 ++++++++ tests/test-chains.conf | 223 ++++++++ tests/test-dhprime.conf | 25 + tests/test-dtls.conf | 164 ------ tests/test-ed25519.conf | 8 - tests/test-enckeys.conf | 10 - tests/test-fails.conf | 30 -- tests/test-maxfrag-dtls.conf | 36 -- tests/test-maxfrag.conf | 36 -- tests/test-psk-no-id.conf | 54 -- tests/test-psk.conf | 2 - tests/test-qsh.conf | 466 ----------------- tests/test-sctp.conf | 190 ------- tests/test-sig.conf | 40 -- tests/test-tls13-down.conf | 12 - tests/test-tls13-ecc.conf | 14 - tests/test-tls13-psk.conf | 6 - tests/test-tls13.conf | 42 -- tests/test-trustpeer.conf | 99 ++++ tests/test.conf | 532 -------------------- tests/unit.c | 2 +- tests/unit.h | 2 +- 62 files changed, 2018 insertions(+), 1713 deletions(-) create mode 100644 certs/crl/ca-int-ecc.pem create mode 100644 certs/crl/ca-int.pem create mode 100644 certs/crl/client-int-ecc.pem create mode 100644 certs/crl/client-int.pem create mode 100644 certs/crl/server-int-ecc.pem create mode 100644 certs/crl/server-int.pem create mode 100644 certs/intermediate/ca-int-cert.der create mode 100644 certs/intermediate/ca-int-cert.pem create mode 100644 certs/intermediate/ca-int-ecc-cert.der create mode 100644 certs/intermediate/ca-int-ecc-cert.pem create mode 100644 certs/intermediate/ca-int-ecc-key.der create mode 100644 certs/intermediate/ca-int-ecc-key.pem create mode 100644 certs/intermediate/ca-int-key.der create mode 100644 certs/intermediate/ca-int-key.pem create mode 100644 certs/intermediate/client-chain-alt-ecc.pem create mode 100644 certs/intermediate/client-chain-alt.pem create mode 100644 certs/intermediate/client-chain-ecc.der create mode 100644 certs/intermediate/client-chain-ecc.pem create mode 100644 certs/intermediate/client-chain.der create mode 100644 certs/intermediate/client-chain.pem create mode 100644 certs/intermediate/client-int-cert.der create mode 100644 certs/intermediate/client-int-cert.pem create mode 100644 certs/intermediate/client-int-ecc-cert.der create mode 100644 certs/intermediate/client-int-ecc-cert.pem create mode 100755 certs/intermediate/genintcerts.sh create mode 100644 certs/intermediate/include.am create mode 100644 certs/intermediate/server-chain-alt-ecc.pem create mode 100644 certs/intermediate/server-chain-alt.pem create mode 100644 certs/intermediate/server-chain-ecc.der create mode 100644 certs/intermediate/server-chain-ecc.pem create mode 100644 certs/intermediate/server-chain.der create mode 100644 certs/intermediate/server-chain.pem create mode 100644 certs/intermediate/server-int-cert.der create mode 100644 certs/intermediate/server-int-cert.pem create mode 100644 certs/intermediate/server-int-ecc-cert.der create mode 100644 certs/intermediate/server-int-ecc-cert.pem create mode 100644 tests/test-altchains.conf create mode 100644 tests/test-chains.conf create mode 100644 tests/test-dhprime.conf create mode 100644 tests/test-trustpeer.conf diff --git a/certs/crl/ca-int-ecc.pem b/certs/crl/ca-int-ecc.pem new file mode 100644 index 000000000..654cd30cb --- /dev/null +++ b/certs/crl/ca-int-ecc.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBYDCCAQUCAQEwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0x +ODEyMjExNzU0MDFaFw0yMTA5MTYxNzU0MDFaoDAwLjAfBgNVHSMEGDAWgBSXHWDD +hyJZm2AfhLSZHIhNv9oebjALBgNVHRQEBAICIAMwCgYIKoZIzj0EAwIDSQAwRgIh +AMrFN7PEk0mtpHWZXJQSaXrc2K2BY/iZ6GlKnbM9G44MAiEA5K9dEKgOX/2VvGlR +YN8aMaQ+Ly9fyMNEnXLR2OOMrBA= +-----END X509 CRL----- diff --git a/certs/crl/ca-int.pem b/certs/crl/ca-int.pem new file mode 100644 index 000000000..d0dd6ce4a --- /dev/null +++ b/certs/crl/ca-int.pem @@ -0,0 +1,14 @@ +-----BEGIN X509 CRL----- +MIICHDCCAQQCAQEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVTMRMwEQYD +VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm +U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRl +cm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4 +MTIyMTE3NTQwMFoXDTIxMDkxNjE3NTQwMFqgMDAuMB8GA1UdIwQYMBaAFO9p4PfV +HeaZ7Nxt0PfiuVxkcYM1MAsGA1UdFAQEAgIgADANBgkqhkiG9w0BAQsFAAOCAQEA +d++OmLaoou17s32sU/onSY1+Y9PoqYcKqkjK14srsvnrMe8AS3QDsuF721cg3Ekp +pghG2pmyrvsCB8uaZ5yGE0B7YZ2ZfKjq6IQAQmcMkZ9tVtchmJNGyuB0T8uL8fJE +JsCvI+eAyYTSjgePQC4x9GMunWwRfQ4DWjXIal8f9WNLnRRZl8MKaTk6fuMM+GBt +6QJ1qEEeWWwbTnCqAia4dJ/IJGn7bbxwMAs305zrBE8G17gzh4Q4aj/nt71+oM5e +Jf4XHs2GahUUz29OqiXwsfNfpF9/DHxjTf0UyHjRVV95hdq2QBQNuozVQ/wDiXSH +12py+paDtyfh1Vw3RapYMQ== +-----END X509 CRL----- diff --git a/certs/crl/client-int-ecc.pem b/certs/crl/client-int-ecc.pem new file mode 100644 index 000000000..91315dcbe --- /dev/null +++ b/certs/crl/client-int-ecc.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBXTCCAQICAQEwCgYIKoZIzj0EAwIwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNTTCBDbGllbnQg +Q2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODEy +MjExNzU0MDFaFw0yMTA5MTYxNzU0MDFaoDAwLjAfBgNVHSMEGDAWgBTr1EtZa5Vh +P1FXtgRNiUGIRFyr8jALBgNVHRQEBAICIAUwCgYIKoZIzj0EAwIDSQAwRgIhAJn0 +klExhxOHZtOQi45DuNnraKRzWV+V0moXQOvQmP4+AiEAk7Oqvn3Ij3ZhB/V+7VT0 +iPE8ipSUmQbQcZzI7BhT86E= +-----END X509 CRL----- diff --git a/certs/crl/client-int.pem b/certs/crl/client-int.pem new file mode 100644 index 000000000..0acea6861 --- /dev/null +++ b/certs/crl/client-int.pem @@ -0,0 +1,14 @@ +-----BEGIN X509 CRL----- +MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZwxCzAJBgNVBAYTAlVTMRMwEQYD +VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm +U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29sZlNTTCBDbGll +bnQgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MTIy +MTE3NTQwMFoXDTIxMDkxNjE3NTQwMFqgMDAuMB8GA1UdIwQYMBaAFDPYRWbXaIcY +flQNcCeRxybXhWXAMAsGA1UdFAQEAgIgAjANBgkqhkiG9w0BAQsFAAOCAQEAefil +VL8oAVmbbtUyF7v7cwZ+3Olt6VuCcevIPYMc8yP7huO21UpkjwrVhr0tru6SA5xO +2I1lUwcyuH49c2H/RVEmS7q75TErYyXl/D209+LidOqPAnVibNWBsNaqQUn11dEM +T+VBC6aiUuLxnslpzWUkmromjh0BI2f1AbYEtRDHlaqZakxiZ4FdXPpnopcO44+T +ZLS2Kj52L6ykB1j70I2HOpZ7C07+MTBLvCV8J0Au1+GNBN1TZSO0dOX8AXLSpS+6 +q3vxJ1nsNYk/P7KdJO8eGYth9pXffKYPzMz0urrnavNd9nO9bR4u89SLepzuedBK +vX+Acp5M8IcAnw4sEA== +-----END X509 CRL----- diff --git a/certs/crl/include.am b/certs/crl/include.am index c5d635df8..4b1034ac3 100644 --- a/certs/crl/include.am +++ b/certs/crl/include.am @@ -14,3 +14,12 @@ EXTRA_DIST += \ EXTRA_DIST += \ certs/crl/crl.revoked + +# Intermediate cert CRL's +EXTRA_DIST += \ + certs/crl/ca-int.pem \ + certs/crl/client-int.pem \ + certs/crl/server-int.pem \ + certs/crl/ca-int-ecc.pem \ + certs/crl/client-int-ecc.pem \ + certs/crl/server-int-ecc.pem diff --git a/certs/crl/server-int-ecc.pem b/certs/crl/server-int-ecc.pem new file mode 100644 index 000000000..c4bedeaa8 --- /dev/null +++ b/certs/crl/server-int-ecc.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBXDCCAQICAQEwCgYIKoZIzj0EAwIwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNTTCBTZXJ2ZXIg +Q2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODEy +MjExNzU0MDFaFw0yMTA5MTYxNzU0MDFaoDAwLjAfBgNVHSMEGDAWgBRdXSbvrH42 ++Zt2FStKJQIj77KJMDALBgNVHRQEBAICIAQwCgYIKoZIzj0EAwIDSAAwRQIgTKmg +a595JJuQ5U4Alhi7p8424/02UoN4WLg9tZiGtfICIQDKtdI2JZuVpTmCtRRo8gZH +H/s5EUrqsIpXoNMdsGO1+w== +-----END X509 CRL----- diff --git a/certs/crl/server-int.pem b/certs/crl/server-int.pem new file mode 100644 index 000000000..ccddf4b4f --- /dev/null +++ b/certs/crl/server-int.pem @@ -0,0 +1,14 @@ +-----BEGIN X509 CRL----- +MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZwxCzAJBgNVBAYTAlVTMRMwEQYD +VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm +U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29sZlNTTCBTZXJ2 +ZXIgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MTIy +MTE3NTQwMFoXDTIxMDkxNjE3NTQwMFqgMDAuMB8GA1UdIwQYMBaAFLMRMsmSmITi +yfjQO24DQsofDo48MAsGA1UdFAQEAgIgATANBgkqhkiG9w0BAQsFAAOCAQEAEhz6 +qLMqvX2s8/nsg2BjT+07Di3f3kkCZqxWtdvoSHg44lQof2F6UuTeKzlBWfTmFLE9 +qZJ8dj6xSMPEnZnRB1z9HvHRKZGDotuSNWCt4BElXP6ZZpQcIFaYUsWUZJ0Zb7LW +/06fuepQTeHrxvwNPD6SF5+dVX7doQ2l2ytkQvGHznrWsQNdB2H9K2tAZTIbkiQA +KcRP1pm1Dt2pZWPbwHws/AcXM4nCIJRUTlo1drHBClDbJB1n/AU8LjX1shX4AUds ++HthMwVmDUjofoXuqzRVyCtfdMH5tgwY//opif+FRXwXjZajx9K+vu68Qa8hI5+9 +sXu6NDs92L2KLfGNmg== +-----END X509 CRL----- diff --git a/certs/include.am b/certs/include.am index 86eb71755..53bcb581c 100644 --- a/certs/include.am +++ b/certs/include.am @@ -100,3 +100,4 @@ include certs/external/include.am include certs/ocsp/include.am include certs/test/include.am include certs/test-pathlen/include.am +include certs/intermediate/include.am diff --git a/certs/intermediate/ca-int-cert.der b/certs/intermediate/ca-int-cert.der new file mode 100644 index 0000000000000000000000000000000000000000..d7c9a71d676c3a0867c558771533eff16b1ae6fc GIT binary patch literal 1051 zcmXqLVi7lJV*0;;nTe5!iAjLLfR~L^tIebBJ1-+6H!Fid;}k<~15P&PP!={}rqEzR z0Ruh|hl7XRH$Sf=F)tA&!p_6)lwXyao0w-PXuuCr!^Oi9oLF9xpI?$;C~P1I65{6J za?Z~yF3l;)%u6?vFc1R?GV}14mzV36=jWsq7w70D=jR&A8_2?)!O18lkeQd3?|`Jh zKu(<3(8AEj$k5Q-)WpCbN}Si&!qCXj49YcVoR8{ksQnx~T;Yku8JT(MCHZ+sE)Pyk zEGfxJg^6(Su!AfM4)!q=F%SZ|k(-CxCABOyC%+&!HLt`_!9Wfq%FH7URj1&YSCU$k zo0^iDSdyyX>`2%LO^iy&Va>?Oz}&>h&tTBR$i>ve$jESbQE{wdlEOKwLW|{7cHeGi zk%^L?=gn((>c`UWyjgdYCn#lUMnmP<&uoEbpN`o2 zoxh!QO|x#Bm|qo%tW7O?+MOEetq|w_^M}>toSRl(k2AU%9mgJ%m?4E%08R<=1%T~?~iuIq!c!r8pwmBm02VV#2Q4@`_ctV4y(!9 zzco(YyyS+g!P6I4!4W7c%*gnkg~Nc2k?}thBLg@Q%kqQ7SeTg@+mK^|8ypji3~^@- z&Iz-vSge}cnz6sbIzuQcE?%iA(ChEUb(;>^EqqcuJ-=K&j%%4+m%?Np`;3G!6< zEsc0`!SzX1{Fw}8+v@wh#=X0^i|&5zldw}m&=D&&NW%_P|Nt00Q>EE#?1*I?$)UDW>0!Q;f(2KzsJ8$wTBwMsO~vr zD(RS2mXlL;A?u>=1>+kVW!YvLtz6! z5Ql?@D?G6{BQr0(BtOqkz<>`V$j-waoSIltl9LJ(;o@O0&(BE<4)!q=F%SZ&;pX9X zNi9pw$uG!F%_}jKFc1TYGV}14mzV2-)D{=#=q2ap8p<2UvT2n}{-Ms{W=29~M!Wj4)ISShc`UWyjgdYCn#lU zMnmP<&uoEbpN`o2oxh!QO|x#Bm|qo%tW7O?+MOEe ztq|w_^M}>toSRl(k2AU%9!-PW zmeXxA*b^@F>!D7kw{*B-sabnN{hTA3w|YAmZ`(9)Ilto9%OI2B@TEDAf9AY8_u(yH z@Uqs(x&t4MM>M4D$N-c`rJsir-TMA^NGDj$q9EyA~ZccUL#b*yJvnvSP`SMyAF_hL1mH?}&e3 zc65sfQ{37&&b+NF87d+lDp@M7NZFCJhh1vzxdj2&O5T5;8ZgQ8*VOGn0dLc%wO&`> zz*=%P^CZW=$@#K8k39cBJS%g!?4(7N?j56Y-A%$OG3Qpu%a|Ig)HatXCLYi~m+-Xe zk3|1ZGX{zDpl{nwoPEH*@77|E*qrv}gU+{wy5@{Q z2`%|==C8lV-ShF^uX%>nd>7KyK4ugxJr}m+fLWdX%t`tW?{tcBxCe#EKiXw4xN5og z{N2lArfiTg5olR-L3d$FcXU~Gd(-vze<~E0AD%3D%`n9_OI&xrQJ&Y%(*EidNdaC1b@AHvX!mxFWd*^_BAAD+A;+wnV{WI8D>wL!@JJC zS}zr+>vPF1Z_;O-OS7H1vus!Hm{H?CDN^jLj?kfnagM*)q(r|St`Cad;rnXBi)8y9 z4VUIA>e_SaUy@0k`I!52?+26F6G3iRnZYVh`i8mZXw<>yf!$H5&Q{-U-@h-dKebt| z*sgzyvf!m}&$bqRGkA0O&YCXwC%x8hzPev{S<2DRz1qE3u{DeF$-=I^rRHni|0z3r zYS5~ literal 0 HcmV?d00001 diff --git a/certs/intermediate/ca-int-key.pem b/certs/intermediate/ca-int-key.pem new file mode 100644 index 000000000..0b050b6b8 --- /dev/null +++ b/certs/intermediate/ca-int-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEAw6JzXSFiIM46cTinlLvbhwQcWhueSw0+yvil9w1q3COQImor +WGNKKGpIqOdzH6JV2E0CO+LLa+KDyVGPd/3cLV0jtyOafrYpaOgqTqn+MnAxnvDv +7viN4/zz1yjdeh2erSMr8aZ/NFIpZtLlZFVk1t1LQTtVg27AEQ5uIMIWc+sw/wlG +u+fMxgNEQRHGwWw2L0r5kVXKWF43uCgQMIlAlnfPcGakVftpC+fZsjNl23I6d7cr +Sfy2zVgQjauqy0BFdwI5GLOPMwFId1C+jnOn3jagSY4sFq+5+0ItNWrbNDfVFFl9 +ZXLli2VVSyBeR/n4OtNs2Tr1xwFGMcN5mhi+SQIDAQABAoIBAQCwoB1pyrcOiULI +b+8U4Jpthq+WRvMeLYIwvFcS+uEsiUsbVyF1NoeAf5zEKdqNiAHbPIO0z6j66VI0 +U1elbOP5bOrO8O0OU6aFWX7A8MdYgGS8bCkjZvKsEPeRnQqAsvdMt8F39etIsJlC +hUunz1UwjDDiXxBwjnAHtjCFkNW2pt6LscUgqSPr/dYIM6H5ZdSINvUYd9v6xvYz +KQhOZSyikO2sqs/d+tTl1/Onca3HWxynhT4HCe47RQnxaCk+6qa25nrXCIHS+cNh +Ro79iBqkSsG43nYtZ14ZRsPh4jeie0myP1CzYL94fTNuc9wRXJ/dOIjZu3uCHDxt +opSopKSBAoGBAPH4m7hf4DbFtBQCXq3sQw2FqQB4WeEiOSGoZLhivAcarc6gUNZ0 +7/eVUJJJ+pW3UlDtZ5aF1yewBXTNackI/pNvHQziSf/hzRzDdsk4ei3cMnctshMk +XM6oHxw1MyR9g3YhYcAvzmDlevwYj/k2ABhnUva2yM3gD77ao0hjwIyZAoGBAM76 +Gr3ZwT3hh/CzO8GDZuzwLPahLTcBUmCEb+yfr9ELjPH++p4xOw7QZybxaHKlzla0 +wDZ+L5mSL+HciRYIR1JUH+K6PxGqp0ufu6dclLAcNBCEotAtoWSLW3Z7h4LX7/x4 +IafDkxHWMWQxYJaLN5REbJArurY0lu1z5uBqpJ0xAoGBALI2NBpbIru0aKjEBg96 +jvgKlSoveaMCnalYaLYUof9petFP6bnJbmOeqTTVH6Xc2teXwk9uS8SDM8GO+HaE +FVto3rB6iZ3YJEUnAPm6iuHz54c3NIw8n83krOUNmZkqiAQdGe1+SDW9ThMV1BPr +3a4bi1MB1GsstuwOA2xxa4MhAoGBAIoPNDU9AfRH8shwlcRv5QDY9/UO770ICa3N +yWaZ4cncHYjyHrPUfONVyeilEJmg1bDqYmg25YNXis7qrxpeLUzSRm6S8yzSm0ML +aj2puJh8R5JZFs0sEsKhXkH7BhoV9cN/Ulu4TeqQ6GM/uIDSniEtPwkv0hxlmeML +843wNJuRAoGBAKloBRB17AOMxVrB51GLWmVDOvbb398bL5WDHnM+j5QjEdL25rVx +9jDsw9ysikfkjTvs9UfQ6XUIjwurR40hhWoB5KGKvXU3rO/8ds3Gu1EbGmk0h9dS +seC5knwR/3QrRKHerNP5hzDIeRYaPOnko4Zhoo+28UFAHZcItQGF3lF/ +-----END RSA PRIVATE KEY----- diff --git a/certs/intermediate/client-chain-alt-ecc.pem b/certs/intermediate/client-chain-alt-ecc.pem new file mode 100644 index 000000000..58bb755f0 --- /dev/null +++ b/certs/intermediate/client-chain-alt-ecc.pem @@ -0,0 +1,55 @@ +-----BEGIN CERTIFICATE----- +MIICxjCCAmygAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ +bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s +ZlNTTCBDbGllbnQgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVb/0D0RQmj3Om7fwxU31 +cHvU7CSOGYDsWkyiJANiLJva76I1EkOEdhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/ +tKOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNVHQ4EFgQU +69RLWWuVYT9RV7YETYlBiERcq/IwHwYDVR0jBBgwFoAUlx1gw4ciWZtgH4S0mRyI +Tb/aHm4wDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF +BQcDBDAKBggqhkjOPQQDAgNIADBFAiBe6My62YzVR/EAn/a2IjlFpCektOZbCnJ0 +wFB0KiilZQIhAKofLu9dYlzn5JMB77wMijSohui3fABOA7QX43L+ZYHf +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD +wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD +VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y +uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG +MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf +jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- diff --git a/certs/intermediate/client-chain-alt.pem b/certs/intermediate/client-chain-alt.pem new file mode 100644 index 000000000..6ace19174 --- /dev/null +++ b/certs/intermediate/client-chain-alt.pem @@ -0,0 +1,71 @@ +-----BEGIN CERTIFICATE----- +MIIESjCCAzKgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT +MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK +DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT +TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC +VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV +BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm +U1NMIENsaWVudCBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr +Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N ++e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA +nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G +wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz +2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh +utMCAwEAAaOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNV +HQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwHwYDVR0jBBgwFoAU72ng99Ud5pns +3G3Q9+K5XGRxgzUwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC +BggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAiIEheKwEinl+zaW6O/5SYeic +XSiRymhyMZnVFXiZ0QP/thNZI0iekpTMkQGT3Bk2aNdIU6uZ2CP8KJhD8+uf4i/E +TLMcSDWSbVNGXcEgIQdxJaE3iRqb7PXj0RWg/hAuzWfVPW7WufU4jToSyS754anI +b9YEBWbfPDpp16prXnEN41M4PYdKHseIeByHWiG9D4b0fIa9UX2cy/KypkF6+LsI +EWdqMZ9I9tEHojaHg3NoO8kRXquj0GGa341SuYp50vNdsD0Vae6jtcK+tD8RsAbT +uLQyRZX/dkjrYwsdeQ9VldZ8htRhIPkPooKkH7EQU9joyCezvZh7CsRbgtBszw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT +MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT +YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L +DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+ +tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD +bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV ++2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW +r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj +ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn +jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB +/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i +glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z +jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo +4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim +l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU +4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- diff --git a/certs/intermediate/client-chain-ecc.der b/certs/intermediate/client-chain-ecc.der new file mode 100644 index 0000000000000000000000000000000000000000..b067fe290fe67213e5b538a7b3cf025e458a0905 GIT binary patch literal 1375 zcmXqLVmfBf#FVpunTe5!iAjLffQyYotIgw_EekV~LE~aWZUas>=1>+kVW!YvLtz6! z5Ql?@D?G6{BQr0(BtOqkz<>`V$j-waoSIltl9LJ(;o@O0&(BE<4)!q=F%SZ&;pX9X zNi9pw$uG!F%_}ifF;D`DGV@47)hT%9m82Hsrlw>jmZT~;J1V$3I~&Ry$g**2wRyCC z=Vjz%6cfnIOUrivX(%qv(M!(HHINhMHMB4^GBPwYH#IRZj1uQHvM@94FDa9X;t>3b^ae_f(FE|oqg;|&k7z_m2I1}1D7~6h0F*35SFf*|(Fpy?(n{c>YDROp#e9M-ZG9AAA zZ^`9>6M!r~BjbOtc@H4wsj`R}h_G>JvoW%=vNJQmSuDs&jM;<1z?DfM?!}p1H+!zS ze`J{dZJUy%>k{=PTb@O86_p$aDACebn#!ceuu5Lv4?Gz~}?h(Xc-e|dSi9w;3^6DK*T*BF#~ z&ETnbNaR7>33%##nN9N)R?04lUL7-gMH-vtvrRW1i!3{QaLZa>7YPNq*z~`mvbm}c z#Wxn7YGwX#X}x2bn_2EF$J72Nye=$A>{*;7K++ z*U-G5lh408{CTM&xb%?~1|?7q12#s+|4fVwsEL-b4LP|myE7QLFexbX?%l)D6{N6w z&xa{IHWqW{9gql~GNnG;R-ibnU`LYpJymwzy}g!=V1>{O)M$NNrj1U@vxWY=cEM(`xuHC2!Yga z^KiSQmZj$87v!eql^7}*$bm$edBmaW6g=}vQj2m^Q!*1vQWcyX4do4F;V$B26cfnI zOUrivDK0L~(M!(HHINhMHMB4^GBPwYH#IRZh!W>DvM@9h&tTBR$i>ve$jES*`J(ne%Oysx z*1;!Qw6$tVX6;?26~yj-ZJF67cB8%vyE3bf9d?;_rP1TBZpNbS^xX?fPnhX=U6TIZ zz3V*h&-ZUWHp*4cW_F*oKlMy~s!Hav7b2a}PfWfa-5@ggYkIX+RmDTbu&{~Cgq?aX z**MJcd4I9(zImWD&qC|39~XO>K6!X<+I{J|{eIIg2)tOqVbHi!0YSzZdSh z%*4#dz__?^fT z!!_-CM!Q5^2ycP<#N%q$TT>4h$b+PnStJa^8bsb_KKOoB_SwugcXBU$f3!0urLfr) zoQ7rj85#eB&3gbbPnAW?K!lA$n~jl`m7SRh&SF81G;VODF*0;CDpssv>8h+dyL6ZJ zzo5hyb7D0np2{dPoOxBWV&+BW|J#Hkl|AN7nsR0$+PHq5MZO%8Qso8J7KE5cr;Gclr+4QTndDnJ+wdl1HI;r>b z;mQ;F*H~E7?%P;pUSE|RSIGM~*uu8mOYV3_g-m;t;$Hr?FEwp@18e7;{ta2JP&sy!1JCgRN-hyTw}%?b~86xPk5R zjx9#6Q~#HFyiVqpt>h1#dab7IN}|F~{zXkoQK)m%rSn=a&>H)vuJ zH)vw|4=YU=&;rSzaSCc)gcckeJnX*tc_oQ?iLio$orm2izbZ91G0#xYfFG2>xOg~% z6U$5T^Gh;dg%CFnmveqzacNFTW?s6Xgn<}H9WxJqd3m`WC^JG!2*P;~vj{N;6(MHu zB4p4Pf&@#EMa8j-Nebtz3N4mT*?qg6MJ7smo;R=EsUJ(f^Jd*qo}iSa9g*y%k>#=C zd9nPW&>Ox?){jnSKWaW1*kAtlj&7{-cI8=h+cYy?X!))DXH;M~@5B3dKYAbk`FvgD zZk6o3waVHbm(`mDX{KFzni86F?XI_@b!cVgr z{oS~3(;>TsPl~7Km&?a-Ewk%VnCxSpk&?OM`Z~L%5l=3-KB zzdg^mIpM?I8g<_6N$)3|G2QI<_}8iSP{SA1J%>ys9ka@Ea;h$5UDRE%Y`Q~n&>S1* z<=!8+v#ft`(a2`a{pDVwzxBdy#Q4mdYx5y@fr9F^lPZ5&eD2(n)qHW~;r~-?`j&51 p?o|HNl3-YOsoUkX)|B5TnA&*j-ibnU`LYpJymwzy}g!=V1>{O)M$NNrj1U@vxWY=cEM(`xuHC2!Yga z^KiSQmZj$87v!eql^7}*$bm$edBmaW6g=}vQj2m^Q!*1vQWcyX4do4F;V$B26cfnI zOUrivDK0L~(M!(HHINhMHMB4^GBPwYH#IRZh!W>DvM@9h&tTBR$i>ve$jES*`J(ne%Oysx z*1;!Qw6$tVX6;?26~yj-ZJF67cB8%vyE3bf9d?;_rP1TBZpNbS^xX?fPnhX=U6TIZ zz3V*h&-ZUWHp*4cW_F*oKlMy~s!Hav7b2a}PfWfa-5@ggYkIX+RmDTbu&{~Cgq?aX z**MJcd4I9(zImWD&qC|39~XO>K6!X<+I{J|{eIIg2)tOqVbHi!0YSzZdSh z%*4#dz__?^fT z!!_-CM!Q5^2ycP<#N%q$TT>4h$b+PnStJa^8bsb_KKOoB_SwugcXBU$f3!0urLfr) zoQ7rj85#eB&3gbbPnAW?K!lA$n~jl`m7SRh&SF81G;VODF*0;CDpssv>8h+dyL6ZJ zzo5hyb7D0np2{dPoOxBWV&+BW|J#Hkl|AN7nsR0$+PHq5MZO%8Qso8J7KE5cr;Gclr+4QTndDnJ+wdl1HI;r>b z;mQ;F*H~E7?%P;pUSE|RSIGM~*uu8mOYV3_g-m;t;$Hr?FEwp@18e7;{ta2JP&sy!1JCgRN-hyTw}%?b~86xPk5R zjx9#6Q~#HFyiVqpt>h1#dab7IN}|F~{zXkoQK)m%rSn=a&>2LM`3 BimU(t literal 0 HcmV?d00001 diff --git a/certs/intermediate/client-int-cert.pem b/certs/intermediate/client-int-cert.pem new file mode 100644 index 000000000..105ba85bb --- /dev/null +++ b/certs/intermediate/client-int-cert.pem @@ -0,0 +1,88 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4098 (0x1002) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 21 17:54:00 2018 GMT + Not After : Dec 18 17:54:00 2028 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Client Chain/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b: + 2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07: + 32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d: + 68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b: + ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf: + 65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5: + b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6: + 13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b: + 0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e: + bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14: + c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83: + ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19: + cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d: + 3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9: + 54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71: + d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86: + 2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1: + ba:d3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Subject Key Identifier: + 33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 + X509v3 Authority Key Identifier: + keyid:EF:69:E0:F7:D5:1D:E6:99:EC:DC:6D:D0:F7:E2:B9:5C:64:71:83:35 + + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication, E-mail Protection + Signature Algorithm: sha256WithRSAEncryption + 88:81:21:78:ac:04:8a:79:7e:cd:a5:ba:3b:fe:52:61:e8:9c: + 5d:28:91:ca:68:72:31:99:d5:15:78:99:d1:03:ff:b6:13:59: + 23:48:9e:92:94:cc:91:01:93:dc:19:36:68:d7:48:53:ab:99: + d8:23:fc:28:98:43:f3:eb:9f:e2:2f:c4:4c:b3:1c:48:35:92: + 6d:53:46:5d:c1:20:21:07:71:25:a1:37:89:1a:9b:ec:f5:e3: + d1:15:a0:fe:10:2e:cd:67:d5:3d:6e:d6:b9:f5:38:8d:3a:12: + c9:2e:f9:e1:a9:c8:6f:d6:04:05:66:df:3c:3a:69:d7:aa:6b: + 5e:71:0d:e3:53:38:3d:87:4a:1e:c7:88:78:1c:87:5a:21:bd: + 0f:86:f4:7c:86:bd:51:7d:9c:cb:f2:b2:a6:41:7a:f8:bb:08: + 11:67:6a:31:9f:48:f6:d1:07:a2:36:87:83:73:68:3b:c9:11: + 5e:ab:a3:d0:61:9a:df:8d:52:b9:8a:79:d2:f3:5d:b0:3d:15: + 69:ee:a3:b5:c2:be:b4:3f:11:b0:06:d3:b8:b4:32:45:95:ff: + 76:48:eb:63:0b:1d:79:0f:55:95:d6:7c:86:d4:61:20:f9:0f: + a2:82:a4:1f:b1:10:53:d8:e8:c8:27:b3:bd:98:7b:0a:c4:5b: + 82:d0:6c:cf +-----BEGIN CERTIFICATE----- +MIIESjCCAzKgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT +MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK +DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT +TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC +VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV +BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm +U1NMIENsaWVudCBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr +Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N ++e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA +nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G +wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz +2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh +utMCAwEAAaOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNV +HQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwHwYDVR0jBBgwFoAU72ng99Ud5pns +3G3Q9+K5XGRxgzUwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC +BggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAiIEheKwEinl+zaW6O/5SYeic +XSiRymhyMZnVFXiZ0QP/thNZI0iekpTMkQGT3Bk2aNdIU6uZ2CP8KJhD8+uf4i/E +TLMcSDWSbVNGXcEgIQdxJaE3iRqb7PXj0RWg/hAuzWfVPW7WufU4jToSyS754anI +b9YEBWbfPDpp16prXnEN41M4PYdKHseIeByHWiG9D4b0fIa9UX2cy/KypkF6+LsI +EWdqMZ9I9tEHojaHg3NoO8kRXquj0GGa341SuYp50vNdsD0Vae6jtcK+tD8RsAbT +uLQyRZX/dkjrYwsdeQ9VldZ8htRhIPkPooKkH7EQU9joyCezvZh7CsRbgtBszw== +-----END CERTIFICATE----- diff --git a/certs/intermediate/client-int-ecc-cert.der b/certs/intermediate/client-int-ecc-cert.der new file mode 100644 index 0000000000000000000000000000000000000000..6b806bbc554eaa764a37ff35458ff8d36d620fa8 GIT binary patch literal 714 zcmXqLVmfBf#FVpunTe5!iAjLffQyYotIgw_EekV~LE~aWZUas>=1>+kVW!YvLtz6! z5Ql?@D?G6{BQr0(BtOqkz<>`V$j-waoSIltl9LJ(;o@O0&(BE<4)!q=F%SZ&;pX9X zNi9pw$uG!F%_}ifF;D`DGV@47)hT%9m82Hsrlw>jmZT~;J1V$3I~&Ry$g**2wRyCC z=Vjz%6cfnIOUrivX(%qv(M!(HHINhMHMB4^GBPwYH#IRZj1uQHvM@94FDa9X;t>3b^ae_f(FE|oqg;|&k7z_m2I1}1D7~6h0F*35SFf*|(Fpy?(n{c>YDROp#e9M-ZG9AAA zZ^`9>6M!r~BjbOtc@H4wsj`R}h_G>JvoW%=vNJQmSuDs&jM;<1z?DfM?!}p1H+!zS ze`J{dZJUy%>k{=PTb@O86_p$aDACebn#!ceuu5L "$1" + echo "[ ca ]" >> "$1" + echo "default_ca = CA_default" >> "$1" + echo "" >> "$1" + echo "[ CA_default ]" >> "$1" + echo "certs = $dir/certs/intermediate" >> "$1" + echo "new_certs_dir = $dir/certs/intermediate/new_certs">> "$1" + echo "database = $dir/certs/intermediate/index.txt">> "$1" + echo "serial = $dir/certs/intermediate/serial" >> "$1" + echo "RANDFILE = $dir/private/.rand" >> "$1" + echo "" >> "$1" + echo "private_key = $dir/$2" >> "$1" + echo "certificate = $dir/$3" >> "$1" + echo "" >> "$1" + echo "crlnumber = $dir/certs/intermediate/crlnumber">> "$1" + echo "crl_extensions = crl_ext" >> "$1" + echo "default_crl_days = 1000" >> "$1" + echo "default_md = sha256" >> "$1" + echo "" >> "$1" + echo "name_opt = ca_default" >> "$1" + echo "cert_opt = ca_default" >> "$1" + echo "default_days = 3650" >> "$1" + echo "preserve = no" >> "$1" + echo "policy = policy_loose" >> "$1" + echo "" >> "$1" + echo "[ policy_strict ]" >> "$1" + echo "countryName = match" >> "$1" + echo "stateOrProvinceName = match" >> "$1" + echo "organizationName = match" >> "$1" + echo "organizationalUnitName = optional" >> "$1" + echo "commonName = supplied" >> "$1" + echo "emailAddress = optional" >> "$1" + echo "" >> "$1" + echo "[ policy_loose ]" >> "$1" + echo "countryName = optional" >> "$1" + echo "stateOrProvinceName = optional" >> "$1" + echo "localityName = optional" >> "$1" + echo "organizationName = optional" >> "$1" + echo "organizationalUnitName = optional" >> "$1" + echo "commonName = supplied" >> "$1" + echo "emailAddress = optional" >> "$1" + echo "" >> "$1" + echo "[ req ]" >> "$1" + echo "default_bits = 2048" >> "$1" + echo "distinguished_name = req_distinguished_name" >> "$1" + echo "string_mask = utf8only" >> "$1" + echo "default_md = sha256" >> "$1" + echo "x509_extensions = v3_ca" >> "$1" + echo "" >> "$1" + echo "[ req_distinguished_name ]" >> "$1" + echo "countryName = US" >> "$1" + echo "stateOrProvinceName = Washington" >> "$1" + echo "localityName = Seattle" >> "$1" + echo "organizationName = wolfSSL" >> "$1" + echo "organizationalUnitName = Development" >> "$1" + echo "commonName = www.wolfssl.com" >> "$1" + echo "emailAddress = info@wolfssl.com" >> "$1" + echo "" >> "$1" + echo "[ v3_ca ]" >> "$1" + echo "subjectKeyIdentifier = hash" >> "$1" + echo "authorityKeyIdentifier = keyid:always,issuer" >> "$1" + echo "basicConstraints = critical, CA:true" >> "$1" + echo "keyUsage = critical, digitalSignature, cRLSign, keyCertSign">> "$1" + echo "" >> "$1" + echo "[ v3_intermediate_ca ]" >> "$1" + echo "subjectKeyIdentifier = hash" >> "$1" + echo "authorityKeyIdentifier = keyid:always,issuer" >> "$1" + echo "basicConstraints = critical, CA:true, pathlen:0" >> "$1" + echo "keyUsage = critical, digitalSignature, cRLSign, keyCertSign">> "$1" + echo "" >> "$1" + echo "[ usr_cert ]" >> "$1" + echo "basicConstraints = CA:FALSE" >> "$1" + echo "nsCertType = client, email" >> "$1" + echo "subjectKeyIdentifier = hash" >> "$1" + echo "authorityKeyIdentifier = keyid,issuer" >> "$1" + echo "keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment">> "$1" + echo "extendedKeyUsage = clientAuth, emailProtection" >> "$1" + echo "" >> "$1" + echo "[ server_cert ]" >> "$1" + echo "basicConstraints = CA:FALSE" >> "$1" + echo "nsCertType = server" >> "$1" + echo "subjectKeyIdentifier = hash" >> "$1" + echo "authorityKeyIdentifier = keyid,issuer:always" >> "$1" + echo "keyUsage = critical, digitalSignature, keyEncipherment, keyAgreement">> "$1" + echo "extendedKeyUsage = serverAuth" >> "$1" + echo "" >> "$1" + echo "[ crl_ext ]" >> "$1" + echo "authorityKeyIdentifier=keyid:always" >> "$1" +} + +# Args: 1=reqcnf, 2=signcnf, 3=keyfile, 4=certfile, 5=ext, 6=subj, 7=days +create_cert() { + openssl req -config ./certs/intermediate/$1.cnf -new -sha256 \ + -key $3 \ + -out ./certs/intermediate/tmp.csr \ + -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=$6/emailAddress=info@wolfssl.com" + check_result $? + openssl ca -config ./certs/intermediate/$2.cnf -extensions $5 -days $7 -notext -md sha256 \ + -in ./certs/intermediate/tmp.csr -out ./certs/intermediate/$4.pem -batch + check_result $? + rm ./certs/intermediate/tmp.csr + + # Convert Cert to DER + openssl x509 -in ./certs/intermediate/$4.pem -inform PEM -out ./certs/intermediate/$4.der -outform DER + check_result $? + + # Add text to cert PEM file + openssl x509 -in ./certs/intermediate/$4.pem -text > ./certs/intermediate/tmp.pem + check_result $? + mv ./certs/intermediate/tmp.pem ./certs/intermediate/$4.pem +} + +if [ "$1" == "clean" ]; then + echo "Cleaning temp files" + cleanup_files +fi +if [ "$1" == "cleanall" ]; then + echo "Cleaning all files" + rm -f ./certs/intermediate/*.pem + rm -f ./certs/intermediate/*.der + rm -f ./certs/intermediate/*.csr + cleanup_files +fi + +# Make sure required CA files exist and are populated +rm -f ./certs/intermediate/index.* +touch ./certs/intermediate/index.txt +if [ ! -f ./certs/intermediate/serial ]; then + echo 1000 > ./certs/intermediate/serial +fi +if [ ! -f ./certs/intermediate/crlnumber ]; then + echo 2000 > ./certs/intermediate/crlnumber +fi +if [ ! -d ./certs/intermediate/new_certs ]; then + mkdir ./certs/intermediate/new_certs +fi + + +# RSA +echo "Creating RSA CA configuration cnf files" +create_ca_config ./certs/intermediate/wolfssl_root.cnf certs/ca-key.pem certs/ca-cert.pem +create_ca_config ./certs/intermediate/wolfssl_int.cnf certs/intermediate/ca-int-key.pem certs/intermediate/ca-int-cert.pem + +if [ ! -f ./certs/intermediate/ca-int-key.pem ]; then + echo "Make Intermediate RSA CA Key" + openssl genrsa -out ./certs/intermediate/ca-int-key.pem 2048 + check_result $? + openssl rsa -in ./certs/intermediate/ca-int-key.pem -inform PEM -out ./certs/intermediate/ca-int-key.der -outform DER + check_result $? +fi + +echo "Create RSA Intermediate CA signed by root" +create_cert wolfssl_int wolfssl_root ./certs/intermediate/ca-int-key.pem ca-int-cert v3_intermediate_ca "wolfSSL Intermediate CA" 7300 + +echo "Create RSA Server Certificate signed by intermediate" +create_cert wolfssl_int wolfssl_int ./certs/server-key.pem server-int-cert server_cert "wolfSSL Server Chain" 3650 + +echo "Create RSA Client Certificate signed by intermediate" +create_cert wolfssl_int wolfssl_int ./certs/client-key.pem client-int-cert usr_cert "wolfSSL Client Chain" 3650 + +echo "Generate CRLs for new certificates" +openssl ca -config ./certs/intermediate/wolfssl_root.cnf -gencrl -crldays 1000 -out ./certs/crl/ca-int.pem -keyfile ./certs/intermediate/ca-int-key.pem -cert ./certs/intermediate/ca-int-cert.pem +check_result $? +openssl ca -config ./certs/intermediate/wolfssl_int.cnf -gencrl -crldays 1000 -out ./certs/crl/server-int.pem -keyfile ./certs/server-key.pem -cert ./certs/intermediate/server-int-cert.pem +check_result $? +openssl ca -config ./certs/intermediate/wolfssl_int.cnf -gencrl -crldays 1000 -out ./certs/crl/client-int.pem -keyfile ./certs/client-key.pem -cert ./certs/intermediate/client-int-cert.pem +check_result $? + +echo "Assemble test chains - peer first, then intermediate" +openssl x509 -in ./certs/intermediate/server-int-cert.pem > ./certs/intermediate/server-chain.pem +openssl x509 -in ./certs/intermediate/ca-int-cert.pem >> ./certs/intermediate/server-chain.pem +cat ./certs/intermediate/server-int-cert.der ./certs/intermediate/ca-int-cert.der > ./certs/intermediate/server-chain.der + +openssl x509 -in ./certs/intermediate/client-int-cert.pem > ./certs/intermediate/client-chain.pem +openssl x509 -in ./certs/intermediate/ca-int-cert.pem >> ./certs/intermediate/client-chain.pem +cat ./certs/intermediate/client-int-cert.der ./certs/intermediate/ca-int-cert.der > ./certs/intermediate/client-chain.der + +echo "Assemble cert chain with extra cert for testing alternate chains" +cp ./certs/intermediate/server-chain.pem ./certs/intermediate/server-chain-alt.pem +cp ./certs/intermediate/client-chain.pem ./certs/intermediate/client-chain-alt.pem +openssl x509 -in ./certs/external/ca-google-root.pem >> ./certs/intermediate/server-chain-alt.pem +openssl x509 -in ./certs/external/ca-google-root.pem >> ./certs/intermediate/client-chain-alt.pem + + +# ECC +echo "Creating ECC CA configuration cnf files" +create_ca_config ./certs/intermediate/wolfssl_root_ecc.cnf certs/ca-ecc-key.pem certs/ca-ecc-cert.pem +create_ca_config ./certs/intermediate/wolfssl_int_ecc.cnf certs/intermediate/ca-int-ecc-key.pem certs/intermediate/ca-int-ecc-cert.pem + +if [ ! -f ./certs/intermediate/ca-int-ecc-key.pem ]; then + echo "Make Intermediate ECC CA Key" + openssl ecparam -name prime256v1 -genkey -noout -out ./certs/intermediate/ca-int-ecc-key.pem + check_result $? + openssl ec -in ./certs/intermediate/ca-int-ecc-key.pem -inform PEM -out ./certs/intermediate/ca-int-ecc-key.der -outform DER + check_result $? +fi + +echo "Create ECC Intermediate CA signed by root" +create_cert wolfssl_int_ecc wolfssl_root_ecc ./certs/intermediate/ca-int-ecc-key.pem ca-int-ecc-cert v3_intermediate_ca "wolfSSL Intermediate CA ECC" 7300 + +echo "Create ECC Server Certificate signed by intermediate" +create_cert wolfssl_int_ecc wolfssl_int_ecc ./certs/ecc-key.pem server-int-ecc-cert server_cert "wolfSSL Server Chain ECC" 3650 + +echo "Create ECC Client Certificate signed by intermediate" +create_cert wolfssl_int_ecc wolfssl_int_ecc ./certs/ecc-client-key.pem client-int-ecc-cert usr_cert "wolfSSL Client Chain ECC" 3650 + +echo "Generate CRLs for new certificates" +openssl ca -config ./certs/intermediate/wolfssl_root_ecc.cnf -gencrl -crldays 1000 -out ./certs/crl/ca-int-ecc.pem -keyfile ./certs/intermediate/ca-int-ecc-key.pem -cert ./certs/intermediate/ca-int-ecc-cert.pem +check_result $? +openssl ca -config ./certs/intermediate/wolfssl_int_ecc.cnf -gencrl -crldays 1000 -out ./certs/crl/server-int-ecc.pem -keyfile ./certs/ecc-key.pem -cert ./certs/intermediate/server-int-ecc-cert.pem +check_result $? +openssl ca -config ./certs/intermediate/wolfssl_int_ecc.cnf -gencrl -crldays 1000 -out ./certs/crl/client-int-ecc.pem -keyfile ./certs/ecc-client-key.pem -cert ./certs/intermediate/client-int-ecc-cert.pem +check_result $? + +echo "Assemble test chains - peer first, then intermediate" +openssl x509 -in ./certs/intermediate/server-int-ecc-cert.pem > ./certs/intermediate/server-chain-ecc.pem +openssl x509 -in ./certs/intermediate/ca-int-ecc-cert.pem >> ./certs/intermediate/server-chain-ecc.pem +cat ./certs/intermediate/server-int-ecc-cert.der ./certs/intermediate/ca-int-ecc-cert.der > ./certs/intermediate/server-chain-ecc.der + +openssl x509 -in ./certs/intermediate/client-int-ecc-cert.pem > ./certs/intermediate/client-chain-ecc.pem +openssl x509 -in ./certs/intermediate/ca-int-ecc-cert.pem >> ./certs/intermediate/client-chain-ecc.pem +cat ./certs/intermediate/client-int-ecc-cert.der ./certs/intermediate/ca-int-ecc-cert.der > ./certs/intermediate/client-chain-ecc.der + +echo "Assemble cert chain with extra untrusted cert for testing alternate chains" +cp ./certs/intermediate/server-chain-ecc.pem ./certs/intermediate/server-chain-alt-ecc.pem +cp ./certs/intermediate/client-chain-ecc.pem ./certs/intermediate/client-chain-alt-ecc.pem +openssl x509 -in ./certs/external/ca-google-root.pem >> ./certs/intermediate/server-chain-alt-ecc.pem +openssl x509 -in ./certs/external/ca-google-root.pem >> ./certs/intermediate/client-chain-alt-ecc.pem diff --git a/certs/intermediate/include.am b/certs/intermediate/include.am new file mode 100644 index 000000000..183f96c33 --- /dev/null +++ b/certs/intermediate/include.am @@ -0,0 +1,34 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + certs/intermediate/genintcerts.sh \ + certs/intermediate/ca-int-cert.der \ + certs/intermediate/ca-int-cert.pem \ + certs/intermediate/ca-int-ecc-cert.der \ + certs/intermediate/ca-int-ecc-cert.pem \ + certs/intermediate/ca-int-ecc-key.der \ + certs/intermediate/ca-int-ecc-key.pem \ + certs/intermediate/ca-int-key.der \ + certs/intermediate/ca-int-key.pem \ + certs/intermediate/client-chain-alt-ecc.pem \ + certs/intermediate/client-chain-alt.pem \ + certs/intermediate/client-chain-ecc.der \ + certs/intermediate/client-chain-ecc.pem \ + certs/intermediate/client-chain.der \ + certs/intermediate/client-chain.pem \ + certs/intermediate/client-int-cert.der \ + certs/intermediate/client-int-cert.pem \ + certs/intermediate/client-int-ecc-cert.der \ + certs/intermediate/client-int-ecc-cert.pem \ + certs/intermediate/server-chain-alt-ecc.pem \ + certs/intermediate/server-chain-alt.pem \ + certs/intermediate/server-chain-ecc.der \ + certs/intermediate/server-chain-ecc.pem \ + certs/intermediate/server-chain.der \ + certs/intermediate/server-chain.pem \ + certs/intermediate/server-int-cert.der \ + certs/intermediate/server-int-cert.pem \ + certs/intermediate/server-int-ecc-cert.der \ + certs/intermediate/server-int-ecc-cert.pem diff --git a/certs/intermediate/server-chain-alt-ecc.pem b/certs/intermediate/server-chain-alt-ecc.pem new file mode 100644 index 000000000..6655c17f3 --- /dev/null +++ b/certs/intermediate/server-chain-alt-ecc.pem @@ -0,0 +1,59 @@ +-----BEGIN CERTIFICATE----- +MIIDZDCCAwugAwIBAgICEAQwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ +bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s +ZlNTTCBTZXJ2ZXIgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuzOsTCdQSsZKpQTDPN6f +NttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ihf/DPGNqREQI0huggWDMLgDSJ +2KOCAS4wggEqMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0GA1UdDgQW +BBRdXSbvrH42+Zt2FStKJQIj77KJMDCBxQYDVR0jBIG9MIG6gBSXHWDDhyJZm2Af +hLSZHIhNv9oebqGBnaSBmjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hp +bmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNV +BAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq +hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhADMA4GA1UdDwEB/wQEAwIDqDAT +BgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNHADBEAiB0XGkL2vHYzyG8 +gayx5cWzOHL5nPFQLTEmSVjD3svlfQIgeJ0/W+ISuxstPSXbK6j0dgKQeySoHUmW +RVZXi7tZVPo= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD +wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD +VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y +uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG +MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf +jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- diff --git a/certs/intermediate/server-chain-alt.pem b/certs/intermediate/server-chain-alt.pem new file mode 100644 index 000000000..73118091b --- /dev/null +++ b/certs/intermediate/server-chain-alt.pem @@ -0,0 +1,75 @@ +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT +MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK +DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT +TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC +VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV +BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm +U1NMIFNlcnZlciBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaOCASswggEnMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0G +A1UdDgQWBBSzETLJkpiE4sn40DtuA0LKHw6OPDCBwgYDVR0jBIG6MIG3gBTvaeD3 +1R3mmezcbdD34rlcZHGDNaGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMw +EQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd +BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhAAMA4GA1UdDwEB/wQEAwID +qDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAPbWNZn6F +oIfMU6THyWNr1MREx0XQce8vWJJgfcg37WTqsasAG1b+93d4dv1kY314/9SuWBvw +FOnnvUvsNm80y5GwQyVmi8BZ0ertJQ1ccoop3orId1G51cTlJlAMvdeh6/qT7D02 +j8/utmtcqE8bccZNLK/S2iDIifP824TCqfaXYqyqp2v7OyFRhXpzVTSCm/iZy5aJ +otM5X7MNX46eRkpVV6veEc+AHyXJ7G9I/c5b0gUHa078DRCgioL75Hc6J+AODPtD +ZF+QjiYSlNuXGOwZlBtWXLm7JpscFVwH39EtnUGWwCpaSp5fnmaajGz/bMqhfbYS +o9QzCwAeul09eg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT +MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT +YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L +DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+ +tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD +bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV ++2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW +r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj +ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn +jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB +/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i +glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z +jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo +4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim +l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU +4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- diff --git a/certs/intermediate/server-chain-ecc.der b/certs/intermediate/server-chain-ecc.der new file mode 100644 index 0000000000000000000000000000000000000000..2e1c7742d58e0ac50fa5d5faae35f634498662bc GIT binary patch literal 1533 zcmXqLVoot=V&-1J%*4pV#3aCCz{SR))#h=|mW7$gpmDJww*e;`b0`a&FjHu-p|F7< zh{M6d6`oj}k(rlXlAmWNV890wWanWIPE9N+$w`HYaPhF0=jWsa2m2U`7zlyXaPx4x zq?V=TJ&WlN>Yn*Q&Tb%OHvh_9Ti-ioekv;WZ5{i+C196 z^D=TWiV0-qrR6(-G!z%-=q2ap8pw(B8d?|{85tUyo0=FHMv3zpSr{4_T0pr5jSFb% z3q=EYh%Y2SjtUO;Q3y^gDoZU=aL!1~%p=YVkp{wS?BHN$VuXf2Gb1~*69da`<263& z0ba+vma-hSxi{bJc9HJ6DX+ADomSwq)De4;$nZE=&p~F`3-AKHfO5xTkT=#-~R& zTNM4A^D#izP|Y*q@V(PdYnc=(=GsR;651`TYpZ%&d&QSBrU}(5D`Y*VxrT*z?~V-l zWzfVl(V&UR0+!F1k!=~gfrce-8H4hc89Z+di4p>L_L_QMX45={m9mSXSI5j=k;bO^ zY}1X$BFhdR+_Ki!MM6O?HvO-tY_94<@r{M2TA4pwTJMceeC`%2?`nktzT9PIej iXT8`p`^(Jpg=QHS-x`LPztA(kFwb+PdgVc8lK=qhudH?e literal 0 HcmV?d00001 diff --git a/certs/intermediate/server-chain-ecc.pem b/certs/intermediate/server-chain-ecc.pem new file mode 100644 index 000000000..379f945fa --- /dev/null +++ b/certs/intermediate/server-chain-ecc.pem @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIDZDCCAwugAwIBAgICEAQwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ +bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s +ZlNTTCBTZXJ2ZXIgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuzOsTCdQSsZKpQTDPN6f +NttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ihf/DPGNqREQI0huggWDMLgDSJ +2KOCAS4wggEqMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0GA1UdDgQW +BBRdXSbvrH42+Zt2FStKJQIj77KJMDCBxQYDVR0jBIG9MIG6gBSXHWDDhyJZm2Af +hLSZHIhNv9oebqGBnaSBmjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hp +bmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNV +BAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq +hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhADMA4GA1UdDwEB/wQEAwIDqDAT +BgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNHADBEAiB0XGkL2vHYzyG8 +gayx5cWzOHL5nPFQLTEmSVjD3svlfQIgeJ0/W+ISuxstPSXbK6j0dgKQeySoHUmW +RVZXi7tZVPo= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD +wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD +VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y +uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG +MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf +jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA== +-----END CERTIFICATE----- diff --git a/certs/intermediate/server-chain.der b/certs/intermediate/server-chain.der new file mode 100644 index 0000000000000000000000000000000000000000..04c47848f78c52911ed11c5034c56cd5c040c19e GIT binary patch literal 2309 zcmXqLVtHoJ#C&c6GZP~d6O#a=0WTY;R+~rLcV0$DZdL|^#`%Wa2Apinp)72|OrgPs z!UlpM4hIiccw%uzW?p(pex9L#0Ut<^orgU*HL;{5Clw~b#lv2npOY3G>|-cmAOupw z&BN`IT9%rVUyz%cS7NAOAO{j<<`IXgQ}E0yNiE7vP036wNmX!mG?X`xg}aE8QA{8+ zFD>5zq`0^^M=v=)*Fa93*U-Yy$jH#p+|BO}9ssT>c(9X}Q3 zZolN}sLq&r%yr$TJt_t}rk>OHyY@|{V^7We-z(DV|HaG+EdAbfiv78%e*eS0)d%!z zR;R2G|8pv~de;NRr$u`CdTlqR7T;PU9lSH%{<7p(J`oleQ~_1PFS9svy_p7qcX1=+Td*S<| zoiQne&87<*XDw-*ZqPUdHO)X1I0p~AZ+>1$VqPLFfwS|lJLOlU<|gJD3L5Z(5&{wyvtG$j*ED@{xS4B(t5 z%g@O8ALM7|6$Zi}KdG|t7;v$1XtOc0va&OyXJTehIlY#x^fA8qVDsNYwRkuwu z#*7~20sH!jm)|p6;Mu1mwtnYtCtcI5 z+a~5$MIvici=K9;hI%W+x&QoObvfsz)z{;UZia^|XG!eygp_b;1}RA87q+s=KpvFU zm02VV#2Q4@`_ctV4y(!9zco(YyyS+g!P6I4!8NR`FsN+cFkoY3{LjRQR$ef+p{06o z(GYjm;G8hqip8qAtr`0}tTTkN;^LK>0=@ojT({|v-NGlu)AP&aq}w<>oke`-lEth?0h@>*-k?-NXIymj)a#}(M( PP6e#rTX>r7me79yZ(=kg literal 0 HcmV?d00001 diff --git a/certs/intermediate/server-chain.pem b/certs/intermediate/server-chain.pem new file mode 100644 index 000000000..bf66d2bf8 --- /dev/null +++ b/certs/intermediate/server-chain.pem @@ -0,0 +1,53 @@ +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT +MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK +DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT +TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC +VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV +BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm +U1NMIFNlcnZlciBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaOCASswggEnMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0G +A1UdDgQWBBSzETLJkpiE4sn40DtuA0LKHw6OPDCBwgYDVR0jBIG6MIG3gBTvaeD3 +1R3mmezcbdD34rlcZHGDNaGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMw +EQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd +BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhAAMA4GA1UdDwEB/wQEAwID +qDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAPbWNZn6F +oIfMU6THyWNr1MREx0XQce8vWJJgfcg37WTqsasAG1b+93d4dv1kY314/9SuWBvw +FOnnvUvsNm80y5GwQyVmi8BZ0ertJQ1ccoop3orId1G51cTlJlAMvdeh6/qT7D02 +j8/utmtcqE8bccZNLK/S2iDIifP824TCqfaXYqyqp2v7OyFRhXpzVTSCm/iZy5aJ +otM5X7MNX46eRkpVV6veEc+AHyXJ7G9I/c5b0gUHa078DRCgioL75Hc6J+AODPtD +ZF+QjiYSlNuXGOwZlBtWXLm7JpscFVwH39EtnUGWwCpaSp5fnmaajGz/bMqhfbYS +o9QzCwAeul09eg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT +MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT +YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L +DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+ +tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD +bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV ++2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW +r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj +ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn +jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB +/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i +glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z +jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo +4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim +l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU +4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w== +-----END CERTIFICATE----- diff --git a/certs/intermediate/server-int-cert.der b/certs/intermediate/server-int-cert.der new file mode 100644 index 0000000000000000000000000000000000000000..3af5f5a1ec774d3c5bbfbfc6443a548c13f6d119 GIT binary patch literal 1258 zcmXqLVtHoJ#C&c6GZP~d6O#a=0WTY;R+~rLcV0$DZdL|^#`%Wa2Apinp)72|OrgPs z!UlpM4hIiccw%uzW?p(pex9L#0Ut<^orgU*HL;{5Clw~b#lv2npOY3G>|-cmAOupw z&BN`IT9%rVUyz%cS7NAOAO{j<<`IXgQ}E0yNiE7vP036wNmX!mG?X`xg}aE8QA{8+ zFD>5zq`0^^M=v=)*Fa93*U-Yy$jH#p+|BO}9ssT>c(9X}Q3 zZolN}sLq&r%yr$TJt_t}rk>OHyY@|{V^7We-z(DV|HaG+EdAbfiv78%e*eS0)d%!z zR;R2G|8pv~de;NRr$u`CdTlqR7T;PU9lSH%{<7p(J`oleQ~_1PFS9svy_p7qcX1=+Td*S<| zoiQne&87<*XDw-*ZqPUdHO)X1I0p~AZ+>1$VqPLFfwS|lJLOlU<|gJD3L5Z(5&{wyvtG$j*ED@{xS4B(t5 z%g@O8ALM7|6$Zi}KdG|t7;v$1XtOc0va&OyXJTehIJ&WlN>Yn*Q&Tb%OHvh_9Ti-ioekv;WZ5{i+C196 z^D=TWiV0-qrR6(-G!z%-=q2ap8pw(B8d?|{85tUyo0=FHMv3zpSr{4_T0pr5jSFb% z3q=EYh%Y2SjtUO;Q3y^gDoZU=aL!1~%p=YVkp{wS?BHN$VuXf2Gb1~*69da`<263& z0ba+vma-hSxi{bJc9HJ6DX+ADomSwq)De4;$nZE=&p~F`3-AKHfO5xTkT=#-~R& zTNM4A^D#izP|Y*q@V(PdYnc=(=GsR;651`TYpZ%&d&QSBrU}(5D`Y*VxrT*z?~V-l F1po*G?lk}a literal 0 HcmV?d00001 diff --git a/certs/intermediate/server-int-ecc-cert.pem b/certs/intermediate/server-int-ecc-cert.pem new file mode 100644 index 000000000..8b19fcd0e --- /dev/null +++ b/certs/intermediate/server-int-ecc-cert.pem @@ -0,0 +1,63 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4100 (0x1004) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA ECC/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 21 17:54:01 2018 GMT + Not After : Dec 18 17:54:01 2028 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Server Chain ECC/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de: + 9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c: + 16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92: + 21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33: + 0b:80:34:89:d8 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Server + X509v3 Subject Key Identifier: + 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 + X509v3 Authority Key Identifier: + keyid:97:1D:60:C3:87:22:59:9B:60:1F:84:B4:99:1C:88:4D:BF:DA:1E:6E + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:10:03 + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment, Key Agreement + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:74:5c:69:0b:da:f1:d8:cf:21:bc:81:ac:b1:e5: + c5:b3:38:72:f9:9c:f1:50:2d:31:26:49:58:c3:de:cb:e5:7d: + 02:20:78:9d:3f:5b:e2:12:bb:1b:2d:3d:25:db:2b:a8:f4:76: + 02:90:7b:24:a8:1d:49:96:45:56:57:8b:bb:59:54:fa +-----BEGIN CERTIFICATE----- +MIIDZDCCAwugAwIBAgICEAQwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ +bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s +ZlNTTCBTZXJ2ZXIgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuzOsTCdQSsZKpQTDPN6f +NttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ihf/DPGNqREQI0huggWDMLgDSJ +2KOCAS4wggEqMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0GA1UdDgQW +BBRdXSbvrH42+Zt2FStKJQIj77KJMDCBxQYDVR0jBIG9MIG6gBSXHWDDhyJZm2Af +hLSZHIhNv9oebqGBnaSBmjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hp +bmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNV +BAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq +hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhADMA4GA1UdDwEB/wQEAwIDqDAT +BgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNHADBEAiB0XGkL2vHYzyG8 +gayx5cWzOHL5nPFQLTEmSVjD3svlfQIgeJ0/W+ISuxstPSXbK6j0dgKQeySoHUmW +RVZXi7tZVPo= +-----END CERTIFICATE----- diff --git a/tests/include.am b/tests/include.am index 2b6baf558..f5efa3ed3 100644 --- a/tests/include.am +++ b/tests/include.am @@ -34,5 +34,9 @@ EXTRA_DIST += tests/test.conf \ tests/test-enckeys.conf \ tests/test-maxfrag.conf \ tests/test-maxfrag-dtls.conf \ - tests/test-fails.conf + tests/test-fails.conf \ + tests/test-chains.conf \ + tests/test-altchains.conf \ + tests/test-trustedpeer.conf \ + tests/test-dhprime.conf DISTCLEANFILES+= tests/.libs/unit.test diff --git a/tests/suites.c b/tests/suites.c index d41c3e274..7f37a0b8b 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -59,8 +59,10 @@ static char flagSep[] = " "; static char portFlag[] = "-p"; static char svrPort[] = "0"; #endif -static char forceDefCipherListFlag[] = "-HdefCipherList"; -static char exitWithRetFlag[] = "-HexitWithRet"; +static char intTestFlag[] = "-H"; +static char forceDefCipherListFlag[] = "defCipherList"; +static char exitWithRetFlag[] = "exitWithRet"; +static char disableDHPrimeTest[] = "-2"; #ifdef WOLFSSL_ASYNC_CRYPT static int devId = INVALID_DEVID; @@ -192,10 +194,10 @@ static int IsValidCert(const char* line) } static int execute_test_case(int svr_argc, char** svr_argv, - int cli_argc, char** cli_argv, - int addNoVerify, int addNonBlocking, - int addDisableEMS, int forceSrvDefCipherList, - int forceCliDefCipherList, int testShouldFail) + int cli_argc, char** cli_argv, + int addNoVerify, int addNonBlocking, + int addDisableEMS, int forceSrvDefCipherList, + int forceCliDefCipherList) { #ifdef WOLFSSL_TIRTOS func_args cliArgs = {0}; @@ -219,6 +221,7 @@ static int execute_test_case(int svr_argc, char** svr_argv, #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS) char portNumber[8]; #endif + int cliTestShouldFail = 0, svrTestShouldFail = 0; /* Is Valid Cipher and Version Checks */ /* build command list for the Is checks below */ @@ -296,17 +299,17 @@ static int execute_test_case(int svr_argc, char** svr_argv, } #endif if (forceSrvDefCipherList) { - if (svrArgs.argc >= MAX_ARGS) + if (svrArgs.argc + 2 > MAX_ARGS) printf("cannot add the force def cipher list flag to server\n"); - else + else { + svr_argv[svrArgs.argc++] = intTestFlag; svr_argv[svrArgs.argc++] = forceDefCipherListFlag; + } } #ifdef TEST_PK_PRIVKEY svr_argv[svrArgs.argc++] = (char*)"-P"; #endif - if (testShouldFail) { - svr_argv[svrArgs.argc++] = exitWithRetFlag; - } + /* update server flags list */ commandLine[0] = '\0'; @@ -324,6 +327,11 @@ static int execute_test_case(int svr_argc, char** svr_argv, tests++; /* test count */ + /* determine based on args if this test is expected to fail */ + if (XSTRSTR(commandLine, exitWithRetFlag) != NULL) { + svrTestShouldFail = 1; + } + InitTcpReady(&ready); #ifdef WOLFSSL_TIRTOS @@ -362,17 +370,16 @@ static int execute_test_case(int svr_argc, char** svr_argv, } #endif if (forceCliDefCipherList) { - if (cliArgs.argc >= MAX_ARGS) + if (cliArgs.argc + 2 > MAX_ARGS) printf("cannot add the force def cipher list flag to client\n"); - else + else { + cli_argv[cliArgs.argc++] = intTestFlag; cli_argv[cliArgs.argc++] = forceDefCipherListFlag; + } } #ifdef TEST_PK_PRIVKEY cli_argv[cliArgs.argc++] = (char*)"-P"; #endif - if (testShouldFail) { - cli_argv[cliArgs.argc++] = exitWithRetFlag; - } commandLine[0] = '\0'; added = 0; @@ -387,19 +394,24 @@ static int execute_test_case(int svr_argc, char** svr_argv, } printf("trying client command line[%d]: %s\n", tests, commandLine); + /* determine based on args if this test is expected to fail */ + if (XSTRSTR(commandLine, exitWithRetFlag) != NULL) { + cliTestShouldFail = 1; + } + /* start client */ client_test(&cliArgs); /* verify results */ - if ((cliArgs.return_code != 0 && testShouldFail == 0) || - (cliArgs.return_code == 0 && testShouldFail != 0)) { + if ((cliArgs.return_code != 0 && cliTestShouldFail == 0) || + (cliArgs.return_code == 0 && cliTestShouldFail != 0)) { printf("client_test failed\n"); XEXIT(EXIT_FAILURE); } join_thread(serverThread); - if ((svrArgs.return_code != 0 && testShouldFail == 0) || - (svrArgs.return_code == 0 && testShouldFail != 0)) { + if ((svrArgs.return_code != 0 && svrTestShouldFail == 0) || + (svrArgs.return_code == 0 && svrTestShouldFail != 0)) { printf("server_test failed\n"); XEXIT(EXIT_FAILURE); } @@ -409,8 +421,10 @@ static int execute_test_case(int svr_argc, char** svr_argv, #endif FreeTcpReady(&ready); - /* only run the first test for failure cases */ - if (testShouldFail) { + /* only run the first test for expected failure cases */ + /* the example server/client are not designed to handle expected failure in + all cases, such as non-blocking, etc... */ + if (svrTestShouldFail || cliTestShouldFail) { return NOT_BUILT_IN; } @@ -432,12 +446,15 @@ static void test_harness(void* vargs) char* cursor; char* comment; const char* fname = "tests/test.conf"; - int testShouldFail = 0; + const char* addArgs = NULL; if (args->argc == 1) { printf("notice: using default file %s\n", fname); } - else if(args->argc > 3) { + else if (args->argc == 3) { + addArgs = args->argv[2]; + } + else if (args->argc > 3) { printf("usage: harness [FILE] [ARG]\n"); args->return_code = 1; return; @@ -446,9 +463,6 @@ static void test_harness(void* vargs) if (args->argc >= 2) { fname = args->argv[1]; } - if (args->argc == 3) { - testShouldFail = 1; - } file = fopen(fname, "rb"); if (file == NULL) { @@ -468,7 +482,7 @@ static void test_harness(void* vargs) script = (char*)malloc(sz+1); if (script == 0) { - fprintf(stderr, "unable to allocte script buffer\n"); + fprintf(stderr, "unable to allocate script buffer\n"); fclose(file); args->return_code = 1; return; @@ -501,38 +515,29 @@ static void test_harness(void* vargs) to client mode if we don't have the client command yet */ if (cliMode == 0) cliMode = 1; /* switch to client mode processing */ + /* skip extra newlines */ else do_it = 1; /* Do It, we have server and client */ cursor++; break; case '#': - /* Ignore lines that start with a #. */ + /* Ignore lines that start with a # */ comment = XSTRSEP(&cursor, "\n"); -#ifdef DEBUG_SUITE_TESTS + #ifdef DEBUG_SUITE_TESTS printf("%s\n", comment); -#else + #else (void)comment; -#endif + #endif break; case '-': + default: /* Parameters start with a -. They end in either a newline * or a space. Capture until either, save in Args list. */ if (cliMode) cliArgs[cliArgsSz++] = XSTRSEP(&cursor, " \n"); else svrArgs[svrArgsSz++] = XSTRSEP(&cursor, " \n"); - if (*cursor == 0) /* eof */ - do_it = 1; - break; - default: - /* Anything from cursor until end of line that isn't the above - * is data for a paramter. Just up until the next newline in - * the Args list. */ - if (cliMode) - cliArgs[cliArgsSz++] = XSTRSEP(&cursor, "\n"); - else - svrArgs[svrArgsSz++] = XSTRSEP(&cursor, "\n"); - if (*cursor == 0) /* eof */ + if (*cursor == '\0') /* eof */ do_it = 1; break; } @@ -543,42 +548,48 @@ static void test_harness(void* vargs) } if (do_it) { + /* additional arguments processing */ + if (cliArgsSz+2 < MAX_ARGS && svrArgsSz+2 < MAX_ARGS) { + if (addArgs == NULL || XSTRSTR(addArgs, "doDH") == NULL) { + /* The `-2` disable DH prime check is added to all tests by default */ + cliArgs[cliArgsSz++] = disableDHPrimeTest; + svrArgs[svrArgsSz++] = disableDHPrimeTest; + } + if (addArgs && XSTRSTR(addArgs, "expFail")) { + /* Tests should expect to fail */ + cliArgs[cliArgsSz++] = intTestFlag; + cliArgs[cliArgsSz++] = exitWithRetFlag; + svrArgs[svrArgsSz++] = intTestFlag; + svrArgs[svrArgsSz++] = exitWithRetFlag; + } + } + ret = execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 0, 0, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 0, 0, 0, 0, 0); /* don't repeat if not supported in build */ if (ret == 0) { /* test with default cipher list on server side */ execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 0, 0, 1, 0, - testShouldFail); + cliArgsSz, cliArgs, 0, 0, 0, 1, 0); /* test with default cipher list on client side */ execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 0, 0, 0, 1, - testShouldFail); + cliArgsSz, cliArgs, 0, 0, 0, 0, 1); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 1, 0, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 0, 1, 0, 0, 0); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 1, 0, 0, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 1, 0, 0, 0, 0); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 1, 1, 0, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 1, 1, 0, 0, 0); #ifdef HAVE_EXTENDED_MASTER execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 0, 1, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 0, 0, 1, 0, 0); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 1, 1, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 0, 1, 1, 0, 0); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 1, 0, 1, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 1, 0, 1, 0, 0); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 1, 1, 1, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 1, 1, 1, 0, 0); #endif } svrArgsSz = 1; @@ -593,7 +604,7 @@ static void test_harness(void* vargs) #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */ -int SuiteTest(void) +int SuiteTest(int argc, char** argv) { #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) func_args args; @@ -613,8 +624,6 @@ int SuiteTest(void) byte memory[200000]; #endif - (void)test_harness; - cipherSuiteCtx = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (cipherSuiteCtx == NULL) { printf("can't get cipher suite ctx\n"); @@ -642,6 +651,23 @@ int SuiteTest(void) wolfSSL_CTX_UseAsync(cipherSuiteCtx, devId); #endif /* WOLFSSL_ASYNC_CRYPT */ + /* support for custom command line tests */ + if (argc > 1) { + /* Examples: + ./tests/unit.test tests/test-altchains.conf + ./tests/unit.test tests/test-fails.conf expFail + ./tests/unit.test tests/test-dhprime.conf doDH + */ + args.argc = argc; + args.argv = argv; + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + } + goto exit; + } + /* default case */ args.argc = 1; printf("starting default cipher suite tests\n"); @@ -806,10 +832,56 @@ int SuiteTest(void) #endif #endif +#ifdef WOLFSSL_ALT_CERT_CHAINS + /* tests for alt chains */ + strcpy(argv0[1], "tests/test-altchains.conf"); + printf("starting certificate alternate chain cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#else + /* tests for chains */ + strcpy(argv0[1], "tests/test-chains.conf"); + printf("starting certificate chain cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif + +#ifdef WOLFSSL_TRUST_PEER_CERT + /* tests for trusted peer cert */ + strcpy(argv0[1], "tests/test-trustpeer.conf"); + printf("starting trusted peer certificate cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif + + /* tests for dh prime */ + args.argc = 3; + strcpy(argv0[1], "tests/test-dhprime.conf"); + strcpy(argv0[2], "doDH"); /* add DH prime flag */ + printf("starting tests that expect failure\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + /* failure tests */ args.argc = 3; strcpy(argv0[1], "tests/test-fails.conf"); - strcpy(argv0[2], "-f"); + strcpy(argv0[2], "expFail"); /* tests are expected to fail */ printf("starting tests that expect failure\n"); test_harness(&args); if (args.return_code != 0) { @@ -832,4 +904,6 @@ exit: #else return NOT_COMPILED_IN; #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */ + (void)argc; + (void)argv; } diff --git a/tests/test-altchains.conf b/tests/test-altchains.conf new file mode 100644 index 000000000..cf1ef4a11 --- /dev/null +++ b/tests/test-altchains.conf @@ -0,0 +1,212 @@ +# Tests will use complete chain with intermediate CA for testing +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-ecc.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-ecc.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-ecc.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-ecc.pem + +# Test will load intermediate CA as trusted and only present the peer cert (partial chain) +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem + +# Test will use alternate chain where chain contains extra cert +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-alt-ecc.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-alt-ecc.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-alt-ecc.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-alt-ecc.pem diff --git a/tests/test-chains.conf b/tests/test-chains.conf new file mode 100644 index 000000000..b1f5c1b2f --- /dev/null +++ b/tests/test-chains.conf @@ -0,0 +1,223 @@ +# Tests will use complete chain with intermediate CA for testing +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-ecc.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-ecc.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-ecc.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-ecc.pem + +# Test will load intermediate CA as trusted and only present the peer cert (partial chain) +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem + +# Test will use alternate chain where chain contains extra cert +# These tests should fail +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem +-H exitWithRet + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem +-H exitWithRet + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem +-H exitWithRet + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem +-H exitWithRet + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain Fail +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-alt-ecc.pem +-H exitWithRet + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain Fail +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-alt-ecc.pem +-H exitWithRet + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem +-H exitWithRet + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem +-H exitWithRet + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain Fail +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-alt-ecc.pem +-H exitWithRet + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain Fail +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-alt-ecc.pem +-H exitWithRet diff --git a/tests/test-dhprime.conf b/tests/test-dhprime.conf new file mode 100644 index 000000000..dc180f618 --- /dev/null +++ b/tests/test-dhprime.conf @@ -0,0 +1,25 @@ +# server TLSv1.2 DHE AES128 (DHE prime test) +-v 3 +-l DHE-RSA-AES128-SHA + +# client TLSv1.2 DHE AES128 (DHE prime test) +-v 3 +-l DHE-RSA-AES128-SHA + + # server TLSv1.2 DHE AES256-SHA256 (DHE prime test) +-v 3 +-l DHE-RSA-AES256-SHA256 + +# client TLSv1.2 DHE AES256-SHA256 (DHE prime test) +-v 3 +-l DHE-RSA-AES256-SHA256 + +# server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 (DHE prime test) + -s +-v 3 +-l DHE-PSK-AES128-CBC-SHA256 + +# client TLSv1.2 DHE-PSK-AES128-CBC-SHA256 (DHE prime test) +-s +-v 3 +-l DHE-PSK-AES128-CBC-SHA256 diff --git a/tests/test-dtls.conf b/tests/test-dtls.conf index fed6448ba..1ace19d5f 100644 --- a/tests/test-dtls.conf +++ b/tests/test-dtls.conf @@ -2,25 +2,21 @@ -u -v 3 -l DHE-RSA-CHACHA20-POLY1305 --2 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 -u -v 3 -l DHE-RSA-CHACHA20-POLY1305 --2 # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -u -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -u -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -u @@ -28,80 +24,68 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -u -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -u -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -u -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -u -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -u -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 PSK-CHACHA20-POLY1305 -u -v 3 -s -l PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 PSK-CHACHA20-POLY1305 -u -v 3 -s -l PSK-CHACHA20-POLY1305 --2 # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -u -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD --2 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -u -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD --2 # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -u -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -u -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD -u @@ -109,230 +93,192 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD -u -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1 IDEA-CBC-SHA -u -v 2 -l IDEA-CBC-SHA --2 # client DTLSv1 IDEA-CBC-SHA -u -v 2 -l IDEA-CBC-SHA --2 # server DTLSv1 DES-CBC3-SHA -u -v 2 -l DES-CBC3-SHA --2 # client DTLSv1 DES-CBC3-SHA -u -v 2 -l DES-CBC3-SHA --2 # server DTLSv1.2 DES-CBC3-SHA -u -v 3 -l DES-CBC3-SHA --2 # client DTLSv1.2 DES-CBC3-SHA -u -v 3 -l DES-CBC3-SHA --2 # server DTLSv1 AES128-SHA -u -v 2 -l AES128-SHA --2 # client DTLSv1 AES128-SHA -u -v 2 -l AES128-SHA --2 # server DTLSv1.2 AES128-SHA -u -v 3 -l AES128-SHA --2 # client DTLSv1.2 AES128-SHA -u -v 3 -l AES128-SHA --2 # server DTLSv1 AES256-SHA -u -v 2 -l AES256-SHA --2 # client DTLSv1 AES256-SHA -u -v 2 -l AES256-SHA --2 # server DTLSv1.2 AES256-SHA -u -v 3 -l AES256-SHA --2 # client DTLSv1.2 AES256-SHA -u -v 3 -l AES256-SHA --2 # server DTLSv1 AES128-SHA256 -u -v 2 -l AES128-SHA256 --2 # client DTLSv1 AES128-SHA256 -u -v 2 -l AES128-SHA256 --2 # server DTLSv1.2 AES128-SHA256 -u -v 3 -l AES128-SHA256 --2 # client DTLSv1.2 AES128-SHA256 -u -v 3 -l AES128-SHA256 --2 # server DTLSv1 AES256-SHA256 -u -v 2 -l AES256-SHA256 --2 # client DTLSv1 AES256-SHA256 -u -v 2 -l AES256-SHA256 --2 # server DTLSv1.2 AES256-SHA256 -u -v 3 -l AES256-SHA256 --2 # client DTLSv1.2 AES256-SHA256 -u -v 3 -l AES256-SHA256 --2 # server DTLSv1.1 ECDHE-RSA-DES3 -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA --2 # client DTLSv1.1 ECDHE-RSA-DES3 -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA --2 # server DTLSv1.1 ECDHE-RSA-AES128 -u -v 2 -l ECDHE-RSA-AES128-SHA --2 # client DTLSv1.1 ECDHE-RSA-AES128 -u -v 2 -l ECDHE-RSA-AES128-SHA --2 # server DTLSv1.1 ECDHE-RSA-AES256 -u -v 2 -l ECDHE-RSA-AES256-SHA --2 # client DTLSv1.1 ECDHE-RSA-AES256 -u -v 2 -l ECDHE-RSA-AES256-SHA --2 # server DTLSv1.2 ECDHE-RSA-DES3 -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA --2 # client DTLSv1.2 ECDHE-RSA-DES3 -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA --2 # server DTLSv1.2 ECDHE-RSA-AES128 -u -v 3 -l ECDHE-RSA-AES128-SHA --2 # client DTLSv1.2 ECDHE-RSA-AES128 -u -v 3 -l ECDHE-RSA-AES128-SHA --2 # server DTLSv1.2 ECDHE-RSA-AES128-SHA256 -u -v 3 -l ECDHE-RSA-AES128-SHA256 --2 # client DTLSv1.2 ECDHE-RSA-AES128-SHA256 -u -v 3 -l ECDHE-RSA-AES128-SHA256 --2 # server DTLSv1.2 ECDHE-RSA-AES256 -u -v 3 -l ECDHE-RSA-AES256-SHA --2 # client DTLSv1.2 ECDHE-RSA-AES256 -u -v 3 -l ECDHE-RSA-AES256-SHA --2 # server TLSv1 ECDHE-ECDSA-NULL-SHA -u @@ -340,14 +286,12 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -u -v 1 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-NULL-SHA -u @@ -355,14 +299,12 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -u -v 2 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-NULL-SHA -u @@ -370,14 +312,12 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-NULL-SHA -u -v 3 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-ECDSA-DES3 -u @@ -385,14 +325,12 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-DES3 -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-ECDSA-AES128 -u @@ -400,14 +338,12 @@ -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-AES128 -u -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-ECDSA-AES256 -u @@ -415,14 +351,12 @@ -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-AES256 -u -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-DES3 -u @@ -430,14 +364,12 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-DES3 -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES128 -u @@ -445,14 +377,12 @@ -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128 -u -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 -u @@ -460,14 +390,12 @@ -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES256 -u @@ -475,14 +403,12 @@ -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256 -u -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-RSA-DES3 -u @@ -490,13 +416,11 @@ -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-DES3 -u -v 2 -l ECDH-RSA-DES-CBC3-SHA --2 # server DTLSv1.1 ECDH-RSA-AES128 -u @@ -504,13 +428,11 @@ -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-AES128 -u -v 2 -l ECDH-RSA-AES128-SHA --2 # server DTLSv1.1 ECDH-RSA-AES256 -u @@ -518,13 +440,11 @@ -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-AES256 -u -v 2 -l ECDH-RSA-AES256-SHA --2 # server DTLSv1.2 ECDH-RSA-DES3 -u @@ -532,13 +452,11 @@ -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-DES3 -u -v 3 -l ECDH-RSA-DES-CBC3-SHA --2 # server DTLSv1.2 ECDH-RSA-AES128 -u @@ -546,13 +464,11 @@ -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES128 -u -v 3 -l ECDH-RSA-AES128-SHA --2 # server DTLSv1.2 ECDH-RSA-AES128-SHA256 -u @@ -560,13 +476,11 @@ -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES128-SHA256 -u -v 3 -l ECDH-RSA-AES128-SHA256 --2 # server DTLSv1.2 ECDH-RSA-AES256 -u @@ -574,13 +488,11 @@ -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES256 -u -v 3 -l ECDH-RSA-AES256-SHA --2 # server DTLSv1.1 ECDH-ECDSA-DES3 -u @@ -588,14 +500,12 @@ -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-DES3 -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-ECDSA-AES128 -u @@ -603,14 +513,12 @@ -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-AES128 -u -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-ECDSA-AES256 -u @@ -618,14 +526,12 @@ -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-AES256 -u -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-DES3 -u @@ -633,14 +539,12 @@ -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-DES3 -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES128 -u @@ -648,14 +552,12 @@ -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES128 -u -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES128-SHA256 -u @@ -663,14 +565,12 @@ -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES128-SHA256 -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES256 -u @@ -678,26 +578,22 @@ -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES256 -u -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-RSA-AES256-SHA384 -u -v 3 -l ECDHE-RSA-AES256-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-SHA384 -u -v 3 -l ECDHE-RSA-AES256-SHA384 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 -u @@ -705,14 +601,12 @@ -l ECDHE-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 -u -v 3 -l ECDHE-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-RSA-AES256-SHA384 -u @@ -720,13 +614,11 @@ -l ECDH-RSA-AES256-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES256-SHA384 -u -v 3 -l ECDH-RSA-AES256-SHA384 --2 # server DTLSv1.2 ECDH-ECDSA-AES256-SHA384 -u @@ -734,182 +626,156 @@ -l ECDH-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES256-SHA384 -u -v 3 -l ECDH-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-PSK-AES128-SHA256 -s -u -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1 ECDHE-PSK-AES128-SHA256 -s -u -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -u -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -u -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -u -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -u -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1 ECDHE-PSK-NULL-SHA256 -s -u -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1 ECDHE-PSK-NULL-SHA256 -s -u -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -u -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -u -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -u -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -u -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # server DTLSv1 PSK-AES128 -s -u -v 2 -l PSK-AES128-CBC-SHA --2 # client DTLSv1 PSK-AES128 -s -u -v 2 -l PSK-AES128-CBC-SHA --2 # server DTLSv1 PSK-AES256 -s -u -v 2 -l PSK-AES256-CBC-SHA --2 # client DTLSv1 PSK-AES256 -s -u -v 2 -l PSK-AES256-CBC-SHA --2 # server DTLSv1.2 PSK-AES128 -s -u -v 3 -l PSK-AES128-CBC-SHA --2 # client DTLSv1.2 PSK-AES128 -s -u -v 3 -l PSK-AES128-CBC-SHA --2 # server DTLSv1.2 PSK-AES256 -s -u -v 3 -l PSK-AES256-CBC-SHA --2 # client DTLSv1.2 PSK-AES256 -s -u -v 3 -l PSK-AES256-CBC-SHA --2 # server DTLSv1.2 PSK-AES128-SHA256 -s -u -v 3 -l PSK-AES128-CBC-SHA256 --2 # client DTLSv1.2 PSK-AES128-SHA256 -s -u -v 3 -l PSK-AES128-CBC-SHA256 --2 # server DTLSv1.2 PSK-AES256-SHA384 -s -u -v 3 -l PSK-AES256-CBC-SHA384 --2 # client DTLSv1.2 PSK-AES256-SHA384 -s -u -v 3 -l PSK-AES256-CBC-SHA384 --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -u @@ -917,14 +783,12 @@ -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -u -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -932,14 +796,12 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -u @@ -947,14 +809,12 @@ -l ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -u -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -u @@ -962,38 +822,32 @@ -l ECDH-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -u -v 3 -l ECDH-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -u -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -u -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -u @@ -1001,13 +855,11 @@ -l ECDH-RSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -u -v 3 -l ECDH-RSA-AES128-GCM-SHA256 --2 # server DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -u @@ -1015,41 +867,35 @@ -l ECDH-RSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDH-RSA-AES256-GCM-SHA384 --2 # server DTLSv1.2 PSK-AES128-GCM-SHA256 -u -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # client DTLSv1.2 PSK-AES128-GCM-SHA256 -u -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # server DTLSv1.2 PSK-AES256-GCM-SHA384 -u -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # client DTLSv1.2 PSK-AES256-GCM-SHA384 -u -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-CCM -u @@ -1057,14 +903,12 @@ -l ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-CCM -u -v 3 -l ECDHE-ECDSA-AES128-CCM -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -u @@ -1072,14 +916,12 @@ -l ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -u -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -u @@ -1087,39 +929,33 @@ -l ECDHE-ECDSA-AES256-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -u -v 3 -l ECDHE-ECDSA-AES256-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ADH-AES128-SHA -u -a -v 3 -l ADH-AES128-SHA --2 # client DTLSv1.2 ADH-AES128-SHA -u -a -v 3 -l ADH-AES128-SHA --2 # server DTLSv1.0 ADH-AES128-SHA -u -a -v 2 -l ADH-AES128-SHA --2 # client DTLSv1.0 ADH-AES128-SHA -u -a -v 2 -l ADH-AES128-SHA --2 diff --git a/tests/test-ed25519.conf b/tests/test-ed25519.conf index 8c73e2e22..e13c67b18 100644 --- a/tests/test-ed25519.conf +++ b/tests/test-ed25519.conf @@ -3,14 +3,12 @@ -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ed25519/root-ed25519.pem -C --2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 @@ -20,7 +18,6 @@ -A ./certs/ed25519/client-ed25519.pem -V # Remove -V when CRL for ED25519 certificates available. --2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 @@ -29,21 +26,18 @@ -k ./certs/ed25519/client-ed25519-key.pem -A ./certs/ed25519/root-ed25519.pem -C --2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-key.pem --2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -A ./certs/ed25519/root-ed25519.pem -C --2 # Enable when CRL for ED25519 certificates available. # server TLSv1.3 TLS13-AES128-GCM-SHA256 @@ -54,7 +48,6 @@ -A ./certs/ed25519/client-ed25519.pem -V # Remove -V when CRL for ED25519 certificates available. --2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 @@ -63,5 +56,4 @@ -k ./certs/ed25519/client-ed25519-key.pem -A ./certs/ed25519/root-ed25519.pem -C --2 diff --git a/tests/test-enckeys.conf b/tests/test-enckeys.conf index 929dca03b..9e371c239 100644 --- a/tests/test-enckeys.conf +++ b/tests/test-enckeys.conf @@ -1,52 +1,42 @@ # server RSA encrypted key -v 3 -k ./certs/server-keyEnc.pem --2 # client RSA encrypted key -v 3 -k ./certs/client-keyEnc.pem --2 # server RSA encrypted key PKCS8 -v 3 -k ./certs/server-keyPkcs8Enc.pem --2 # client RSA encrypted key -v 3 -k ./certs/client-keyEnc.pem --2 # server RSA encrypted key PKCS8 2 -v 3 -k ./certs/server-keyPkcs8Enc2.pem --2 # client RSA encrypted key -v 3 -k ./certs/client-keyEnc.pem --2 # server RSA encrypted key PKCS8 12 -v 3 -k ./certs/server-keyPkcs8Enc12.pem --2 # client RSA encrypted key -v 3 -k ./certs/client-keyEnc.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 PKCS8 encrypted key -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-keyPkcs8Enc.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 diff --git a/tests/test-fails.conf b/tests/test-fails.conf index 223b163bf..d976b307b 100644 --- a/tests/test-fails.conf +++ b/tests/test-fails.conf @@ -5,7 +5,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-badcnnull.pem -d --2 # client bad certificate common name has null -v 3 @@ -14,7 +13,6 @@ -A ./certs/test/server-badcnnull.pem -m -x --2 # server bad certificate alternate name has null -v 3 @@ -22,7 +20,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-badaltnull.pem -d --2 # client bad certificate alternate name has null -v 3 @@ -31,7 +28,6 @@ -A ./certs/test/server-badaltnull.pem -m -x --2 # server nomatch common name -v 3 @@ -39,7 +35,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-badcn.pem -d --2 # client nomatch common name -v 3 @@ -48,7 +43,6 @@ -A ./certs/test/server-badcn.pem -m -x --2 # server nomatch alternate name -v 3 @@ -56,7 +50,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-badaltname.pem -d --2 # client nomatch alternate name -v 3 @@ -65,57 +58,47 @@ -A ./certs/test/server-badaltname.pem -m -x --2 # server RSA no signer error -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # client RSA no signer error -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -A ./certs/client-cert.pem --2 # server ECC no signer error -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 --2 # client ECC no signer error -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/client-ecc-cert.pem --2 # server RSA bad sig error -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-rsa-badsig.pem --2 # client RSA bad sig error -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # server ECC bad sig error -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-ecc-badsig.pem --2 # client ECC bad sig error -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 --2 # server missing CN from alternate names list -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-garbage.pem --2 # client missing CN from alternate names list -v 3 @@ -123,53 +106,44 @@ -h localhost -A ./certs/test/server-garbage.pem -m --2 # Verify Callback Failure Tests # no error going into callback, return error # server -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # client verify should fail -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -H verifyFail --2 # server verify should fail -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -H verifyFail --2 # client -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # server -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 --2 # client verify should fail -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -H verifyFail --2 # server verify should fail -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -H verifyFail --2 # client -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 --2 # error going into callback, return error # server @@ -177,23 +151,19 @@ -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-rsa-badsig.pem -k ./certs/server-key.pem --2 # client verify should fail -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -H verifyFail --2 # server -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-ecc-badsig.pem -k ./certs/ecc-key.pem --2 # client verify should fail -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -H verifyFail --2 diff --git a/tests/test-maxfrag-dtls.conf b/tests/test-maxfrag-dtls.conf index 988ad4d7d..67aef1776 100644 --- a/tests/test-maxfrag-dtls.conf +++ b/tests/test-maxfrag-dtls.conf @@ -4,7 +4,6 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -12,33 +11,28 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 1 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 1 --2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 1 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -46,7 +40,6 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -54,33 +47,28 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 2 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 2 --2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 2 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -88,7 +76,6 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -96,33 +83,28 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 3 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 3 --2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 3 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -130,7 +112,6 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -138,33 +119,28 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 4 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 4 --2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 4 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -172,7 +148,6 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -180,33 +155,28 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 5 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 5 --2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 5 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -214,7 +184,6 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -222,30 +191,25 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 6 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 6 --2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 6 --2 diff --git a/tests/test-maxfrag.conf b/tests/test-maxfrag.conf index ac109a28b..2ca6cc8dd 100644 --- a/tests/test-maxfrag.conf +++ b/tests/test-maxfrag.conf @@ -3,213 +3,177 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 1 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 1 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 1 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 2 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 2 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 2 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 3 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 3 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 3 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 4 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 4 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 4 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 5 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 5 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 5 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 6 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 6 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 6 --2 diff --git a/tests/test-psk-no-id.conf b/tests/test-psk-no-id.conf index bc36456de..d6247b1e4 100644 --- a/tests/test-psk-no-id.conf +++ b/tests/test-psk-no-id.conf @@ -3,311 +3,263 @@ -I -v 3 -l PSK-CHACHA20-POLY1305 --2 # No Hint client TLSv1.2 PSK-CHACHA20-POLY1305 -s -v 3 -l PSK-CHACHA20-POLY1305 --2 # No Hint server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -s -I -v 3 -l DHE-PSK-CHACHA20-POLY1305 --2 # No Hint client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -s -v 3 -l DHE-PSK-CHACHA20-POLY1305 --2 # No Hint server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -s -I -v 3 -l ECDHE-PSK-CHACHA20-POLY1305 --2 # No Hint client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -s -v 3 -l ECDHE-PSK-CHACHA20-POLY1305 --2 # No Hint server TLSv1 ECDHE-PSK-AES128-SHA256 -s -I -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # No Hint client TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # No Hint server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -I -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # No Hint client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # No Hint server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -I -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # No Hint client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # No Hint server TLSv1 ECDHE-PSK-NULL-SHA256 -s -I -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # No Hint client TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # No Hint server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -I -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # No Hint client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # No Hint server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -I -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # No Hint client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # No Hint server TLSv1 PSK-AES128 -s -I -v 1 -l PSK-AES128-CBC-SHA --2 # No Hint client TLSv1 PSK-AES128 -s -v 1 -l PSK-AES128-CBC-SHA --2 # No Hint server TLSv1 PSK-AES256 -s -I -v 1 -l PSK-AES256-CBC-SHA --2 # No Hint client TLSv1 PSK-AES256 -s -v 1 -l PSK-AES256-CBC-SHA --2 # No Hint server TLSv1.1 PSK-AES128 -s -I -v 2 -l PSK-AES128-CBC-SHA --2 # No Hint client TLSv1.1 PSK-AES128 -s -v 2 -l PSK-AES128-CBC-SHA --2 # No Hint server TLSv1.1 PSK-AES256 -s -I -v 2 -l PSK-AES256-CBC-SHA --2 # No Hint client TLSv1.1 PSK-AES256 -s -v 2 -l PSK-AES256-CBC-SHA --2 # No Hint server TLSv1.2 PSK-AES128 -s -I -v 3 -l PSK-AES128-CBC-SHA --2 # No Hint client TLSv1.2 PSK-AES128 -s -v 3 -l PSK-AES128-CBC-SHA --2 # No Hint server TLSv1.2 PSK-AES256 -s -I -v 3 -l PSK-AES256-CBC-SHA --2 # No Hint client TLSv1.2 PSK-AES256 -s -v 3 -l PSK-AES256-CBC-SHA --2 # No Hint server TLSv1.0 PSK-AES128-SHA256 -s -I -v 1 -l PSK-AES128-CBC-SHA256 --2 # No Hint client TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l PSK-AES128-CBC-SHA256 --2 # No Hint server TLSv1.1 PSK-AES128-SHA256 -s -I -v 2 -l PSK-AES128-CBC-SHA256 --2 # No Hint client TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l PSK-AES128-CBC-SHA256 --2 # No Hint server TLSv1.2 PSK-AES128-SHA256 -s -I -v 3 -l PSK-AES128-CBC-SHA256 --2 # No Hint client TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l PSK-AES128-CBC-SHA256 --2 # No Hint server TLSv1.0 PSK-AES256-SHA384 -s -I -v 1 -l PSK-AES256-CBC-SHA384 --2 # No Hint client TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l PSK-AES256-CBC-SHA384 --2 # No Hint server TLSv1.1 PSK-AES256-SHA384 -s -I -v 2 -l PSK-AES256-CBC-SHA384 --2 # No Hint client TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l PSK-AES256-CBC-SHA384 --2 # No Hint server TLSv1.2 PSK-AES256-SHA384 -s -I -v 3 -l PSK-AES256-CBC-SHA384 --2 # No Hint client TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l PSK-AES256-CBC-SHA384 --2 # server TLSv1.2 PSK-AES128-GCM-SHA256 -s -I -v 3 -l PSK-AES128-GCM-SHA256 --2 # client TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # server TLSv1.2 PSK-AES256-GCM-SHA384 -s -I -v 3 -l PSK-AES256-GCM-SHA384 --2 # client TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # server TLSv1.3 AES128-GCM-SHA256 -s -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 AES128-GCM-SHA256 -s -v 4 -l TLS13-AES128-GCM-SHA256 --2 # server TLSv1.3 accepting EarlyData using PSK -v 4 @@ -315,7 +267,6 @@ -r -s -0 --2 # client TLSv1.3 sending EarlyData using PSK -v 4 @@ -323,14 +274,12 @@ -r -s -0 --2 # server TLSv1.3 not accepting EarlyData using PSK -v 4 -l TLS13-AES128-GCM-SHA256 -r -s --2 # client TLSv1.3 sending EarlyData using PSK -v 4 @@ -338,7 +287,6 @@ -r -s -0 --2 # server TLSv1.3 accepting EarlyData using PSK -v 4 @@ -346,11 +294,9 @@ -r -s -0 --2 # client TLSv1.3 not sending EarlyData using PSK -v 4 -l TLS13-AES128-GCM-SHA256 -r -s --2 diff --git a/tests/test-psk.conf b/tests/test-psk.conf index e726ac9cf..f4f11b298 100644 --- a/tests/test-psk.conf +++ b/tests/test-psk.conf @@ -1,9 +1,7 @@ # server - PSK plus certificates -j -l PSK-CHACHA20-POLY1305 --2 # client- standard PSK -s -l PSK-CHACHA20-POLY1305 --2 diff --git a/tests/test-qsh.conf b/tests/test-qsh.conf index 9704987db..357467465 100644 --- a/tests/test-qsh.conf +++ b/tests/test-qsh.conf @@ -2,2479 +2,2035 @@ -v 3 -s -l QSH:DHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:DHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:ECDHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:ECDHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:DHE-RSA-CHACHA20-POLY1305-OLD --2 # client TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:DHE-RSA-CHACHA20-POLY1305-OLD --2 # server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:ECDHE-ECDSA-CHACHA20-POLY1305-OLD -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:ECDHE-ECDSA-CHACHA20-POLY1305-OLD -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305 -v 3 -l QSH:DHE-RSA-CHACHA20-POLY1305 --2 # client TLSv1.2 DHE-RSA-CHACHA20-POLY1305 -v 3 -l QSH:DHE-RSA-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -v 3 -l QSH:ECDHE-RSA-CHACHA20-POLY1305 --2 # client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -v 3 -l QSH:ECDHE-RSA-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -v 3 -l QSH:ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -v 3 -l QSH:ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem --2 # server SSLv3 RC4-SHA -v 0 -l QSH:RC4-SHA --2 # client SSLv3 RC4-SHA -v 0 -l QSH:RC4-SHA --2 # server SSLv3 RC4-MD5 -v 0 -l QSH:RC4-MD5 --2 # client SSLv3 RC4-MD5 -v 0 -l QSH:RC4-MD5 --2 # server SSLv3 DES-CBC3-SHA -v 0 -l QSH:DES-CBC3-SHA --2 # client SSLv3 DES-CBC3-SHA -v 0 -l QSH:DES-CBC3-SHA --2 # server SSLv3 IDEA-CBC-SHA -v 0 -l QSH:IDEA-CBC-SHA --2 # client SSLv3 IDEA-CBC-SHA -v 0 -l QSH:IDEA-CBC-SHA --2 # server TLSv1 RC4-SHA -v 1 -l QSH:RC4-SHA --2 # client TLSv1 RC4-SHA -v 1 -l QSH:RC4-SHA --2 # server TLSv1 RC4-MD5 -v 1 -l QSH:RC4-MD5 --2 # client TLSv1 RC4-MD5 -v 1 -l QSH:RC4-MD5 --2 # server TLSv1 DES-CBC3-SHA -v 1 -l QSH:DES-CBC3-SHA --2 # client TLSv1 DES-CBC3-SHA -v 1 -l QSH:DES-CBC3-SHA --2 # server TLSv1 IDEA-CBC-SHA -v 1 -l QSH:IDEA-CBC-SHA --2 # client TLSv1 IDEA-CBC-SHA -v 1 -l QSH:IDEA-CBC-SHA --2 # server TLSv1 AES128-SHA -v 1 -l QSH:AES128-SHA --2 # client TLSv1 AES128-SHA -v 1 -l QSH:AES128-SHA --2 # server TLSv1 AES256-SHA -v 1 -l QSH:AES256-SHA --2 # client TLSv1 AES256-SHA -v 1 -l QSH:AES256-SHA --2 # server TLSv1 AES128-SHA256 -v 1 -l QSH:AES128-SHA256 --2 # client TLSv1 AES128-SHA256 -v 1 -l QSH:AES128-SHA256 --2 # server TLSv1 AES256-SHA256 -v 1 -l QSH:AES256-SHA256 --2 # client TLSv1 AES256-SHA256 -v 1 -l QSH:AES256-SHA256 --2 # server TLSv1.1 RC4-SHA -v 2 -l QSH:RC4-SHA --2 # client TLSv1.1 RC4-SHA -v 2 -l QSH:RC4-SHA --2 # server TLSv1.1 RC4-MD5 -v 2 -l QSH:RC4-MD5 --2 # client TLSv1.1 RC4-MD5 -v 2 -l QSH:RC4-MD5 --2 # server TLSv1.1 IDEA-CBC-SHA -v 2 -l QSH:IDEA-CBC-SHA --2 # client TLSv1.1 IDEA-CBC-SHA -v 2 -l QSH:IDEA-CBC-SHA --2 # server TLSv1.1 DES-CBC3-SHA -v 2 -l QSH:DES-CBC3-SHA --2 # client TLSv1.1 DES-CBC3-SHA -v 2 -l QSH:DES-CBC3-SHA --2 # server TLSv1.1 AES128-SHA -v 2 -l QSH:AES128-SHA --2 # client TLSv1.1 AES128-SHA -v 2 -l QSH:AES128-SHA --2 # server TLSv1.1 AES256-SHA -v 2 -l QSH:AES256-SHA --2 # client TLSv1.1 AES256-SHA -v 2 -l QSH:AES256-SHA --2 # server TLSv1.1 AES128-SHA256 -v 2 -l QSH:AES128-SHA256 --2 # client TLSv1.1 AES128-SHA256 -v 2 -l QSH:AES128-SHA256 --2 # server TLSv1.1 AES256-SHA256 -v 2 -l QSH:AES256-SHA256 --2 # client TLSv1.1 AES256-SHA256 -v 2 -l QSH:AES256-SHA256 --2 # server TLSv1.2 RC4-SHA -v 3 -l QSH:RC4-SHA --2 # client TLSv1.2 RC4-SHA -v 3 -l QSH:RC4-SHA --2 # server TLSv1.2 RC4-MD5 -v 3 -l QSH:RC4-MD5 --2 # client TLSv1.2 RC4-MD5 -v 3 -l QSH:RC4-MD5 --2 # server TLSv1.2 DES-CBC3-SHA -v 3 -l QSH:DES-CBC3-SHA --2 # client TLSv1.2 DES-CBC3-SHA -v 3 -l QSH:DES-CBC3-SHA --2 # server TLSv1.2 AES128-SHA -v 3 -l QSH:AES128-SHA --2 # client TLSv1.2 AES128-SHA -v 3 -l QSH:AES128-SHA --2 # server TLSv1.2 AES256-SHA -v 3 -l QSH:AES256-SHA --2 # client TLSv1.2 AES256-SHA -v 3 -l QSH:AES256-SHA --2 # server TLSv1.2 AES128-SHA256 -v 3 -l QSH:AES128-SHA256 --2 # client TLSv1.2 AES128-SHA256 -v 3 -l QSH:AES128-SHA256 --2 # server TLSv1.2 AES256-SHA256 -v 3 -l QSH:AES256-SHA256 --2 # client TLSv1.2 AES256-SHA256 -v 3 -l QSH:AES256-SHA256 --2 # server TLSv1 ECDHE-RSA-RC4 -v 1 -l QSH:ECDHE-RSA-RC4-SHA --2 # client TLSv1 ECDHE-RSA-RC4 -v 1 -l QSH:ECDHE-RSA-RC4-SHA --2 # server TLSv1 ECDHE-RSA-DES3 -v 1 -l QSH:ECDHE-RSA-DES-CBC3-SHA --2 # client TLSv1 ECDHE-RSA-DES3 -v 1 -l QSH:ECDHE-RSA-DES-CBC3-SHA --2 # server TLSv1 ECDHE-RSA-AES128 -v 1 -l QSH:ECDHE-RSA-AES128-SHA --2 # client TLSv1 ECDHE-RSA-AES128 -v 1 -l QSH:ECDHE-RSA-AES128-SHA --2 # server TLSv1 ECDHE-RSA-AES256 -v 1 -l QSH:ECDHE-RSA-AES256-SHA --2 # client TLSv1 ECDHE-RSA-AES256 -v 1 -l QSH:ECDHE-RSA-AES256-SHA --2 # server TLSv1 ECDHE-ECDSA-NULL-SHA -v 1 -l QSH:ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -v 1 -l QSH:ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-NULL-SHA -v 2 -l QSH:ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -v 2 -l QSH:ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-NULL-SHA -v 3 -l QSH:ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-NULL-SHA -v 3 -l QSH:ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-RSA-RC4 -v 2 -l QSH:ECDHE-RSA-RC4-SHA --2 # client TLSv1.1 ECDHE-RSA-RC4 -v 2 -l QSH:ECDHE-RSA-RC4-SHA --2 # server TLSv1.1 ECDHE-RSA-DES3 -v 2 -l QSH:ECDHE-RSA-DES-CBC3-SHA --2 # client TLSv1.1 ECDHE-RSA-DES3 -v 2 -l QSH:ECDHE-RSA-DES-CBC3-SHA --2 # server TLSv1.1 ECDHE-RSA-AES128 -v 2 -l QSH:ECDHE-RSA-AES128-SHA --2 # client TLSv1.1 ECDHE-RSA-AES128 -v 2 -l QSH:ECDHE-RSA-AES128-SHA --2 # server TLSv1.1 ECDHE-RSA-AES256 -v 2 -l QSH:ECDHE-RSA-AES256-SHA --2 # client TLSv1.1 ECDHE-RSA-AES256 -v 2 -l QSH:ECDHE-RSA-AES256-SHA --2 # server TLSv1.2 ECDHE-RSA-RC4 -v 3 -l QSH:ECDHE-RSA-RC4-SHA --2 # client TLSv1.2 ECDHE-RSA-RC4 -v 3 -l QSH:ECDHE-RSA-RC4-SHA --2 # server TLSv1.2 ECDHE-RSA-DES3 -v 3 -l QSH:ECDHE-RSA-DES-CBC3-SHA --2 # client TLSv1.2 ECDHE-RSA-DES3 -v 3 -l QSH:ECDHE-RSA-DES-CBC3-SHA --2 # server TLSv1.2 ECDHE-RSA-AES128 -v 3 -l QSH:ECDHE-RSA-AES128-SHA --2 # client TLSv1.2 ECDHE-RSA-AES128 -v 3 -l QSH:ECDHE-RSA-AES128-SHA --2 # server TLSv1.2 ECDHE-RSA-AES128-SHA256 -v 3 -l QSH:ECDHE-RSA-AES128-SHA256 --2 # client TLSv1.2 ECDHE-RSA-AES128-SHA256 -v 3 -l QSH:ECDHE-RSA-AES128-SHA256 --2 # server TLSv1.2 ECDHE-RSA-AES256 -v 3 -l QSH:ECDHE-RSA-AES256-SHA --2 # client TLSv1.2 ECDHE-RSA-AES256 -v 3 -l QSH:ECDHE-RSA-AES256-SHA --2 # server TLSv1 ECDHE-ECDSA-RC4 -v 1 -l QSH:ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-RC4 -v 1 -l QSH:ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-DES3 -v 1 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-DES3 -v 1 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES128 -v 1 -l QSH:ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES128 -v 1 -l QSH:ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES256 -v 1 -l QSH:ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES256 -v 1 -l QSH:ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-EDCSA-RC4 -v 2 -l QSH:ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-RC4 -v 2 -l QSH:ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l QSH:ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l QSH:ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l QSH:ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l QSH:ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l QSH:ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l QSH:ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l QSH:ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l QSH:ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l QSH:ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l QSH:ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l QSH:ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l QSH:ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-RSA-RC4 -v 1 -l QSH:ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-RC4 -v 1 -l QSH:ECDH-RSA-RC4-SHA --2 # server TLSv1 ECDH-RSA-DES3 -v 1 -l QSH:ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-DES3 -v 1 -l QSH:ECDH-RSA-DES-CBC3-SHA --2 # server TLSv1 ECDH-RSA-AES128 -v 1 -l QSH:ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-AES128 -v 1 -l QSH:ECDH-RSA-AES128-SHA --2 # server TLSv1 ECDH-RSA-AES256 -v 1 -l QSH:ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-AES256 -v 1 -l QSH:ECDH-RSA-AES256-SHA --2 # server TLSv1.1 ECDH-RSA-RC4 -v 2 -l QSH:ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-RC4 -v 2 -l QSH:ECDH-RSA-RC4-SHA --2 # server TLSv1.1 ECDH-RSA-DES3 -v 2 -l QSH:ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-DES3 -v 2 -l QSH:ECDH-RSA-DES-CBC3-SHA --2 # server TLSv1.1 ECDH-RSA-AES128 -v 2 -l QSH:ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-AES128 -v 2 -l QSH:ECDH-RSA-AES128-SHA --2 # server TLSv1.1 ECDH-RSA-AES256 -v 2 -l QSH:ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-AES256 -v 2 -l QSH:ECDH-RSA-AES256-SHA --2 # server TLSv1.2 ECDH-RSA-RC4 -v 3 -l QSH:ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-RC4 -v 3 -l QSH:ECDH-RSA-RC4-SHA --2 # server TLSv1.2 ECDH-RSA-DES3 -v 3 -l QSH:ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-DES3 -v 3 -l QSH:ECDH-RSA-DES-CBC3-SHA --2 # server TLSv1.2 ECDH-RSA-AES128 -v 3 -l QSH:ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES128 -v 3 -l QSH:ECDH-RSA-AES128-SHA --2 # server TLSv1.2 ECDH-RSA-AES128-SHA256 -v 3 -l QSH:ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES128-SHA256 -v 3 -l QSH:ECDH-RSA-AES128-SHA256 --2 # server TLSv1.2 ECDH-RSA-AES256 -v 3 -l QSH:ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES256 -v 3 -l QSH:ECDH-RSA-AES256-SHA --2 # server TLSv1 ECDH-ECDSA-RC4 -v 1 -l QSH:ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-RC4 -v 1 -l QSH:ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-ECDSA-DES3 -v 1 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-DES3 -v 1 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-ECDSA-AES128 -v 1 -l QSH:ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-AES128 -v 1 -l QSH:ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-ECDSA-AES256 -v 1 -l QSH:ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-AES256 -v 1 -l QSH:ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-EDCSA-RC4 -v 2 -l QSH:ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-RC4 -v 2 -l QSH:ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-ECDSA-DES3 -v 2 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-DES3 -v 2 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-ECDSA-AES128 -v 2 -l QSH:ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-AES128 -v 2 -l QSH:ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-ECDSA-AES256 -v 2 -l QSH:ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-AES256 -v 2 -l QSH:ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l QSH:ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-RC4 -v 3 -l QSH:ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-DES3 -v 3 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-DES3 -v 3 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128 -v 3 -l QSH:ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128 -v 3 -l QSH:ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l QSH:ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l QSH:ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l QSH:ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l QSH:ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-RSA-AES256-SHA384 -v 3 -l QSH:ECDHE-RSA-AES256-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-SHA384 -v 3 -l QSH:ECDHE-RSA-AES256-SHA384 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-SHA384 -v 3 -l QSH:ECDHE-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-SHA384 -v 3 -l QSH:ECDHE-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-RSA-AES256-SHA384 -v 3 -l QSH:ECDH-RSA-AES256-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES256-SHA384 -v 3 -l QSH:ECDH-RSA-AES256-SHA384 --2 # server TLSv1.2 ECDH-ECDSA-AES256-SHA384 -v 3 -l QSH:ECDH-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256-SHA384 -v 3 -l QSH:ECDH-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 HC128-SHA -v 1 -l QSH:HC128-SHA --2 # client TLSv1 HC128-SHA -v 1 -l QSH:HC128-SHA --2 # server TLSv1 HC128-MD5 -v 1 -l QSH:HC128-MD5 --2 # client TLSv1 HC128-MD5 -v 1 -l QSH:HC128-MD5 --2 # server TLSv1 HC128-B2B256 -v 1 -l QSH:HC128-B2B256 --2 # client TLSv1 HC128-B2B256 -v 1 -l QSH:HC128-B2B256 --2 # server TLSv1 AES128-B2B256 -v 1 -l QSH:AES128-B2B256 --2 # client TLSv1 AES128-B2B256 -v 1 -l QSH:AES128-B2B256 --2 # server TLSv1 AES256-B2B256 -v 1 -l QSH:AES256-B2B256 --2 # client TLSv1 AES256-B2B256 -v 1 -l QSH:AES256-B2B256 --2 # server TLSv1.1 HC128-SHA -v 2 -l QSH:HC128-SHA --2 # client TLSv1.1 HC128-SHA -v 2 -l QSH:HC128-SHA --2 # server TLSv1.1 HC128-MD5 -v 2 -l QSH:HC128-MD5 --2 # client TLSv1.1 HC128-MD5 -v 2 -l QSH:HC128-MD5 --2 # server TLSv1.1 HC128-B2B256 -v 2 -l QSH:HC128-B2B256 --2 # client TLSv1.1 HC128-B2B256 -v 2 -l QSH:HC128-B2B256 --2 # server TLSv1.1 AES128-B2B256 -v 2 -l QSH:AES128-B2B256 --2 # client TLSv1.1 AES128-B2B256 -v 2 -l QSH:AES128-B2B256 --2 # server TLSv1.1 AES256-B2B256 -v 2 -l QSH:AES256-B2B256 --2 # client TLSv1.1 AES256-B2B256 -v 2 -l QSH:AES256-B2B256 --2 # server TLSv1.2 HC128-SHA -v 3 -l QSH:HC128-SHA --2 # client TLSv1.2 HC128-SHA -v 3 -l QSH:HC128-SHA --2 # server TLSv1.2 HC128-MD5 -v 3 -l QSH:HC128-MD5 --2 # client TLSv1.2 HC128-MD5 -v 3 -l QSH:HC128-MD5 --2 # server TLSv1.2 HC128-B2B256 -v 3 -l QSH:HC128-B2B256 --2 # client TLSv1.2 HC128-B2B256 -v 3 -l QSH:HC128-B2B256 --2 # server TLSv1.2 AES128-B2B256 -v 3 -l QSH:AES128-B2B256 --2 # client TLSv1.2 AES128-B2B256 -v 3 -l QSH:AES128-B2B256 --2 # server TLSv1.2 AES256-B2B256 -v 3 -l QSH:AES256-B2B256 --2 # client TLSv1.2 AES256-B2B256 -v 3 -l QSH:AES256-B2B256 --2 # server TLSv1 RABBIT-SHA -v 1 -l QSH:RABBIT-SHA --2 # client TLSv1 RABBIT-SHA -v 1 -l QSH:RABBIT-SHA --2 # server TLSv1.1 RABBIT-SHA -v 2 -l QSH:RABBIT-SHA --2 # client TLSv1.1 RABBIT-SHA -v 2 -l QSH:RABBIT-SHA --2 # server TLSv1.2 RABBIT-SHA -v 3 -l QSH:RABBIT-SHA --2 # client TLSv1.2 RABBIT-SHA -v 3 -l QSH:RABBIT-SHA --2 # server TLSv1 DHE AES128 -v 1 -l QSH:DHE-RSA-AES128-SHA --2 # client TLSv1 DHE AES128 -v 1 -l QSH:DHE-RSA-AES128-SHA --2 # server TLSv1 DHE AES256 -v 1 -l QSH:DHE-RSA-AES256-SHA --2 # client TLSv1 DHE AES256 -v 1 -l QSH:DHE-RSA-AES256-SHA --2 # server TLSv1 DHE AES128-SHA256 -v 1 -l QSH:DHE-RSA-AES128-SHA256 --2 # client TLSv1 DHE AES128-SHA256 -v 1 -l QSH:DHE-RSA-AES128-SHA256 --2 # server TLSv1 DHE AES256-SHA256 -v 1 -l QSH:DHE-RSA-AES256-SHA256 --2 # client TLSv1 DHE AES256-SHA256 -v 1 -l QSH:DHE-RSA-AES256-SHA256 --2 # server TLSv1.1 DHE AES128 -v 2 -l QSH:DHE-RSA-AES128-SHA --2 # client TLSv1.1 DHE AES128 -v 2 -l QSH:DHE-RSA-AES128-SHA --2 # server TLSv1.1 DHE AES256 -v 2 -l QSH:DHE-RSA-AES256-SHA --2 # client TLSv1.1 DHE AES256 -v 2 -l QSH:DHE-RSA-AES256-SHA --2 # server TLSv1.1 DHE AES128-SHA256 -v 2 -l QSH:DHE-RSA-AES128-SHA256 --2 # client TLSv1.1 DHE AES128-SHA256 -v 2 -l QSH:DHE-RSA-AES128-SHA256 --2 # server TLSv1.1 DHE AES256-SHA256 -v 2 -l QSH:DHE-RSA-AES256-SHA256 --2 # client TLSv1.1 DHE AES256-SHA256 -v 2 -l QSH:DHE-RSA-AES256-SHA256 --2 # server TLSv1.2 DHE AES128 -v 3 -l QSH:DHE-RSA-AES128-SHA --2 # client TLSv1.2 DHE AES128 -v 3 -l QSH:DHE-RSA-AES128-SHA --2 # server TLSv1.2 DHE AES256 -v 3 -l QSH:DHE-RSA-AES256-SHA --2 # client TLSv1.2 DHE AES256 -v 3 -l QSH:DHE-RSA-AES256-SHA --2 # server TLSv1.2 DHE AES128-SHA256 -v 3 -l QSH:DHE-RSA-AES128-SHA256 --2 # client TLSv1.2 DHE AES128-SHA256 -v 3 -l QSH:DHE-RSA-AES128-SHA256 --2 # server TLSv1.2 DHE AES256-SHA256 -v 3 -l QSH:DHE-RSA-AES256-SHA256 --2 # client TLSv1.2 DHE AES256-SHA256 -v 3 -l QSH:DHE-RSA-AES256-SHA256 --2 # server TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l QSH:ECDHE-PSK-AES128-SHA256 --2 # client TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l QSH:ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l QSH:ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l QSH:ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l QSH:ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l QSH:ECDHE-PSK-AES128-SHA256 --2 # server TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l QSH:ECDHE-PSK-NULL-SHA256 --2 # client TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l QSH:ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l QSH:ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l QSH:ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l QSH:ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l QSH:ECDHE-PSK-NULL-SHA256 --2 # server TLSv1 PSK-AES128 -s -v 1 -l QSH:PSK-AES128-CBC-SHA --2 # client TLSv1 PSK-AES128 -s -v 1 -l QSH:PSK-AES128-CBC-SHA --2 # server TLSv1 PSK-AES256 -s -v 1 -l QSH:PSK-AES256-CBC-SHA --2 # client TLSv1 PSK-AES256 -s -v 1 -l QSH:PSK-AES256-CBC-SHA --2 # server TLSv1.1 PSK-AES128 -s -v 2 -l QSH:PSK-AES128-CBC-SHA --2 # client TLSv1.1 PSK-AES128 -s -v 2 -l QSH:PSK-AES128-CBC-SHA --2 # server TLSv1.1 PSK-AES256 -s -v 2 -l QSH:PSK-AES256-CBC-SHA --2 # client TLSv1.1 PSK-AES256 -s -v 2 -l QSH:PSK-AES256-CBC-SHA --2 # server TLSv1.2 PSK-AES128 -s -v 3 -l QSH:PSK-AES128-CBC-SHA --2 # client TLSv1.2 PSK-AES128 -s -v 3 -l QSH:PSK-AES128-CBC-SHA --2 # server TLSv1.2 PSK-AES256 -s -v 3 -l QSH:PSK-AES256-CBC-SHA --2 # client TLSv1.2 PSK-AES256 -s -v 3 -l QSH:PSK-AES256-CBC-SHA --2 # server TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l QSH:PSK-AES128-CBC-SHA256 --2 # client TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l QSH:PSK-AES128-CBC-SHA256 --2 # server TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l QSH:PSK-AES128-CBC-SHA256 --2 # client TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l QSH:PSK-AES128-CBC-SHA256 --2 # server TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l QSH:PSK-AES128-CBC-SHA256 --2 # client TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l QSH:PSK-AES128-CBC-SHA256 --2 # server TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l QSH:PSK-AES256-CBC-SHA384 --2 # client TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l QSH:PSK-AES256-CBC-SHA384 --2 # server TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l QSH:PSK-AES256-CBC-SHA384 --2 # client TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l QSH:PSK-AES256-CBC-SHA384 --2 # server TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l QSH:PSK-AES256-CBC-SHA384 --2 # client TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l QSH:PSK-AES256-CBC-SHA384 --2 # server TLSv1.0 PSK-NULL -s -v 1 -l QSH:PSK-NULL-SHA --2 # client TLSv1.0 PSK-NULL -s -v 1 -l QSH:PSK-NULL-SHA --2 # server TLSv1.1 PSK-NULL -s -v 2 -l QSH:PSK-NULL-SHA --2 # client TLSv1.1 PSK-NULL -s -v 2 -l QSH:PSK-NULL-SHA --2 # server TLSv1.2 PSK-NULL -s -v 3 -l QSH:PSK-NULL-SHA --2 # client TLSv1.2 PSK-NULL -s -v 3 -l QSH:PSK-NULL-SHA --2 # server TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l QSH:PSK-NULL-SHA256 --2 # client TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l QSH:PSK-NULL-SHA256 --2 # server TLSv1.2 PSK-NULL-SHA384 -s -v 3 -l QSH:PSK-NULL-SHA384 --2 # client TLSv1.2 PSK-NULL-SHA384 -s -v 3 -l QSH:PSK-NULL-SHA384 --2 # server TLSv1.2 PSK-NULL -s -v 3 -l QSH:PSK-NULL-SHA --2 # client TLSv1.2 PSK-NULL -s -v 3 -l QSH:PSK-NULL-SHA --2 # server TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l QSH:PSK-NULL-SHA256 --2 # client TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l QSH:PSK-NULL-SHA256 --2 # server TLSv1.0 RSA-NULL-SHA -v 1 -l QSH:NULL-SHA --2 # client TLSv1.0 RSA-NULL-SHA -v 1 -l QSH:NULL-SHA --2 # server TLSv1.1 RSA-NULL-SHA -v 2 -l QSH:NULL-SHA --2 # client TLSv1.1 RSA-NULL-SHA -v 2 -l QSH:NULL-SHA --2 # server TLSv1.2 RSA-NULL-SHA -v 3 -l QSH:NULL-SHA --2 # client TLSv1.2 RSA-NULL-SHA -v 3 -l QSH:NULL-SHA --2 # server TLSv1.0 RSA-NULL-SHA256 -v 1 -l QSH:NULL-SHA256 --2 # client TLSv1.0 RSA-NULL-SHA256 -v 1 -l QSH:NULL-SHA256 --2 # server TLSv1.1 RSA-NULL-SHA256 -v 2 -l QSH:NULL-SHA256 --2 # client TLSv1.1 RSA-NULL-SHA256 -v 2 -l QSH:NULL-SHA256 --2 # server TLSv1.2 RSA-NULL-SHA256 -v 3 -l QSH:NULL-SHA256 --2 # client TLSv1.2 RSA-NULL-SHA256 -v 3 -l QSH:NULL-SHA256 --2 # server TLSv1 CAMELLIA128-SHA -v 1 -l QSH:CAMELLIA128-SHA --2 # client TLSv1 CAMELLIA128-SHA -v 1 -l QSH:CAMELLIA128-SHA --2 # server TLSv1 CAMELLIA256-SHA -v 1 -l QSH:CAMELLIA256-SHA --2 # client TLSv1 CAMELLIA256-SHA -v 1 -l QSH:CAMELLIA256-SHA --2 # server TLSv1 CAMELLIA128-SHA256 -v 1 -l QSH:CAMELLIA128-SHA256 --2 # client TLSv1 CAMELLIA128-SHA256 -v 1 -l QSH:CAMELLIA128-SHA256 --2 # server TLSv1 CAMELLIA256-SHA256 -v 1 -l QSH:CAMELLIA256-SHA256 --2 # client TLSv1 CAMELLIA256-SHA256 -v 1 -l QSH:CAMELLIA256-SHA256 --2 # server TLSv1.1 CAMELLIA128-SHA -v 2 -l QSH:CAMELLIA128-SHA --2 # client TLSv1.1 CAMELLIA128-SHA -v 2 -l QSH:CAMELLIA128-SHA --2 # server TLSv1.1 CAMELLIA256-SHA -v 2 -l QSH:CAMELLIA256-SHA --2 # client TLSv1.1 CAMELLIA256-SHA -v 2 -l QSH:CAMELLIA256-SHA --2 # server TLSv1.1 CAMELLIA128-SHA256 -v 2 -l QSH:CAMELLIA128-SHA256 --2 # client TLSv1.1 CAMELLIA128-SHA256 -v 2 -l QSH:CAMELLIA128-SHA256 --2 # server TLSv1.1 CAMELLIA256-SHA256 -v 2 -l QSH:CAMELLIA256-SHA256 --2 # client TLSv1.1 CAMELLIA256-SHA256 -v 2 -l QSH:CAMELLIA256-SHA256 --2 # server TLSv1.2 CAMELLIA128-SHA -v 3 -l QSH:CAMELLIA128-SHA --2 # client TLSv1.2 CAMELLIA128-SHA -v 3 -l QSH:CAMELLIA128-SHA --2 # server TLSv1.2 CAMELLIA256-SHA -v 3 -l QSH:CAMELLIA256-SHA --2 # client TLSv1.2 CAMELLIA256-SHA -v 3 -l QSH:CAMELLIA256-SHA --2 # server TLSv1.2 CAMELLIA128-SHA256 -v 3 -l QSH:CAMELLIA128-SHA256 --2 # client TLSv1.2 CAMELLIA128-SHA256 -v 3 -l QSH:CAMELLIA128-SHA256 --2 # server TLSv1.2 CAMELLIA256-SHA256 -v 3 -l QSH:CAMELLIA256-SHA256 --2 # client TLSv1.2 CAMELLIA256-SHA256 -v 3 -l QSH:CAMELLIA256-SHA256 --2 # server TLSv1 DHE-RSA-CAMELLIA128-SHA -v 1 -l QSH:DHE-RSA-CAMELLIA128-SHA --2 # client TLSv1 DHE-RSA-CAMELLIA128-SHA -v 1 -l QSH:DHE-RSA-CAMELLIA128-SHA --2 # server TLSv1 DHE-RSA-CAMELLIA256-SHA -v 1 -l QSH:DHE-RSA-CAMELLIA256-SHA --2 # client TLSv1 DHE-RSA-CAMELLIA256-SHA -v 1 -l QSH:DHE-RSA-CAMELLIA256-SHA --2 # server TLSv1 DHE-RSA-CAMELLIA128-SHA256 -v 1 -l QSH:DHE-RSA-CAMELLIA128-SHA256 --2 # client TLSv1 DHE-RSA-CAMELLIA128-SHA256 -v 1 -l QSH:DHE-RSA-CAMELLIA128-SHA256 --2 # server TLSv1 DHE-RSA-CAMELLIA256-SHA256 -v 1 -l QSH:DHE-RSA-CAMELLIA256-SHA256 --2 # client TLSv1 DHE-RSA-CAMELLIA256-SHA256 -v 1 -l QSH:DHE-RSA-CAMELLIA256-SHA256 --2 # server TLSv1.1 DHE-RSA-CAMELLIA128-SHA -v 2 -l QSH:DHE-RSA-CAMELLIA128-SHA --2 # client TLSv1.1 DHE-RSA-CAMELLIA128-SHA -v 2 -l QSH:DHE-RSA-CAMELLIA128-SHA --2 # server TLSv1.1 DHE-RSA-CAMELLIA256-SHA -v 2 -l QSH:DHE-RSA-CAMELLIA256-SHA --2 # client TLSv1.1 DHE-RSA-CAMELLIA256-SHA -v 2 -l QSH:DHE-RSA-CAMELLIA256-SHA --2 # server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 -v 2 -l QSH:DHE-RSA-CAMELLIA128-SHA256 --2 # client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 -v 2 -l QSH:DHE-RSA-CAMELLIA128-SHA256 --2 # server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 -v 2 -l QSH:DHE-RSA-CAMELLIA256-SHA256 --2 # client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 -v 2 -l QSH:DHE-RSA-CAMELLIA256-SHA256 --2 # server TLSv1.2 DHE-RSA-CAMELLIA128-SHA -v 3 -l QSH:DHE-RSA-CAMELLIA128-SHA --2 # client TLSv1.2 DHE-RSA-CAMELLIA128-SHA -v 3 -l QSH:DHE-RSA-CAMELLIA128-SHA --2 # server TLSv1.2 DHE-RSA-CAMELLIA256-SHA -v 3 -l QSH:DHE-RSA-CAMELLIA256-SHA --2 # client TLSv1.2 DHE-RSA-CAMELLIA256-SHA -v 3 -l QSH:DHE-RSA-CAMELLIA256-SHA --2 # server TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 -v 3 -l QSH:DHE-RSA-CAMELLIA128-SHA256 --2 # client TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 -v 3 -l QSH:DHE-RSA-CAMELLIA128-SHA256 --2 # server TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 -v 3 -l QSH:DHE-RSA-CAMELLIA256-SHA256 --2 # client TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 -v 3 -l QSH:DHE-RSA-CAMELLIA256-SHA256 --2 # server TLSv1.2 RSA-AES128-GCM-SHA256 -v 3 -l QSH:AES128-GCM-SHA256 --2 # client TLSv1.2 RSA-AES128-GCM-SHA256 -v 3 -l QSH:AES128-GCM-SHA256 --2 # server TLSv1.2 RSA-AES256-GCM-SHA384 -v 3 -l QSH:AES256-GCM-SHA384 --2 # client TLSv1.2 RSA-AES256-GCM-SHA384 -v 3 -l QSH:AES256-GCM-SHA384 --2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDH-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDH-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDH-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDHE-RSA-AES128-GCM-SHA256 --2 # client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDHE-RSA-AES128-GCM-SHA256 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDHE-RSA-AES256-GCM-SHA384 --2 # server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDH-RSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDH-RSA-AES128-GCM-SHA256 --2 # server TLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDH-RSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDH-RSA-AES256-GCM-SHA384 --2 # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 -v 3 -l QSH:DHE-RSA-AES128-GCM-SHA256 --2 # client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 -v 3 -l QSH:DHE-RSA-AES128-GCM-SHA256 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l QSH:DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l QSH:DHE-RSA-AES256-GCM-SHA384 --2 # server TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l QSH:PSK-AES128-GCM-SHA256 --2 # client TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l QSH:PSK-AES128-GCM-SHA256 --2 # server TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l QSH:PSK-AES256-GCM-SHA384 --2 # client TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l QSH:PSK-AES256-GCM-SHA384 --2 # server TLSv1.2 AES128-CCM-8 -v 3 -l QSH:AES128-CCM-8 --2 # client TLSv1.2 AES128-CCM-8 -v 3 -l QSH:AES128-CCM-8 --2 # server TLSv1.2 AES256-CCM-8 -v 3 -l QSH:AES256-CCM-8 --2 # client TLSv1.2 AES256-CCM-8 -v 3 -l QSH:AES256-CCM-8 --2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l QSH:ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l QSH:ECDHE-ECDSA-AES128-CCM -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l QSH:ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l QSH:ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -v 3 -l QSH:ECDHE-ECDSA-AES256-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -v 3 -l QSH:ECDHE-ECDSA-AES256-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 PSK-AES128-CCM -s -v 3 -l QSH:PSK-AES128-CCM --2 # client TLSv1.2 PSK-AES128-CCM -s -v 3 -l QSH:PSK-AES128-CCM --2 # server TLSv1.2 PSK-AES256-CCM -s -v 3 -l QSH:PSK-AES256-CCM --2 # client TLSv1.2 PSK-AES256-CCM -s -v 3 -l QSH:PSK-AES256-CCM --2 # server TLSv1.2 PSK-AES128-CCM-8 -s -v 3 -l QSH:PSK-AES128-CCM-8 --2 # client TLSv1.2 PSK-AES128-CCM-8 -s -v 3 -l QSH:PSK-AES128-CCM-8 --2 # server TLSv1.2 PSK-AES256-CCM-8 -s -v 3 -l QSH:PSK-AES256-CCM-8 --2 # client TLSv1.2 PSK-AES256-CCM-8 -s -v 3 -l QSH:PSK-AES256-CCM-8 --2 # server TLSv1.0 DHE-PSK-AES128-CBC-SHA256 -s -v 1 -l QSH:DHE-PSK-AES128-CBC-SHA256 --2 # client TLSv1.0 DHE-PSK-AES128-CBC-SHA256 -s -v 1 -l QSH:DHE-PSK-AES128-CBC-SHA256 --2 # server TLSv1.1 DHE-PSK-AES128-CBC-SHA256 -s -v 2 -l QSH:DHE-PSK-AES128-CBC-SHA256 --2 # client TLSv1.1 DHE-PSK-AES128-CBC-SHA256 -s -v 2 -l QSH:DHE-PSK-AES128-CBC-SHA256 --2 # server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 -s -v 3 -l QSH:DHE-PSK-AES128-CBC-SHA256 --2 # client TLSv1.2 DHE-PSK-AES128-CBC-SHA256 -s -v 3 -l QSH:DHE-PSK-AES128-CBC-SHA256 --2 # server TLSv1.0 DHE-PSK-AES256-CBC-SHA384 -s -v 1 -l QSH:DHE-PSK-AES256-CBC-SHA384 --2 # client TLSv1.0 DHE-PSK-AES256-CBC-SHA384 -s -v 1 -l QSH:DHE-PSK-AES256-CBC-SHA384 --2 # server TLSv1.1 DHE-PSK-AES256-CBC-SHA384 -s -v 2 -l QSH:DHE-PSK-AES256-CBC-SHA384 --2 # client TLSv1.1 DHE-PSK-AES256-CBC-SHA384 -s -v 2 -l QSH:DHE-PSK-AES256-CBC-SHA384 --2 # server TLSv1.2 DHE-PSK-AES256-CBC-SHA384 -s -v 3 -l QSH:DHE-PSK-AES256-CBC-SHA384 --2 # client TLSv1.2 DHE-PSK-AES256-CBC-SHA384 -s -v 3 -l QSH:DHE-PSK-AES256-CBC-SHA384 --2 # server TLSv1.0 DHE-PSK-NULL-SHA256 -s -v 1 -l QSH:DHE-PSK-NULL-SHA256 --2 # client TLSv1.0 DHE-PSK-NULL-SHA256 -s -v 1 -l QSH:DHE-PSK-NULL-SHA256 --2 # server TLSv1.1 DHE-PSK-NULL-SHA256 -s -v 2 -l QSH:DHE-PSK-NULL-SHA256 --2 # client TLSv1.1 DHE-PSK-NULL-SHA256 -s -v 2 -l QSH:DHE-PSK-NULL-SHA256 --2 # server TLSv1.2 DHE-PSK-NULL-SHA256 -s -v 3 -l QSH:DHE-PSK-NULL-SHA256 --2 # client TLSv1.2 DHE-PSK-NULL-SHA256 -s -v 3 -l QSH:DHE-PSK-NULL-SHA256 --2 # server TLSv1.0 DHE-PSK-NULL-SHA384 -s -v 1 -l QSH:DHE-PSK-NULL-SHA384 --2 # client TLSv1.0 DHE-PSK-NULL-SHA384 -s -v 1 -l QSH:DHE-PSK-NULL-SHA384 --2 # server TLSv1.1 DHE-PSK-NULL-SHA384 -s -v 2 -l QSH:DHE-PSK-NULL-SHA384 --2 # client TLSv1.1 DHE-PSK-NULL-SHA384 -s -v 2 -l QSH:DHE-PSK-NULL-SHA384 --2 # server TLSv1.2 DHE-PSK-NULL-SHA384 -s -v 3 -l QSH:DHE-PSK-NULL-SHA384 --2 # client TLSv1.2 DHE-PSK-NULL-SHA384 -s -v 3 -l QSH:DHE-PSK-NULL-SHA384 --2 # server TLSv1.2 DHE-PSK-AES128-GCM-SHA256 -s -v 3 -l QSH:DHE-PSK-AES128-GCM-SHA256 --2 # client TLSv1.2 DHE-PSK-AES128-GCM-SHA256 -s -v 3 -l QSH:DHE-PSK-AES128-GCM-SHA256 --2 # server TLSv1.2 DHE-PSK-AES256-GCM-SHA384 -s -v 3 -l QSH:DHE-PSK-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-PSK-AES256-GCM-SHA384 -s -v 3 -l QSH:DHE-PSK-AES256-GCM-SHA384 --2 # server TLSv1.2 DHE-PSK-AES128-CCM -s -v 3 -l QSH:DHE-PSK-AES128-CCM --2 # client TLSv1.2 DHE-PSK-AES128-CCM -s -v 3 -l QSH:DHE-PSK-AES128-CCM --2 # server TLSv1.2 DHE-PSK-AES256-CCM -s -v 3 -l QSH:DHE-PSK-AES256-CCM --2 # client TLSv1.2 DHE-PSK-AES256-CCM -s -v 3 -l QSH:DHE-PSK-AES256-CCM --2 # server TLSv1.2 ADH-AES128-SHA -a -v 3 -l QSH:ADH-AES128-SHA --2 # client TLSv1.2 ADH-AES128-SHA -a -v 3 -l QSH:ADH-AES128-SHA --2 # server TLSv1.1 ADH-AES128-SHA -a -v 2 -l QSH:ADH-AES128-SHA --2 # client TLSv1.1 ADH-AES128-SHA -a -v 2 -l QSH:ADH-AES128-SHA --2 # server TLSv1.0 ADH-AES128-SHA -a -v 1 -l QSH:ADH-AES128-SHA --2 # client TLSv1.0 ADH-AES128-SHA -a -v 1 -l QSH:ADH-AES128-SHA --2 # server TLSv1 NTRU_RC4 -v 1 @@ -2482,12 +2038,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_RC4 -v 1 -l QSH:NTRU-RC4-SHA --2 # server TLSv1 NTRU_DES3 -v 1 @@ -2495,12 +2049,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_DES3 -v 1 -l QSH:NTRU-DES-CBC3-SHA --2 # server TLSv1 NTRU_AES128 -v 1 @@ -2508,12 +2060,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_AES128 -v 1 -l QSH:NTRU-AES128-SHA --2 # server TLSv1 NTRU_AES256 -v 1 @@ -2521,12 +2071,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_AES256 -v 1 -l QSH:NTRU-AES256-SHA --2 # server TLSv1.1 NTRU_RC4 -v 2 @@ -2534,12 +2082,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_RC4 -v 2 -l QSH:NTRU-RC4-SHA --2 # server TLSv1.1 NTRU_DES3 -v 2 @@ -2547,12 +2093,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_DES3 -v 2 -l QSH:NTRU-DES-CBC3-SHA --2 # server TLSv1.1 NTRU_AES128 -v 2 @@ -2560,12 +2104,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_AES128 -v 2 -l QSH:NTRU-AES128-SHA --2 # server TLSv1.1 NTRU_AES256 -v 2 @@ -2573,12 +2115,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_AES256 -v 2 -l QSH:NTRU-AES256-SHA --2 # server TLSv1.2 NTRU_RC4 -v 3 @@ -2586,12 +2126,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.2 NTRU_RC4 -v 3 -l QSH:NTRU-RC4-SHA --2 # server TLSv1.2 NTRU_DES3 -v 3 @@ -2599,12 +2137,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.2 NTRU_DES3 -v 3 -l QSH:NTRU-DES-CBC3-SHA --2 # server TLSv1.2 NTRU_AES128 -v 3 @@ -2612,9 +2148,7 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.2 NTRU_AES128 -v 3 -l QSH:NTRU-AES128-SHA --2 diff --git a/tests/test-sctp.conf b/tests/test-sctp.conf index 79727512d..1f6a303fc 100644 --- a/tests/test-sctp.conf +++ b/tests/test-sctp.conf @@ -2,25 +2,21 @@ -G -v 2 -l DHE-RSA-CHACHA20-POLY1305 --2 # client DTLSv1 DHE-RSA-CHACHA20-POLY1305 -G -v 2 -l DHE-RSA-CHACHA20-POLY1305 --2 # server DTLSv1 ECDHE-RSA-CHACHA20-POLY1305 -G -v 2 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # client DTLSv1 ECDHE-RSA-CHACHA20-POLY1305 -G -v 2 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # server DTLSv1 ECDHE-EDCSA-CHACHA20-POLY1305 -G @@ -28,38 +24,32 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1 ECDHE-ECDSA-CHACHA20-POLY1305 -G -v 2 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 -G -v 3 -l DHE-RSA-CHACHA20-POLY1305 --2 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 -G -v 3 -l DHE-RSA-CHACHA20-POLY1305 --2 # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -G -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -G -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -G @@ -67,80 +57,68 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -G -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -G -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -G -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -G -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -G -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 PSK-CHACHA20-POLY1305 -G -v 3 -s -l PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 PSK-CHACHA20-POLY1305 -G -v 3 -s -l PSK-CHACHA20-POLY1305 --2 # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -G -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD --2 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -G -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD --2 # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -G -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -G -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD -G @@ -148,278 +126,232 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD -G -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1 RC4-SHA -G -v 2 -l RC4-SHA --2 # client DTLSv1 RC4-SHA -G -v 2 -l RC4-SHA --2 # server DTLSv1.2 RC4-SHA -G -v 3 -l RC4-SHA --2 # client DTLSv1.2 RC4-SHA -G -v 3 -l RC4-SHA --2 # server DTLSv1 IDEA-CBC-SHA -G -v 2 -l IDEA-CBC-SHA --2 # client DTLSv1 IDEA-CBC-SHA -G -v 2 -l IDEA-CBC-SHA --2 # server DTLSv1 DES-CBC3-SHA -G -v 2 -l DES-CBC3-SHA --2 # client DTLSv1 DES-CBC3-SHA -G -v 2 -l DES-CBC3-SHA --2 # server DTLSv1.2 DES-CBC3-SHA -G -v 3 -l DES-CBC3-SHA --2 # client DTLSv1.2 DES-CBC3-SHA -G -v 3 -l DES-CBC3-SHA --2 # server DTLSv1 AES128-SHA -G -v 2 -l AES128-SHA --2 # client DTLSv1 AES128-SHA -G -v 2 -l AES128-SHA --2 # server DTLSv1.2 AES128-SHA -G -v 3 -l AES128-SHA --2 # client DTLSv1.2 AES128-SHA -G -v 3 -l AES128-SHA --2 # server DTLSv1 AES256-SHA -G -v 2 -l AES256-SHA --2 # client DTLSv1 AES256-SHA -G -v 2 -l AES256-SHA --2 # server DTLSv1.2 AES256-SHA -G -v 3 -l AES256-SHA --2 # client DTLSv1.2 AES256-SHA -G -v 3 -l AES256-SHA --2 # server DTLSv1 AES128-SHA256 -G -v 2 -l AES128-SHA256 --2 # client DTLSv1 AES128-SHA256 -G -v 2 -l AES128-SHA256 --2 # server DTLSv1.2 AES128-SHA256 -G -v 3 -l AES128-SHA256 --2 # client DTLSv1.2 AES128-SHA256 -G -v 3 -l AES128-SHA256 --2 # server DTLSv1 AES256-SHA256 -G -v 2 -l AES256-SHA256 --2 # client DTLSv1 AES256-SHA256 -G -v 2 -l AES256-SHA256 --2 # server DTLSv1.2 AES256-SHA256 -G -v 3 -l AES256-SHA256 --2 # client DTLSv1.2 AES256-SHA256 -G -v 3 -l AES256-SHA256 --2 # server DTLSv1 ECDHE-RSA-RC4 -G -v 2 -l ECDHE-RSA-RC4-SHA --2 # client DTLSv1 ECDHE-RSA-RC4 -G -v 2 -l ECDHE-RSA-RC4-SHA --2 # server DTLSv1.1 ECDHE-RSA-DES3 -G -v 2 -l ECDHE-RSA-DES-CBC3-SHA --2 # client DTLSv1.1 ECDHE-RSA-DES3 -G -v 2 -l ECDHE-RSA-DES-CBC3-SHA --2 # server DTLSv1.1 ECDHE-RSA-AES128 -G -v 2 -l ECDHE-RSA-AES128-SHA --2 # client DTLSv1.1 ECDHE-RSA-AES128 -G -v 2 -l ECDHE-RSA-AES128-SHA --2 # server DTLSv1.1 ECDHE-RSA-AES256 -G -v 2 -l ECDHE-RSA-AES256-SHA --2 # client DTLSv1.1 ECDHE-RSA-AES256 -G -v 2 -l ECDHE-RSA-AES256-SHA --2 # server DTLSv1.2 ECDHE-RSA-RC4 -G -v 3 -l ECDHE-RSA-RC4-SHA --2 # client DTLSv1.2 ECDHE-RSA-RC4 -G -v 3 -l ECDHE-RSA-RC4-SHA --2 # server DTLSv1.2 ECDHE-RSA-DES3 -G -v 3 -l ECDHE-RSA-DES-CBC3-SHA --2 # client DTLSv1.2 ECDHE-RSA-DES3 -G -v 3 -l ECDHE-RSA-DES-CBC3-SHA --2 # server DTLSv1.2 ECDHE-RSA-AES128 -G -v 3 -l ECDHE-RSA-AES128-SHA --2 # client DTLSv1.2 ECDHE-RSA-AES128 -G -v 3 -l ECDHE-RSA-AES128-SHA --2 # server DTLSv1.2 ECDHE-RSA-AES128-SHA256 -G -v 3 -l ECDHE-RSA-AES128-SHA256 --2 # client DTLSv1.2 ECDHE-RSA-AES128-SHA256 -G -v 3 -l ECDHE-RSA-AES128-SHA256 --2 # server DTLSv1.2 ECDHE-RSA-AES256 -G -v 3 -l ECDHE-RSA-AES256-SHA --2 # client DTLSv1.2 ECDHE-RSA-AES256 -G -v 3 -l ECDHE-RSA-AES256-SHA --2 # server TLSv1 ECDHE-ECDSA-NULL-SHA -G @@ -427,14 +359,12 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -G -v 1 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-NULL-SHA -G @@ -442,14 +372,12 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -G -v 2 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-NULL-SHA -G @@ -457,14 +385,12 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-NULL-SHA -G -v 3 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-EDCSA-RC4 -G @@ -472,14 +398,12 @@ -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-RC4 -G -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-ECDSA-DES3 -G @@ -487,14 +411,12 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-DES3 -G -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-ECDSA-AES128 -G @@ -502,14 +424,12 @@ -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-AES128 -G -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-ECDSA-AES256 -G @@ -517,14 +437,12 @@ -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-AES256 -G -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-RC4 -G @@ -532,14 +450,12 @@ -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-RC4 -G -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-DES3 -G @@ -547,14 +463,12 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-DES3 -G -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES128 -G @@ -562,14 +476,12 @@ -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128 -G -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 -G @@ -577,14 +489,12 @@ -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 -G -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES256 -G @@ -592,14 +502,12 @@ -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256 -G -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-RSA-RC4 -G @@ -607,13 +515,11 @@ -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-RC4 -G -v 2 -l ECDH-RSA-RC4-SHA --2 # server DTLSv1.1 ECDH-RSA-DES3 -G @@ -621,13 +527,11 @@ -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-DES3 -G -v 2 -l ECDH-RSA-DES-CBC3-SHA --2 # server DTLSv1.1 ECDH-RSA-AES128 -G @@ -635,13 +539,11 @@ -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-AES128 -G -v 2 -l ECDH-RSA-AES128-SHA --2 # server DTLSv1.1 ECDH-RSA-AES256 -G @@ -649,13 +551,11 @@ -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-AES256 -G -v 2 -l ECDH-RSA-AES256-SHA --2 # server DTLSv1.2 ECDH-RSA-RC4 -G @@ -663,13 +563,11 @@ -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-RC4 -G -v 3 -l ECDH-RSA-RC4-SHA --2 # server DTLSv1.2 ECDH-RSA-DES3 -G @@ -677,13 +575,11 @@ -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-DES3 -G -v 3 -l ECDH-RSA-DES-CBC3-SHA --2 # server DTLSv1.2 ECDH-RSA-AES128 -G @@ -691,13 +587,11 @@ -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES128 -G -v 3 -l ECDH-RSA-AES128-SHA --2 # server DTLSv1.2 ECDH-RSA-AES128-SHA256 -G @@ -705,13 +599,11 @@ -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES128-SHA256 -G -v 3 -l ECDH-RSA-AES128-SHA256 --2 # server DTLSv1.2 ECDH-RSA-AES256 -G @@ -719,13 +611,11 @@ -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES256 -G -v 3 -l ECDH-RSA-AES256-SHA --2 # server DTLSv1.1 ECDH-EDCSA-RC4 -G @@ -733,14 +623,12 @@ -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-RC4 -G -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-ECDSA-DES3 -G @@ -748,14 +636,12 @@ -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-DES3 -G -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-ECDSA-AES128 -G @@ -763,14 +649,12 @@ -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-AES128 -G -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-ECDSA-AES256 -G @@ -778,14 +662,12 @@ -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-AES256 -G -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-RC4 -G @@ -793,14 +675,12 @@ -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-RC4 -G -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-DES3 -G @@ -808,14 +688,12 @@ -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-DES3 -G -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES128 -G @@ -823,14 +701,12 @@ -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES128 -G -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES128-SHA256 -G @@ -838,14 +714,12 @@ -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES128-SHA256 -G -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES256 -G @@ -853,26 +727,22 @@ -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES256 -G -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-RSA-AES256-SHA384 -G -v 3 -l ECDHE-RSA-AES256-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-SHA384 -G -v 3 -l ECDHE-RSA-AES256-SHA384 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 -G @@ -880,14 +750,12 @@ -l ECDHE-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 -G -v 3 -l ECDHE-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-RSA-AES256-SHA384 -G @@ -895,13 +763,11 @@ -l ECDH-RSA-AES256-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES256-SHA384 -G -v 3 -l ECDH-RSA-AES256-SHA384 --2 # server DTLSv1.2 ECDH-ECDSA-AES256-SHA384 -G @@ -909,182 +775,156 @@ -l ECDH-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES256-SHA384 -G -v 3 -l ECDH-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-PSK-AES128-SHA256 -s -G -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1 ECDHE-PSK-AES128-SHA256 -s -G -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -G -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -G -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -G -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -G -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1 ECDHE-PSK-NULL-SHA256 -s -G -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1 ECDHE-PSK-NULL-SHA256 -s -G -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -G -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -G -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -G -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -G -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # server DTLSv1 PSK-AES128 -s -G -v 2 -l PSK-AES128-CBC-SHA --2 # client DTLSv1 PSK-AES128 -s -G -v 2 -l PSK-AES128-CBC-SHA --2 # server DTLSv1 PSK-AES256 -s -G -v 2 -l PSK-AES256-CBC-SHA --2 # client DTLSv1 PSK-AES256 -s -G -v 2 -l PSK-AES256-CBC-SHA --2 # server DTLSv1.2 PSK-AES128 -s -G -v 3 -l PSK-AES128-CBC-SHA --2 # client DTLSv1.2 PSK-AES128 -s -G -v 3 -l PSK-AES128-CBC-SHA --2 # server DTLSv1.2 PSK-AES256 -s -G -v 3 -l PSK-AES256-CBC-SHA --2 # client DTLSv1.2 PSK-AES256 -s -G -v 3 -l PSK-AES256-CBC-SHA --2 # server DTLSv1.2 PSK-AES128-SHA256 -s -G -v 3 -l PSK-AES128-CBC-SHA256 --2 # client DTLSv1.2 PSK-AES128-SHA256 -s -G -v 3 -l PSK-AES128-CBC-SHA256 --2 # server DTLSv1.2 PSK-AES256-SHA384 -s -G -v 3 -l PSK-AES256-CBC-SHA384 --2 # client DTLSv1.2 PSK-AES256-SHA384 -s -G -v 3 -l PSK-AES256-CBC-SHA384 --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -G @@ -1092,14 +932,12 @@ -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -G -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -G @@ -1107,14 +945,12 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -G -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -G @@ -1122,14 +958,12 @@ -l ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -G -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -G @@ -1137,38 +971,32 @@ -l ECDH-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -G -v 3 -l ECDH-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -G -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -G -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -G -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -G -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -G @@ -1176,13 +1004,11 @@ -l ECDH-RSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -G -v 3 -l ECDH-RSA-AES128-GCM-SHA256 --2 # server DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -G @@ -1190,41 +1016,35 @@ -l ECDH-RSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -G -v 3 -l ECDH-RSA-AES256-GCM-SHA384 --2 # server DTLSv1.2 PSK-AES128-GCM-SHA256 -G -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # client DTLSv1.2 PSK-AES128-GCM-SHA256 -G -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # server DTLSv1.2 PSK-AES256-GCM-SHA384 -G -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # client DTLSv1.2 PSK-AES256-GCM-SHA384 -G -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-CCM -G @@ -1232,14 +1052,12 @@ -l ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-CCM -G -v 3 -l ECDHE-ECDSA-AES128-CCM -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -G @@ -1247,14 +1065,12 @@ -l ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -G -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -G @@ -1262,39 +1078,33 @@ -l ECDHE-ECDSA-AES256-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -G -v 3 -l ECDHE-ECDSA-AES256-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ADH-AES128-SHA -G -a -v 3 -l ADH-AES128-SHA --2 # client DTLSv1.2 ADH-AES128-SHA -G -a -v 3 -l ADH-AES128-SHA --2 # server DTLSv1.0 ADH-AES128-SHA -G -a -v 2 -l ADH-AES128-SHA --2 # client DTLSv1.0 ADH-AES128-SHA -G -a -v 2 -l ADH-AES128-SHA --2 diff --git a/tests/test-sig.conf b/tests/test-sig.conf index 044ce2bf5..680eb3506 100644 --- a/tests/test-sig.conf +++ b/tests/test-sig.conf @@ -3,257 +3,217 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-DES3 -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES256 -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES256 -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-privkey.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l ECDHE-ECDSA-AES128-CCM -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-cert.pem --2 diff --git a/tests/test-tls13-down.conf b/tests/test-tls13-down.conf index f018cc2fe..181b286eb 100644 --- a/tests/test-tls13-down.conf +++ b/tests/test-tls13-down.conf @@ -2,55 +2,43 @@ # server TLSv1.3 downgrade #-v d #-l TLS13-CHACHA20-POLY1305-SHA256 --2 # client TLSv1.2 #-v 3 --2 # server TLSv1.2 -v 3 --2 # client TLSv1.3 downgrade -v d --2 # server TLSv1.3 downgrade -v d --2 # client TLSv1.3 downgrade -v d --2 # server TLSv1.3 downgrade but don't and resume -v d -r --2 # client TLSv1.3 downgrade but don't and resume -v d -r --2 # server TLSv1.3 downgrade and resume -v d -r --2 # client TLSv1.2 and resume -v 3 -r --2 # server TLSv1.2 and resume -v d -r --2 # lcient TLSv1.3 downgrade and resume -v 3 -r --2 diff --git a/tests/test-tls13-ecc.conf b/tests/test-tls13-ecc.conf index 3bc261f6c..3496eab8c 100644 --- a/tests/test-tls13-ecc.conf +++ b/tests/test-tls13-ecc.conf @@ -3,65 +3,55 @@ -l TLS13-CHACHA20-POLY1305-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256 -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.3 TLS13-AES256-GCM-SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.3 TLS13-AES256-GCM-SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.3 TLS13-AES128-CCM-SHA256 -v 4 -l TLS13-AES128-CCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.3 TLS13-AES128-CCM-SHA256 -v 4 -l TLS13-AES128-CCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.3 TLS13-AES128-CCM-8-SHA256 -v 4 -l TLS13-AES128-CCM-8-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.3 TLS13-AES128-CCM-8-SHA256 -v 4 -l TLS13-AES128-CCM-8-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 @@ -69,14 +59,12 @@ -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -t --2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem -t --2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 @@ -84,11 +72,9 @@ -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -Y --2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem -y --2 diff --git a/tests/test-tls13-psk.conf b/tests/test-tls13-psk.conf index 90dec0e17..b8b7e2607 100644 --- a/tests/test-tls13-psk.conf +++ b/tests/test-tls13-psk.conf @@ -3,35 +3,29 @@ -s -l TLS13-AES128-GCM-SHA256 -d --2 # client TLSv1.3 PSK -v 4 -s -l TLS13-AES128-GCM-SHA256 --2 # server TLSv1.3 PSK -v 4 -j -l TLS13-AES128-GCM-SHA256 -d --2 # client TLSv1.3 PSK -v 4 -s -l TLS13-AES128-GCM-SHA256 --2 # server TLSv1.3 PSK -v 4 -j -l TLS13-AES128-GCM-SHA256 -d --2 # client TLSv1.3 not-PSK -v 4 -l TLS13-AES128-GCM-SHA256 --2 diff --git a/tests/test-tls13.conf b/tests/test-tls13.conf index 7445aa8ed..5e07ad3fe 100644 --- a/tests/test-tls13.conf +++ b/tests/test-tls13.conf @@ -1,237 +1,195 @@ # server TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256 -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 --2 # client TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256 -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 --2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # server TLSv1.3 TLS13-AES256-GCM-SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 --2 # client TLSv1.3 TLS13-AES256-GCM-SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 --2 # server TLSv1.3 TLS13-AES128-CCM-SHA256 -v 4 -l TLS13-AES128-CCM-SHA256 --2 # client TLSv1.3 TLS13-AES128-CCM-SHA256 -v 4 -l TLS13-AES128-CCM-SHA256 --2 # server TLSv1.3 TLS13-AES128-CCM-8-SHA256 -v 4 -l TLS13-AES128-CCM-8-SHA256 --2 # client TLSv1.3 TLS13-AES128-CCM-8-SHA256 -v 4 -l TLS13-AES128-CCM-8-SHA256 --2 # server TLSv1.3 resumption -v 4 -l TLS13-AES128-GCM-SHA256 -r --2 # client TLSv1.3 resumption -v 4 -l TLS13-AES128-GCM-SHA256 -r --2 # server TLSv1.3 resumption - SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 -r --2 # client TLSv1.3 resumption - SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 -r --2 # server TLSv1.3 PSK without (EC)DHE -v 4 -l TLS13-AES128-GCM-SHA256 -r --2 # client TLSv1.3 PSK without (EC)DHE -v 4 -l TLS13-AES128-GCM-SHA256 -r -K --2 # server TLSv1.3 accepting EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r -0 --2 # client TLSv1.3 sending EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r -0 --2 # server TLSv1.3 not accepting EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r --2 # client TLSv1.3 sending EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r -0 --2 # server TLSv1.3 accepting EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r -0 --2 # client TLSv1.3 not sending EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 Fragments -v 4 -l TLS13-AES128-GCM-SHA256 -F 1 --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 HelloRetryRequest to negotiate Key Exchange algorithm -v 4 -l TLS13-AES128-GCM-SHA256 -J --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 -J --2 # client TLSv1.3 HelloRetryRequest with cookie -v 4 -l TLS13-AES128-GCM-SHA256 -J --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 no client certificate -v 4 -l TLS13-AES128-GCM-SHA256 -x --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 DH key exchange -v 4 -l TLS13-AES128-GCM-SHA256 -y --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 ECC key exchange -v 4 -l TLS13-AES128-GCM-SHA256 -Y --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 ECC key exchange -v 4 -l TLS13-AES128-GCM-SHA256 -Y --2 # server TLSv1.3 multiple cipher suites -v 4 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 --2 # client TLSv1.3 -v 4 --2 # server TLSv1.3 KeyUpdate -v 4 -l TLS13-AES128-GCM-SHA256 -U --2 # client TLSv1.3 KeyUpdate -v 4 -l TLS13-AES128-GCM-SHA256 -I --2 # server TLSv1.3 Post-Handshake Authentication -v 4 -l TLS13-AES128-GCM-SHA256 -Q --2 # client TLSv1.3 Post-Handshake Authentication -v 4 -l TLS13-AES128-GCM-SHA256 -Q --2 diff --git a/tests/test-trustpeer.conf b/tests/test-trustpeer.conf new file mode 100644 index 000000000..c8df70416 --- /dev/null +++ b/tests/test-trustpeer.conf @@ -0,0 +1,99 @@ +# Both client and server use -E [path] for trusted peer +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Trusted Peer +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-E ./certs/intermediate/client-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Trusted Peer +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-E ./certs/intermediate/server-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Trusted Peer +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-E ./certs/intermediate/client-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Trusted Peer +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-E ./certs/intermediate/server-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Trusted Peer +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-E ./certs/intermediate/client-int-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Trusted Peer +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-E ./certs/intermediate/server-int-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Trusted Peer +-v 4 +-l TLS13-AES128-GCM-SHA256 +-E ./certs/intermediate/client-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Trusted Peer +-v 4 +-l TLS13-AES128-GCM-SHA256 +-E ./certs/intermediate/server-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Trusted Peer +-v 4 +-l TLS13-AES128-GCM-SHA256 +-E ./certs/intermediate/client-int-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Trusted Peer +-v 4 +-l TLS13-AES128-GCM-SHA256 +-E ./certs/intermediate/server-int-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem + +# Test for ECC self signed certificate as trusted peer +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Trusted Peer (self signed) +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-E ./certs/client-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/server-ecc-self.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Trusted Peer (self signed) +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-E ./certs/server-ecc-self.pem +-k ./certs/ecc-client-key.pem +-c ./certs/client-ecc-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Trusted Peer (self signed) +-v 4 +-l TLS13-AES128-GCM-SHA256 +-E ./certs/client-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/server-ecc-self.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Trusted Peer (self signed) +-v 4 +-l TLS13-AES128-GCM-SHA256 +-E ./certs/server-ecc-self.pem +-k ./certs/ecc-client-key.pem +-c ./certs/client-ecc-cert.pem diff --git a/tests/test.conf b/tests/test.conf index b3ccf704d..faad62e6e 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -1,2562 +1,2082 @@ # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305 -v 3 -l DHE-RSA-CHACHA20-POLY1305 --2 # client TLSv1.2 DHE-RSA-CHACHA20-POLY1305 -v 3 -l DHE-RSA-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 PSK-CHACHA20-POLY1305 -v 3 -s -l PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 PSK-CHACHA20-POLY1305 -v 3 -s -l PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD --2 # client TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD --2 # server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -A ./certs/ca-ecc-cert.pem --2 # server SSLv3 RC4-SHA -v 0 -l RC4-SHA --2 # client SSLv3 RC4-SHA -v 0 -l RC4-SHA --2 # server SSLv3 RC4-MD5 -v 0 -l RC4-MD5 --2 # client SSLv3 RC4-MD5 -v 0 -l RC4-MD5 --2 # server SSLv3 DES-CBC3-SHA -v 0 -l DES-CBC3-SHA --2 # client SSLv3 DES-CBC3-SHA -v 0 -l DES-CBC3-SHA --2 # server SSLv3 IDEA-CBC-SHA -v 0 -l IDEA-CBC-SHA --2 # client SSLv3 IDEA-CBC-SHA -v 0 -l IDEA-CBC-SHA --2 # server TLSv1 RC4-SHA -v 1 -l RC4-SHA --2 # client TLSv1 RC4-SHA -v 1 -l RC4-SHA --2 # server TLSv1 RC4-MD5 -v 1 -l RC4-MD5 --2 # client TLSv1 RC4-MD5 -v 1 -l RC4-MD5 --2 # server TLSv1 DES-CBC3-SHA -v 1 -l DES-CBC3-SHA --2 # client TLSv1 DES-CBC3-SHA -v 1 -l DES-CBC3-SHA --2 # server TLSv1 IDEA-CBC-SHA -v 1 -l IDEA-CBC-SHA --2 # client TLSv1 IDEA-CBC-SHA -v 1 -l IDEA-CBC-SHA --2 # server TLSv1 AES128-SHA -v 1 -l AES128-SHA --2 # client TLSv1 AES128-SHA -v 1 -l AES128-SHA --2 # server TLSv1 AES256-SHA -v 1 -l AES256-SHA --2 # client TLSv1 AES256-SHA -v 1 -l AES256-SHA --2 # server TLSv1 AES128-SHA256 -v 1 -l AES128-SHA256 --2 # client TLSv1 AES128-SHA256 -v 1 -l AES128-SHA256 --2 # server TLSv1 AES256-SHA256 -v 1 -l AES256-SHA256 --2 # client TLSv1 AES256-SHA256 -v 1 -l AES256-SHA256 --2 # server TLSv1.1 RC4-SHA -v 2 -l RC4-SHA --2 # client TLSv1.1 RC4-SHA -v 2 -l RC4-SHA --2 # server TLSv1.1 RC4-MD5 -v 2 -l RC4-MD5 --2 # client TLSv1.1 RC4-MD5 -v 2 -l RC4-MD5 --2 # server TLSv1.1 IDEA-CBC-SHA -v 2 -l IDEA-CBC-SHA --2 # client TLSv1.1 IDEA-CBC-SHA -v 2 -l IDEA-CBC-SHA --2 # server TLSv1.1 DES-CBC3-SHA -v 2 -l DES-CBC3-SHA --2 # client TLSv1.1 DES-CBC3-SHA -v 2 -l DES-CBC3-SHA --2 # server TLSv1.1 AES128-SHA -v 2 -l AES128-SHA --2 # client TLSv1.1 AES128-SHA -v 2 -l AES128-SHA --2 # server TLSv1.1 AES256-SHA -v 2 -l AES256-SHA --2 # client TLSv1.1 AES256-SHA -v 2 -l AES256-SHA --2 # server TLSv1.1 AES128-SHA256 -v 2 -l AES128-SHA256 --2 # client TLSv1.1 AES128-SHA256 -v 2 -l AES128-SHA256 --2 # server TLSv1.1 AES256-SHA256 -v 2 -l AES256-SHA256 --2 # client TLSv1.1 AES256-SHA256 -v 2 -l AES256-SHA256 --2 # server TLSv1.2 RC4-SHA -v 3 -l RC4-SHA --2 # client TLSv1.2 RC4-SHA -v 3 -l RC4-SHA --2 # server TLSv1.2 RC4-MD5 -v 3 -l RC4-MD5 --2 # client TLSv1.2 RC4-MD5 -v 3 -l RC4-MD5 --2 # server TLSv1.2 DES-CBC3-SHA -v 3 -l DES-CBC3-SHA --2 # client TLSv1.2 DES-CBC3-SHA -v 3 -l DES-CBC3-SHA --2 # server TLSv1.2 AES128-SHA -v 3 -l AES128-SHA --2 # client TLSv1.2 AES128-SHA -v 3 -l AES128-SHA --2 # server TLSv1.2 AES256-SHA -v 3 -l AES256-SHA --2 # client TLSv1.2 AES256-SHA -v 3 -l AES256-SHA --2 # server TLSv1.2 AES128-SHA256 -v 3 -l AES128-SHA256 --2 # client TLSv1.2 AES128-SHA256 -v 3 -l AES128-SHA256 --2 # server TLSv1.2 AES256-SHA256 -v 3 -l AES256-SHA256 --2 # client TLSv1.2 AES256-SHA256 -v 3 -l AES256-SHA256 --2 # server TLSv1 ECDHE-RSA-RC4 -v 1 -l ECDHE-RSA-RC4-SHA --2 # client TLSv1 ECDHE-RSA-RC4 -v 1 -l ECDHE-RSA-RC4-SHA --2 # server TLSv1 ECDHE-RSA-DES3 -v 1 -l ECDHE-RSA-DES-CBC3-SHA --2 # client TLSv1 ECDHE-RSA-DES3 -v 1 -l ECDHE-RSA-DES-CBC3-SHA --2 # server TLSv1 ECDHE-RSA-AES128 -v 1 -l ECDHE-RSA-AES128-SHA --2 # client TLSv1 ECDHE-RSA-AES128 -v 1 -l ECDHE-RSA-AES128-SHA --2 # server TLSv1 ECDHE-RSA-AES256 -v 1 -l ECDHE-RSA-AES256-SHA --2 # client TLSv1 ECDHE-RSA-AES256 -v 1 -l ECDHE-RSA-AES256-SHA --2 # server TLSv1.1 ECDHE-RSA-RC4 -v 2 -l ECDHE-RSA-RC4-SHA --2 # client TLSv1.1 ECDHE-RSA-RC4 -v 2 -l ECDHE-RSA-RC4-SHA --2 # server TLSv1.1 ECDHE-RSA-DES3 -v 2 -l ECDHE-RSA-DES-CBC3-SHA --2 # client TLSv1.1 ECDHE-RSA-DES3 -v 2 -l ECDHE-RSA-DES-CBC3-SHA --2 # server TLSv1.1 ECDHE-RSA-AES128 -v 2 -l ECDHE-RSA-AES128-SHA --2 # client TLSv1.1 ECDHE-RSA-AES128 -v 2 -l ECDHE-RSA-AES128-SHA --2 # server TLSv1.1 ECDHE-RSA-AES256 -v 2 -l ECDHE-RSA-AES256-SHA --2 # client TLSv1.1 ECDHE-RSA-AES256 -v 2 -l ECDHE-RSA-AES256-SHA --2 # server TLSv1.2 ECDHE-RSA-RC4 -v 3 -l ECDHE-RSA-RC4-SHA --2 # client TLSv1.2 ECDHE-RSA-RC4 -v 3 -l ECDHE-RSA-RC4-SHA --2 # server TLSv1.2 ECDHE-RSA-DES3 -v 3 -l ECDHE-RSA-DES-CBC3-SHA --2 # client TLSv1.2 ECDHE-RSA-DES3 -v 3 -l ECDHE-RSA-DES-CBC3-SHA --2 # server TLSv1.2 ECDHE-RSA-AES128 -v 3 -l ECDHE-RSA-AES128-SHA --2 # client TLSv1.2 ECDHE-RSA-AES128 -v 3 -l ECDHE-RSA-AES128-SHA --2 # server TLSv1.2 ECDHE-RSA-AES128-SHA256 -v 3 -l ECDHE-RSA-AES128-SHA256 --2 # client TLSv1.2 ECDHE-RSA-AES128-SHA256 -v 3 -l ECDHE-RSA-AES128-SHA256 --2 # server TLSv1.2 ECDHE-RSA-AES256 -v 3 -l ECDHE-RSA-AES256-SHA --2 # client TLSv1.2 ECDHE-RSA-AES256 -v 3 -l ECDHE-RSA-AES256-SHA --2 # server TLSv1 ECDHE-ECDSA-NULL-SHA -v 1 -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -v 1 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-NULL-SHA -v 2 -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -v 2 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-NULL-SHA -v 3 -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-NULL-SHA -v 3 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-RC4 -v 1 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-RC4 -v 1 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-DES3 -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-DES3 -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES256 -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES256 -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-EDCSA-RC4 -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-RC4 -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-RSA-RC4 -v 1 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-RC4 -v 1 -l ECDH-RSA-RC4-SHA --2 # server TLSv1 ECDH-RSA-DES3 -v 1 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-DES3 -v 1 -l ECDH-RSA-DES-CBC3-SHA --2 # server TLSv1 ECDH-RSA-AES128 -v 1 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-AES128 -v 1 -l ECDH-RSA-AES128-SHA --2 # server TLSv1 ECDH-RSA-AES256 -v 1 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-AES256 -v 1 -l ECDH-RSA-AES256-SHA --2 # server TLSv1.1 ECDH-RSA-RC4 -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-RC4 -v 2 -l ECDH-RSA-RC4-SHA --2 # server TLSv1.1 ECDH-RSA-DES3 -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-DES3 -v 2 -l ECDH-RSA-DES-CBC3-SHA --2 # server TLSv1.1 ECDH-RSA-AES128 -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-AES128 -v 2 -l ECDH-RSA-AES128-SHA --2 # server TLSv1.1 ECDH-RSA-AES256 -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-AES256 -v 2 -l ECDH-RSA-AES256-SHA --2 # server TLSv1.2 ECDH-RSA-RC4 -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-RC4 -v 3 -l ECDH-RSA-RC4-SHA --2 # server TLSv1.2 ECDH-RSA-DES3 -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-DES3 -v 3 -l ECDH-RSA-DES-CBC3-SHA --2 # server TLSv1.2 ECDH-RSA-AES128 -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES128 -v 3 -l ECDH-RSA-AES128-SHA --2 # server TLSv1.2 ECDH-RSA-AES128-SHA256 -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES128-SHA256 -v 3 -l ECDH-RSA-AES128-SHA256 --2 # server TLSv1.2 ECDH-RSA-AES256 -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES256 -v 3 -l ECDH-RSA-AES256-SHA --2 # server TLSv1 ECDH-ECDSA-RC4 -v 1 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-RC4 -v 1 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-ECDSA-DES3 -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-DES3 -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-ECDSA-AES128 -v 1 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-AES128 -v 1 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-ECDSA-AES256 -v 1 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-AES256 -v 1 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-EDCSA-RC4 -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-RC4 -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-ECDSA-DES3 -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-DES3 -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-ECDSA-AES128 -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-AES128 -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-ECDSA-AES256 -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-AES256 -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-RC4 -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-DES3 -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-DES3 -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128 -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128 -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-RSA-AES256-SHA384 -v 3 -l ECDHE-RSA-AES256-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-SHA384 -v 3 -l ECDHE-RSA-AES256-SHA384 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-SHA384 -v 3 -l ECDHE-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-SHA384 -v 3 -l ECDHE-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-RSA-AES256-SHA384 -v 3 -l ECDH-RSA-AES256-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES256-SHA384 -v 3 -l ECDH-RSA-AES256-SHA384 --2 # server TLSv1.2 ECDH-ECDSA-AES256-SHA384 -v 3 -l ECDH-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256-SHA384 -v 3 -l ECDH-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 HC128-SHA -v 1 -l HC128-SHA --2 # client TLSv1 HC128-SHA -v 1 -l HC128-SHA --2 # server TLSv1 HC128-MD5 -v 1 -l HC128-MD5 --2 # client TLSv1 HC128-MD5 -v 1 -l HC128-MD5 --2 # server TLSv1 HC128-B2B256 -v 1 -l HC128-B2B256 --2 # client TLSv1 HC128-B2B256 -v 1 -l HC128-B2B256 --2 # server TLSv1 AES128-B2B256 -v 1 -l AES128-B2B256 --2 # client TLSv1 AES128-B2B256 -v 1 -l AES128-B2B256 --2 # server TLSv1 AES256-B2B256 -v 1 -l AES256-B2B256 --2 # client TLSv1 AES256-B2B256 -v 1 -l AES256-B2B256 --2 # server TLSv1.1 HC128-SHA -v 2 -l HC128-SHA --2 # client TLSv1.1 HC128-SHA -v 2 -l HC128-SHA --2 # server TLSv1.1 HC128-MD5 -v 2 -l HC128-MD5 --2 # client TLSv1.1 HC128-MD5 -v 2 -l HC128-MD5 --2 # server TLSv1.1 HC128-B2B256 -v 2 -l HC128-B2B256 --2 # client TLSv1.1 HC128-B2B256 -v 2 -l HC128-B2B256 --2 # server TLSv1.1 AES128-B2B256 -v 2 -l AES128-B2B256 --2 # client TLSv1.1 AES128-B2B256 -v 2 -l AES128-B2B256 --2 # server TLSv1.1 AES256-B2B256 -v 2 -l AES256-B2B256 --2 # client TLSv1.1 AES256-B2B256 -v 2 -l AES256-B2B256 --2 # server TLSv1.2 HC128-SHA -v 3 -l HC128-SHA --2 # client TLSv1.2 HC128-SHA -v 3 -l HC128-SHA --2 # server TLSv1.2 HC128-MD5 -v 3 -l HC128-MD5 --2 # client TLSv1.2 HC128-MD5 -v 3 -l HC128-MD5 --2 # server TLSv1.2 HC128-B2B256 -v 3 -l HC128-B2B256 --2 # client TLSv1.2 HC128-B2B256 -v 3 -l HC128-B2B256 --2 # server TLSv1.2 AES128-B2B256 -v 3 -l AES128-B2B256 --2 # client TLSv1.2 AES128-B2B256 -v 3 -l AES128-B2B256 --2 # server TLSv1.2 AES256-B2B256 -v 3 -l AES256-B2B256 --2 # client TLSv1.2 AES256-B2B256 -v 3 -l AES256-B2B256 --2 # server TLSv1 RABBIT-SHA -v 1 -l RABBIT-SHA --2 # client TLSv1 RABBIT-SHA -v 1 -l RABBIT-SHA --2 # server TLSv1.1 RABBIT-SHA -v 2 -l RABBIT-SHA --2 # client TLSv1.1 RABBIT-SHA -v 2 -l RABBIT-SHA --2 # server TLSv1.2 RABBIT-SHA -v 3 -l RABBIT-SHA --2 # client TLSv1.2 RABBIT-SHA -v 3 -l RABBIT-SHA --2 # server TLSv1 DHE AES128 -v 1 -l DHE-RSA-AES128-SHA --2 # client TLSv1 DHE AES128 -v 1 -l DHE-RSA-AES128-SHA --2 # server TLSv1 DHE AES256 -v 1 -l DHE-RSA-AES256-SHA --2 # client TLSv1 DHE AES256 -v 1 -l DHE-RSA-AES256-SHA --2 # server TLSv1 DHE AES128-SHA256 -v 1 -l DHE-RSA-AES128-SHA256 --2 # client TLSv1 DHE AES128-SHA256 -v 1 -l DHE-RSA-AES128-SHA256 --2 # server TLSv1 DHE AES256-SHA256 -v 1 -l DHE-RSA-AES256-SHA256 --2 # client TLSv1 DHE AES256-SHA256 -v 1 -l DHE-RSA-AES256-SHA256 --2 # server TLSv1.1 DHE AES128 -v 2 -l DHE-RSA-AES128-SHA --2 # client TLSv1.1 DHE AES128 -v 2 -l DHE-RSA-AES128-SHA --2 # server TLSv1.1 DHE AES256 -v 2 -l DHE-RSA-AES256-SHA --2 # client TLSv1.1 DHE AES256 -v 2 -l DHE-RSA-AES256-SHA --2 # server TLSv1.1 DHE AES128-SHA256 -v 2 -l DHE-RSA-AES128-SHA256 --2 # client TLSv1.1 DHE AES128-SHA256 -v 2 -l DHE-RSA-AES128-SHA256 --2 # server TLSv1.1 DHE AES256-SHA256 -v 2 -l DHE-RSA-AES256-SHA256 --2 # client TLSv1.1 DHE AES256-SHA256 -v 2 -l DHE-RSA-AES256-SHA256 --2 # server TLSv1.1 DHE 3DES -v 2 -l EDH-RSA-DES-CBC3-SHA --2 # client TLSv1.1 DHE 3DES -v 2 -l EDH-RSA-DES-CBC3-SHA --2 # server TLSv1.2 DHE 3DES -v 3 -l EDH-RSA-DES-CBC3-SHA --2 # client TLSv1.2 DHE 3DES -v 3 -l EDH-RSA-DES-CBC3-SHA --2 - -# server TLSv1.2 DHE AES128 (DHE prime test) --v 3 --l DHE-RSA-AES128-SHA - -# client TLSv1.2 DHE AES128 (DHE prime test) --v 3 --l DHE-RSA-AES128-SHA # server TLSv1.2 DHE AES128 -v 3 -l DHE-RSA-AES128-SHA --2 # client TLSv1.2 DHE AES128 -v 3 -l DHE-RSA-AES128-SHA --2 # server TLSv1.2 DHE AES256 -v 3 -l DHE-RSA-AES256-SHA --2 # client TLSv1.2 DHE AES256 -v 3 -l DHE-RSA-AES256-SHA --2 # server TLSv1.2 DHE AES128-SHA256 -v 3 -l DHE-RSA-AES128-SHA256 --2 # client TLSv1.2 DHE AES128-SHA256 -v 3 -l DHE-RSA-AES128-SHA256 --2 - -# server TLSv1.2 DHE AES256-SHA256 (DHE prime test) --v 3 --l DHE-RSA-AES256-SHA256 - -# client TLSv1.2 DHE AES256-SHA256 (DHE prime test) --v 3 --l DHE-RSA-AES256-SHA256 # server TLSv1.2 DHE AES256-SHA256 -v 3 -l DHE-RSA-AES256-SHA256 --2 # client TLSv1.2 DHE AES256-SHA256 -v 3 -l DHE-RSA-AES256-SHA256 --2 # server TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1 PSK-AES128 -s -v 1 -l PSK-AES128-CBC-SHA --2 # client TLSv1 PSK-AES128 -s -v 1 -l PSK-AES128-CBC-SHA --2 # server TLSv1 PSK-AES256 -s -v 1 -l PSK-AES256-CBC-SHA --2 # client TLSv1 PSK-AES256 -s -v 1 -l PSK-AES256-CBC-SHA --2 # server TLSv1.1 PSK-AES128 -s -v 2 -l PSK-AES128-CBC-SHA --2 # client TLSv1.1 PSK-AES128 -s -v 2 -l PSK-AES128-CBC-SHA --2 # server TLSv1.1 PSK-AES256 -s -v 2 -l PSK-AES256-CBC-SHA --2 # client TLSv1.1 PSK-AES256 -s -v 2 -l PSK-AES256-CBC-SHA --2 # server TLSv1.2 PSK-AES128 -s -v 3 -l PSK-AES128-CBC-SHA --2 # client TLSv1.2 PSK-AES128 -s -v 3 -l PSK-AES128-CBC-SHA --2 # server TLSv1.2 PSK-AES256 -s -v 3 -l PSK-AES256-CBC-SHA --2 # client TLSv1.2 PSK-AES256 -s -v 3 -l PSK-AES256-CBC-SHA --2 # server TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l PSK-AES128-CBC-SHA256 --2 # client TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l PSK-AES128-CBC-SHA256 --2 # server TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l PSK-AES128-CBC-SHA256 --2 # client TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l PSK-AES128-CBC-SHA256 --2 # server TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l PSK-AES128-CBC-SHA256 --2 # client TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l PSK-AES128-CBC-SHA256 --2 # server TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l PSK-AES256-CBC-SHA384 --2 # client TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l PSK-AES256-CBC-SHA384 --2 # server TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l PSK-AES256-CBC-SHA384 --2 # client TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l PSK-AES256-CBC-SHA384 --2 # server TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l PSK-AES256-CBC-SHA384 --2 # client TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l PSK-AES256-CBC-SHA384 --2 # server TLSv1.0 PSK-NULL -s -v 1 -l PSK-NULL-SHA --2 # client TLSv1.0 PSK-NULL -s -v 1 -l PSK-NULL-SHA --2 # server TLSv1.1 PSK-NULL -s -v 2 -l PSK-NULL-SHA --2 # client TLSv1.1 PSK-NULL -s -v 2 -l PSK-NULL-SHA --2 # server TLSv1.2 PSK-NULL -s -v 3 -l PSK-NULL-SHA --2 # client TLSv1.2 PSK-NULL -s -v 3 -l PSK-NULL-SHA --2 # server TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l PSK-NULL-SHA256 --2 # client TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l PSK-NULL-SHA256 --2 # server TLSv1.2 PSK-NULL-SHA384 -s -v 3 -l PSK-NULL-SHA384 --2 # client TLSv1.2 PSK-NULL-SHA384 -s -v 3 -l PSK-NULL-SHA384 --2 # server TLSv1.2 PSK-NULL -s -v 3 -l PSK-NULL-SHA --2 # client TLSv1.2 PSK-NULL -s -v 3 -l PSK-NULL-SHA --2 # server TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l PSK-NULL-SHA256 --2 # client TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l PSK-NULL-SHA256 --2 # server TLSv1.0 RSA-NULL-SHA -v 1 -l NULL-SHA --2 # client TLSv1.0 RSA-NULL-SHA -v 1 -l NULL-SHA --2 # server TLSv1.1 RSA-NULL-SHA -v 2 -l NULL-SHA --2 # client TLSv1.1 RSA-NULL-SHA -v 2 -l NULL-SHA --2 # server TLSv1.2 RSA-NULL-SHA -v 3 -l NULL-SHA --2 # client TLSv1.2 RSA-NULL-SHA -v 3 -l NULL-SHA --2 # server TLSv1.0 RSA-NULL-SHA256 -v 1 -l NULL-SHA256 --2 # client TLSv1.0 RSA-NULL-SHA256 -v 1 -l NULL-SHA256 --2 # server TLSv1.1 RSA-NULL-SHA256 -v 2 -l NULL-SHA256 --2 # client TLSv1.1 RSA-NULL-SHA256 -v 2 -l NULL-SHA256 --2 # server TLSv1.2 RSA-NULL-SHA256 -v 3 -l NULL-SHA256 --2 # client TLSv1.2 RSA-NULL-SHA256 -v 3 -l NULL-SHA256 --2 # server TLSv1 CAMELLIA128-SHA -v 1 -l CAMELLIA128-SHA --2 # client TLSv1 CAMELLIA128-SHA -v 1 -l CAMELLIA128-SHA --2 # server TLSv1 CAMELLIA256-SHA -v 1 -l CAMELLIA256-SHA --2 # client TLSv1 CAMELLIA256-SHA -v 1 -l CAMELLIA256-SHA --2 # server TLSv1 CAMELLIA128-SHA256 -v 1 -l CAMELLIA128-SHA256 --2 # client TLSv1 CAMELLIA128-SHA256 -v 1 -l CAMELLIA128-SHA256 --2 # server TLSv1 CAMELLIA256-SHA256 -v 1 -l CAMELLIA256-SHA256 --2 # client TLSv1 CAMELLIA256-SHA256 -v 1 -l CAMELLIA256-SHA256 --2 # server TLSv1.1 CAMELLIA128-SHA -v 2 -l CAMELLIA128-SHA --2 # client TLSv1.1 CAMELLIA128-SHA -v 2 -l CAMELLIA128-SHA --2 # server TLSv1.1 CAMELLIA256-SHA -v 2 -l CAMELLIA256-SHA --2 # client TLSv1.1 CAMELLIA256-SHA -v 2 -l CAMELLIA256-SHA --2 # server TLSv1.1 CAMELLIA128-SHA256 -v 2 -l CAMELLIA128-SHA256 --2 # client TLSv1.1 CAMELLIA128-SHA256 -v 2 -l CAMELLIA128-SHA256 --2 # server TLSv1.1 CAMELLIA256-SHA256 -v 2 -l CAMELLIA256-SHA256 --2 # client TLSv1.1 CAMELLIA256-SHA256 -v 2 -l CAMELLIA256-SHA256 --2 # server TLSv1.2 CAMELLIA128-SHA -v 3 -l CAMELLIA128-SHA --2 # client TLSv1.2 CAMELLIA128-SHA -v 3 -l CAMELLIA128-SHA --2 # server TLSv1.2 CAMELLIA256-SHA -v 3 -l CAMELLIA256-SHA --2 # client TLSv1.2 CAMELLIA256-SHA -v 3 -l CAMELLIA256-SHA --2 # server TLSv1.2 CAMELLIA128-SHA256 -v 3 -l CAMELLIA128-SHA256 --2 # client TLSv1.2 CAMELLIA128-SHA256 -v 3 -l CAMELLIA128-SHA256 --2 # server TLSv1.2 CAMELLIA256-SHA256 -v 3 -l CAMELLIA256-SHA256 --2 # client TLSv1.2 CAMELLIA256-SHA256 -v 3 -l CAMELLIA256-SHA256 --2 # server TLSv1 DHE-RSA-CAMELLIA128-SHA -v 1 -l DHE-RSA-CAMELLIA128-SHA --2 # client TLSv1 DHE-RSA-CAMELLIA128-SHA -v 1 -l DHE-RSA-CAMELLIA128-SHA --2 # server TLSv1 DHE-RSA-CAMELLIA256-SHA -v 1 -l DHE-RSA-CAMELLIA256-SHA --2 # client TLSv1 DHE-RSA-CAMELLIA256-SHA -v 1 -l DHE-RSA-CAMELLIA256-SHA --2 # server TLSv1 DHE-RSA-CAMELLIA128-SHA256 -v 1 -l DHE-RSA-CAMELLIA128-SHA256 --2 # client TLSv1 DHE-RSA-CAMELLIA128-SHA256 -v 1 -l DHE-RSA-CAMELLIA128-SHA256 --2 # server TLSv1 DHE-RSA-CAMELLIA256-SHA256 -v 1 -l DHE-RSA-CAMELLIA256-SHA256 --2 # client TLSv1 DHE-RSA-CAMELLIA256-SHA256 -v 1 -l DHE-RSA-CAMELLIA256-SHA256 --2 # server TLSv1.1 DHE-RSA-CAMELLIA128-SHA -v 2 -l DHE-RSA-CAMELLIA128-SHA --2 # client TLSv1.1 DHE-RSA-CAMELLIA128-SHA -v 2 -l DHE-RSA-CAMELLIA128-SHA --2 # server TLSv1.1 DHE-RSA-CAMELLIA256-SHA -v 2 -l DHE-RSA-CAMELLIA256-SHA --2 # client TLSv1.1 DHE-RSA-CAMELLIA256-SHA -v 2 -l DHE-RSA-CAMELLIA256-SHA --2 # server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 -v 2 -l DHE-RSA-CAMELLIA128-SHA256 --2 # client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 -v 2 -l DHE-RSA-CAMELLIA128-SHA256 --2 # server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 -v 2 -l DHE-RSA-CAMELLIA256-SHA256 --2 # client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 -v 2 -l DHE-RSA-CAMELLIA256-SHA256 --2 # server TLSv1.2 DHE-RSA-CAMELLIA128-SHA -v 3 -l DHE-RSA-CAMELLIA128-SHA --2 # client TLSv1.2 DHE-RSA-CAMELLIA128-SHA -v 3 -l DHE-RSA-CAMELLIA128-SHA --2 # server TLSv1.2 DHE-RSA-CAMELLIA256-SHA -v 3 -l DHE-RSA-CAMELLIA256-SHA --2 # client TLSv1.2 DHE-RSA-CAMELLIA256-SHA -v 3 -l DHE-RSA-CAMELLIA256-SHA --2 # server TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 -v 3 -l DHE-RSA-CAMELLIA128-SHA256 --2 # client TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 -v 3 -l DHE-RSA-CAMELLIA128-SHA256 --2 # server TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 -v 3 -l DHE-RSA-CAMELLIA256-SHA256 --2 # client TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 -v 3 -l DHE-RSA-CAMELLIA256-SHA256 --2 # server TLSv1.2 RSA-AES128-GCM-SHA256 -v 3 -l AES128-GCM-SHA256 --2 # client TLSv1.2 RSA-AES128-GCM-SHA256 -v 3 -l AES128-GCM-SHA256 --2 # server TLSv1.2 RSA-AES256-GCM-SHA384 -v 3 -l AES256-GCM-SHA384 --2 # client TLSv1.2 RSA-AES256-GCM-SHA384 -v 3 -l AES256-GCM-SHA384 --2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDH-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDH-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -v 3 -l ECDH-RSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -v 3 -l ECDH-RSA-AES128-GCM-SHA256 --2 # server TLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -v 3 -l ECDH-RSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -v 3 -l ECDH-RSA-AES256-GCM-SHA384 --2 # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 -v 3 -l DHE-RSA-AES128-GCM-SHA256 --2 # client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 -v 3 -l DHE-RSA-AES128-GCM-SHA256 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # server TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # client TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # server TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # client TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # server TLSv1.2 AES128-CCM-8 -v 3 -l AES128-CCM-8 --2 # client TLSv1.2 AES128-CCM-8 -v 3 -l AES128-CCM-8 --2 # server TLSv1.2 AES256-CCM-8 -v 3 -l AES256-CCM-8 --2 # client TLSv1.2 AES256-CCM-8 -v 3 -l AES256-CCM-8 --2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l ECDHE-ECDSA-AES128-CCM -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -v 3 -l ECDHE-ECDSA-AES256-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -v 3 -l ECDHE-ECDSA-AES256-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 PSK-AES128-CCM -s -v 3 -l PSK-AES128-CCM --2 # client TLSv1.2 PSK-AES128-CCM -s -v 3 -l PSK-AES128-CCM --2 # server TLSv1.2 PSK-AES256-CCM -s -v 3 -l PSK-AES256-CCM --2 # client TLSv1.2 PSK-AES256-CCM -s -v 3 -l PSK-AES256-CCM --2 # server TLSv1.2 PSK-AES128-CCM-8 -s -v 3 -l PSK-AES128-CCM-8 --2 # client TLSv1.2 PSK-AES128-CCM-8 -s -v 3 -l PSK-AES128-CCM-8 --2 # server TLSv1.2 PSK-AES256-CCM-8 -s -v 3 -l PSK-AES256-CCM-8 --2 # client TLSv1.2 PSK-AES256-CCM-8 -s -v 3 -l PSK-AES256-CCM-8 --2 # server TLSv1.0 DHE-PSK-AES128-CBC-SHA256 -s -v 1 -l DHE-PSK-AES128-CBC-SHA256 --2 # client TLSv1.0 DHE-PSK-AES128-CBC-SHA256 -s -v 1 -l DHE-PSK-AES128-CBC-SHA256 --2 # server TLSv1.1 DHE-PSK-AES128-CBC-SHA256 -s -v 2 -l DHE-PSK-AES128-CBC-SHA256 --2 # client TLSv1.1 DHE-PSK-AES128-CBC-SHA256 -s -v 2 -l DHE-PSK-AES128-CBC-SHA256 --2 - -# server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 (DHE prime test) --s --v 3 --l DHE-PSK-AES128-CBC-SHA256 - -# client TLSv1.2 DHE-PSK-AES128-CBC-SHA256 (DHE prime test) --s --v 3 --l DHE-PSK-AES128-CBC-SHA256 # server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 -s -v 3 -l DHE-PSK-AES128-CBC-SHA256 --2 # client TLSv1.2 DHE-PSK-AES128-CBC-SHA256 -s -v 3 -l DHE-PSK-AES128-CBC-SHA256 --2 # server TLSv1.0 DHE-PSK-AES256-CBC-SHA384 -s -v 1 -l DHE-PSK-AES256-CBC-SHA384 --2 # client TLSv1.0 DHE-PSK-AES256-CBC-SHA384 -s -v 1 -l DHE-PSK-AES256-CBC-SHA384 --2 # server TLSv1.1 DHE-PSK-AES256-CBC-SHA384 -s -v 2 -l DHE-PSK-AES256-CBC-SHA384 --2 # client TLSv1.1 DHE-PSK-AES256-CBC-SHA384 -s -v 2 -l DHE-PSK-AES256-CBC-SHA384 --2 # server TLSv1.2 DHE-PSK-AES256-CBC-SHA384 -s -v 3 -l DHE-PSK-AES256-CBC-SHA384 --2 # client TLSv1.2 DHE-PSK-AES256-CBC-SHA384 -s -v 3 -l DHE-PSK-AES256-CBC-SHA384 --2 # server TLSv1.0 DHE-PSK-NULL-SHA256 -s -v 1 -l DHE-PSK-NULL-SHA256 --2 # client TLSv1.0 DHE-PSK-NULL-SHA256 -s -v 1 -l DHE-PSK-NULL-SHA256 --2 # server TLSv1.1 DHE-PSK-NULL-SHA256 -s -v 2 -l DHE-PSK-NULL-SHA256 --2 # client TLSv1.1 DHE-PSK-NULL-SHA256 -s -v 2 -l DHE-PSK-NULL-SHA256 --2 # server TLSv1.2 DHE-PSK-NULL-SHA256 -s -v 3 -l DHE-PSK-NULL-SHA256 --2 # client TLSv1.2 DHE-PSK-NULL-SHA256 -s -v 3 -l DHE-PSK-NULL-SHA256 --2 # server TLSv1.0 DHE-PSK-NULL-SHA384 -s -v 1 -l DHE-PSK-NULL-SHA384 --2 # client TLSv1.0 DHE-PSK-NULL-SHA384 -s -v 1 -l DHE-PSK-NULL-SHA384 --2 # server TLSv1.1 DHE-PSK-NULL-SHA384 -s -v 2 -l DHE-PSK-NULL-SHA384 --2 # client TLSv1.1 DHE-PSK-NULL-SHA384 -s -v 2 -l DHE-PSK-NULL-SHA384 --2 # server TLSv1.2 DHE-PSK-NULL-SHA384 -s -v 3 -l DHE-PSK-NULL-SHA384 --2 # client TLSv1.2 DHE-PSK-NULL-SHA384 -s -v 3 -l DHE-PSK-NULL-SHA384 --2 # server TLSv1.2 DHE-PSK-AES128-GCM-SHA256 -s -v 3 -l DHE-PSK-AES128-GCM-SHA256 --2 # client TLSv1.2 DHE-PSK-AES128-GCM-SHA256 -s -v 3 -l DHE-PSK-AES128-GCM-SHA256 --2 # server TLSv1.2 DHE-PSK-AES256-GCM-SHA384 -s -v 3 -l DHE-PSK-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-PSK-AES256-GCM-SHA384 -s -v 3 -l DHE-PSK-AES256-GCM-SHA384 --2 # server TLSv1.2 DHE-PSK-AES128-CCM -s -v 3 -l DHE-PSK-AES128-CCM --2 # client TLSv1.2 DHE-PSK-AES128-CCM -s -v 3 -l DHE-PSK-AES128-CCM --2 # server TLSv1.2 DHE-PSK-AES256-CCM -s -v 3 -l DHE-PSK-AES256-CCM --2 # client TLSv1.2 DHE-PSK-AES256-CCM -s -v 3 -l DHE-PSK-AES256-CCM --2 # server TLSv1.2 ADH-AES128-SHA -a -v 3 -l ADH-AES128-SHA --2 # client TLSv1.2 ADH-AES128-SHA -a -v 3 -l ADH-AES128-SHA --2 # server TLSv1.1 ADH-AES128-SHA -a -v 2 -l ADH-AES128-SHA --2 # client TLSv1.1 ADH-AES128-SHA -a -v 2 -l ADH-AES128-SHA --2 # server TLSv1.0 ADH-AES128-SHA -a -v 1 -l ADH-AES128-SHA --2 # client TLSv1.0 ADH-AES128-SHA -a -v 1 -l ADH-AES128-SHA --2 # server TLSv1.2 ADH-AES256-GCM-SHA384 -a -v 3 -l ADH-AES256-GCM-SHA384 --2 # client TLSv1.2 ADH-AES256-GCM-SHA384 -a -v 3 -l ADH-AES256-GCM-SHA384 --2 # server TLSv1.1 ADH-AES256-GCM-SHA384 -a -v 2 -l ADH-AES256-GCM-SHA384 --2 # client TLSv1.1 ADH-AES256-GCM-SHA384 -a -v 2 -l ADH-AES256-GCM-SHA384 --2 # server TLSv1.0 ADH-AES256-GCM-SHA384 -a -v 1 -l ADH-AES256-GCM-SHA384 --2 # client TLSv1.0 ADH-AES256-GCM-SHA384 -a -v 1 -l ADH-AES256-GCM-SHA384 --2 # server TLSv1 NTRU_RC4 -v 1 @@ -2564,12 +2084,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_RC4 -v 1 -l NTRU-RC4-SHA --2 # server TLSv1 NTRU_DES3 -v 1 @@ -2577,12 +2095,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_DES3 -v 1 -l NTRU-DES-CBC3-SHA --2 # server TLSv1 NTRU_AES128 -v 1 @@ -2590,12 +2106,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_AES128 -v 1 -l NTRU-AES128-SHA --2 # server TLSv1 NTRU_AES256 -v 1 @@ -2603,12 +2117,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_AES256 -v 1 -l NTRU-AES256-SHA --2 # server TLSv1.1 NTRU_RC4 -v 2 @@ -2616,12 +2128,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_RC4 -v 2 -l NTRU-RC4-SHA --2 # server TLSv1.1 NTRU_DES3 -v 2 @@ -2629,12 +2139,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_DES3 -v 2 -l NTRU-DES-CBC3-SHA --2 # server TLSv1.1 NTRU_AES128 -v 2 @@ -2642,12 +2150,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_AES128 -v 2 -l NTRU-AES128-SHA --2 # server TLSv1.1 NTRU_AES256 -v 2 @@ -2655,12 +2161,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_AES256 -v 2 -l NTRU-AES256-SHA --2 # server TLSv1.2 NTRU_RC4 -v 3 @@ -2668,12 +2172,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.2 NTRU_RC4 -v 3 -l NTRU-RC4-SHA --2 # server TLSv1.2 NTRU_DES3 -v 3 @@ -2681,12 +2183,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.2 NTRU_DES3 -v 3 -l NTRU-DES-CBC3-SHA --2 # server TLSv1.2 NTRU_AES128 -v 3 @@ -2694,113 +2194,95 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.2 NTRU_AES128 -v 3 -l NTRU-AES128-SHA --2 # error going into callback, return ok # server TLSv1.2 verify callback override -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-rsa-badsig.pem --2 # client TLSv1.2 verify callback override -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -j --2 # server TLSv1.2 verify callback override -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-ecc-badsig.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 verify callback override -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem -j --2 # no error going into callback, return ok # server TLSv1.2 verify callback override -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/server-cert.pem --2 # client TLSv1.2 verify callback override -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -j --2 # server TLSv1.2 verify callback override -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/test/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 verify callback override -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem -j --2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem -t --2 # server TLSv1.2 private-only key -v 3 -c ./certs/ecc-privOnlyCert.pem -k ./certs/ecc-privOnlyKey.pem --2 # client TLSv1.2 private-only key on server -v 3 -d --2 # server TLSv1.2 with fragment -v 3 --2 # client TLSv1.2 with fragment -v 3 -F 1 --2 # server TLSv1.2 RSA 3072-bit DH 3072-bit -v 3 -D certs/dh3072.pem -A certs/client-cert-3072.pem --2 # client TLSv1.2 RSA 3072-bit DH 3072-bit -v 3 -D certs/dh3072.pem -c certs/client-cert-3072.pem -k certs/client-key-3072.pem --2 # server good certificate common name -v 3 @@ -2808,7 +2290,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-goodcn.pem -d --2 # client good certificate common name -v 3 @@ -2817,7 +2298,6 @@ -A ./certs/test/server-goodcn.pem -m -C --2 # server good certificate alt name -v 3 @@ -2825,7 +2305,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-goodalt.pem -d --2 # client good certificate alt name -v 3 @@ -2834,7 +2313,6 @@ -A ./certs/test/server-goodalt.pem -m -C --2 # server good certificate common name wild -v 3 @@ -2842,7 +2320,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-goodcnwild.pem -d --2 # client good certificate common name wild -v 3 @@ -2851,7 +2328,6 @@ -A ./certs/test/server-goodcnwild.pem -m -C --2 # server good certificate alt name wild -v 3 @@ -2859,7 +2335,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-goodaltwild.pem -d --2 # client good certificate alt name wild -v 3 @@ -2868,13 +2343,11 @@ -A ./certs/test/server-goodaltwild.pem -m -C --2 # server CN in alternate names list -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-localhost.pem --2 # client CN in alternate names list -v 3 @@ -2882,18 +2355,15 @@ -h localhost -A ./certs/test/server-localhost.pem -m --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 with user curve (384 or 256) -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -H useSupCurve --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 with P-384 Certs and CA -v 3 @@ -2901,7 +2371,6 @@ -c ./certs/server-ecc384-cert.pem -k ./certs/server-ecc384-key.pem -A ./certs/ca-ecc384-cert.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 with P-384 Certs and CA -v 3 @@ -2909,4 +2378,3 @@ -c ./certs/client-ecc384-cert.pem -k ./certs/client-ecc384-key.pem -A ./certs/ca-ecc384-cert.pem --2 diff --git a/tests/unit.c b/tests/unit.c index 7ac13bc53..f237d17b8 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -82,7 +82,7 @@ int unit_test(int argc, char** argv) #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) #ifndef SINGLE_THREADED - if ( (ret = SuiteTest()) != 0){ + if ( (ret = SuiteTest(argc, argv)) != 0){ printf("suite test failed with %d\n", ret); goto exit; } diff --git a/tests/unit.h b/tests/unit.h index d62e0ee16..b2ec7d1a1 100644 --- a/tests/unit.h +++ b/tests/unit.h @@ -91,7 +91,7 @@ void ApiTest(void); -int SuiteTest(void); +int SuiteTest(int argc, char** argv); int HashTest(void); void SrpTest(void); From a358174b4b1a3c7112dc831b144705b17d02a42a Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 21 Dec 2018 12:36:47 -0800 Subject: [PATCH 4/4] Fix for DH prime test (extra leading spaces). Fix for new chain tests with CRL enabled. The current way of testing chain only loads root CA as trusted. The intermediate CA CRL isn't trusted or loaded and causes error. --- tests/test-altchains.conf | 33 +++++++++++++++++++++++++++++++++ tests/test-chains.conf | 33 +++++++++++++++++++++++++++++++++ tests/test-dhprime.conf | 4 ++-- 3 files changed, 68 insertions(+), 2 deletions(-) diff --git a/tests/test-altchains.conf b/tests/test-altchains.conf index cf1ef4a11..9bd52741d 100644 --- a/tests/test-altchains.conf +++ b/tests/test-altchains.conf @@ -1,10 +1,14 @@ # Tests will use complete chain with intermediate CA for testing +# The tests with chains have the CRL checking disabled +# CRL's only load for trusted CA's, for a chain you must load the root and intermediate as trusted +# For these tests we are loading root and sending intermediate and peer certs # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain -v 3 -l DHE-RSA-AES128-GCM-SHA256 -A ./certs/ca-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-chain.pem +-V # client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain -v 3 @@ -12,6 +16,7 @@ -A ./certs/ca-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-chain.pem +-C # server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain -v 3 @@ -19,6 +24,7 @@ -A ./certs/ca-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-chain.pem +-V # client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain -v 3 @@ -26,6 +32,7 @@ -A ./certs/ca-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-chain.pem +-C # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain -v 3 @@ -33,6 +40,7 @@ -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-chain-ecc.pem +-V # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain -v 3 @@ -40,6 +48,7 @@ -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-chain-ecc.pem +-C # server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain -v 4 @@ -47,6 +56,7 @@ -A ./certs/ca-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-chain.pem +-V # client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain -v 4 @@ -54,6 +64,7 @@ -A ./certs/ca-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-chain.pem +-C # server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain -v 4 @@ -61,6 +72,7 @@ -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-chain-ecc.pem +-V # client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain -v 4 @@ -68,6 +80,7 @@ -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-chain-ecc.pem +-C # Test will load intermediate CA as trusted and only present the peer cert (partial chain) # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain @@ -76,6 +89,7 @@ -A ./certs/intermediate/ca-int-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-int-cert.pem +-V # client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain -v 3 @@ -83,6 +97,7 @@ -A ./certs/intermediate/ca-int-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-int-cert.pem +-C # server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain -v 3 @@ -90,6 +105,7 @@ -A ./certs/intermediate/ca-int-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-int-cert.pem +-V # client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain -v 3 @@ -97,6 +113,7 @@ -A ./certs/intermediate/ca-int-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-int-cert.pem +-C # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain -v 3 @@ -104,6 +121,7 @@ -A ./certs/intermediate/ca-int-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-int-ecc-cert.pem +-V # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain -v 3 @@ -111,6 +129,7 @@ -A ./certs/intermediate/ca-int-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-int-ecc-cert.pem +-C # server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain -v 4 @@ -118,6 +137,7 @@ -A ./certs/intermediate/ca-int-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-int-cert.pem +-V # client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain -v 4 @@ -125,6 +145,7 @@ -A ./certs/intermediate/ca-int-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-int-cert.pem +-C # server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain -v 4 @@ -132,6 +153,7 @@ -A ./certs/intermediate/ca-int-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-int-ecc-cert.pem +-V # client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain -v 4 @@ -139,6 +161,7 @@ -A ./certs/intermediate/ca-int-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-int-ecc-cert.pem +-C # Test will use alternate chain where chain contains extra cert # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain @@ -147,6 +170,7 @@ -A ./certs/ca-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-chain-alt.pem +-V # client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain -v 3 @@ -154,6 +178,7 @@ -A ./certs/ca-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-chain-alt.pem +-C # server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain -v 3 @@ -161,6 +186,7 @@ -A ./certs/ca-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-chain-alt.pem +-V # client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain -v 3 @@ -168,6 +194,7 @@ -A ./certs/ca-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-chain-alt.pem +-C # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain -v 3 @@ -175,6 +202,7 @@ -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-chain-alt-ecc.pem +-V # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain -v 3 @@ -182,6 +210,7 @@ -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-chain-alt-ecc.pem +-C # server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain -v 4 @@ -189,6 +218,7 @@ -A ./certs/ca-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-chain-alt.pem +-V # client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain -v 4 @@ -196,6 +226,7 @@ -A ./certs/ca-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-chain-alt.pem +-C # server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain -v 4 @@ -203,6 +234,7 @@ -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-chain-alt-ecc.pem +-V # client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain -v 4 @@ -210,3 +242,4 @@ -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-chain-alt-ecc.pem +-C diff --git a/tests/test-chains.conf b/tests/test-chains.conf index b1f5c1b2f..14859f4f2 100644 --- a/tests/test-chains.conf +++ b/tests/test-chains.conf @@ -1,10 +1,14 @@ # Tests will use complete chain with intermediate CA for testing +# The tests with chains have the CRL checking disabled +# CRL's only load for trusted CA's, for a chain you must load the root and intermediate as trusted +# For these tests we are loading root and sending intermediate and peer certs # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain -v 3 -l DHE-RSA-AES128-GCM-SHA256 -A ./certs/ca-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-chain.pem +-V # client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain -v 3 @@ -12,6 +16,7 @@ -A ./certs/ca-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-chain.pem +-C # server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain -v 3 @@ -19,6 +24,7 @@ -A ./certs/ca-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-chain.pem +-V # client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain -v 3 @@ -26,6 +32,7 @@ -A ./certs/ca-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-chain.pem +-C # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain -v 3 @@ -33,6 +40,7 @@ -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-chain-ecc.pem +-V # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain -v 3 @@ -40,6 +48,7 @@ -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-chain-ecc.pem +-C # server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain -v 4 @@ -47,6 +56,7 @@ -A ./certs/ca-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-chain.pem +-V # client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain -v 4 @@ -54,6 +64,7 @@ -A ./certs/ca-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-chain.pem +-C # server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain -v 4 @@ -61,6 +72,7 @@ -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-chain-ecc.pem +-V # client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain -v 4 @@ -68,6 +80,7 @@ -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-chain-ecc.pem +-C # Test will load intermediate CA as trusted and only present the peer cert (partial chain) # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain @@ -76,6 +89,7 @@ -A ./certs/intermediate/ca-int-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-int-cert.pem +-V # client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain -v 3 @@ -83,6 +97,7 @@ -A ./certs/intermediate/ca-int-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-int-cert.pem +-C # server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain -v 3 @@ -90,6 +105,7 @@ -A ./certs/intermediate/ca-int-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-int-cert.pem +-V # client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain -v 3 @@ -97,6 +113,7 @@ -A ./certs/intermediate/ca-int-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-int-cert.pem +-C # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain -v 3 @@ -104,6 +121,7 @@ -A ./certs/intermediate/ca-int-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-int-ecc-cert.pem +-V # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain -v 3 @@ -111,6 +129,7 @@ -A ./certs/intermediate/ca-int-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-int-ecc-cert.pem +-C # server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain -v 4 @@ -118,6 +137,7 @@ -A ./certs/intermediate/ca-int-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-int-cert.pem +-V # client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain -v 4 @@ -125,6 +145,7 @@ -A ./certs/intermediate/ca-int-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-int-cert.pem +-C # server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain -v 4 @@ -132,6 +153,7 @@ -A ./certs/intermediate/ca-int-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-int-ecc-cert.pem +-V # client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain -v 4 @@ -139,6 +161,7 @@ -A ./certs/intermediate/ca-int-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-int-ecc-cert.pem +-C # Test will use alternate chain where chain contains extra cert # These tests should fail @@ -149,6 +172,7 @@ -k ./certs/server-key.pem -c ./certs/intermediate/server-chain-alt.pem -H exitWithRet +-V # client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail -v 3 @@ -157,6 +181,7 @@ -k ./certs/client-key.pem -c ./certs/intermediate/client-chain-alt.pem -H exitWithRet +-C # server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail -v 3 @@ -165,6 +190,7 @@ -k ./certs/server-key.pem -c ./certs/intermediate/server-chain-alt.pem -H exitWithRet +-V # client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail -v 3 @@ -173,6 +199,7 @@ -k ./certs/client-key.pem -c ./certs/intermediate/client-chain-alt.pem -H exitWithRet +-C # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain Fail -v 3 @@ -181,6 +208,7 @@ -k ./certs/ecc-key.pem -c ./certs/intermediate/server-chain-alt-ecc.pem -H exitWithRet +-V # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain Fail -v 3 @@ -189,6 +217,7 @@ -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-chain-alt-ecc.pem -H exitWithRet +-C # server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain Fail -v 4 @@ -197,6 +226,7 @@ -k ./certs/server-key.pem -c ./certs/intermediate/server-chain-alt.pem -H exitWithRet +-V # client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain Fail -v 4 @@ -205,6 +235,7 @@ -k ./certs/client-key.pem -c ./certs/intermediate/client-chain-alt.pem -H exitWithRet +-C # server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain Fail -v 4 @@ -213,6 +244,7 @@ -k ./certs/ecc-key.pem -c ./certs/intermediate/server-chain-alt-ecc.pem -H exitWithRet +-V # client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain Fail -v 4 @@ -221,3 +253,4 @@ -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-chain-alt-ecc.pem -H exitWithRet +-C diff --git a/tests/test-dhprime.conf b/tests/test-dhprime.conf index dc180f618..f43739ed0 100644 --- a/tests/test-dhprime.conf +++ b/tests/test-dhprime.conf @@ -6,7 +6,7 @@ -v 3 -l DHE-RSA-AES128-SHA - # server TLSv1.2 DHE AES256-SHA256 (DHE prime test) +# server TLSv1.2 DHE AES256-SHA256 (DHE prime test) -v 3 -l DHE-RSA-AES256-SHA256 @@ -15,7 +15,7 @@ -l DHE-RSA-AES256-SHA256 # server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 (DHE prime test) - -s +-s -v 3 -l DHE-PSK-AES128-CBC-SHA256