From ff1a1dc5d5711018c0797b09525ee5ba399fb0a4 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 29 Nov 2018 17:01:37 -0800 Subject: [PATCH 1/5] DHE Speed Up When loading DH domain parameters into a CTX, test the prime immediately. When loading them into a session, test the prime right before using it during the handshake. Sessions that get their prime from their context do not need to test their prime. Added a function to disable testing the prime in a session. The goal is to speed up testing as every single test case loads DH parameters whether they are used or not. --- examples/server/server.c | 16 ++++++++++-- src/internal.c | 54 ++++++++++++++++++++++++++++++++-------- src/ssl.c | 41 +++++++++++++++++++----------- wolfssl/internal.h | 14 ++++++++++- wolfssl/ssl.h | 1 + 5 files changed, 97 insertions(+), 29 deletions(-) diff --git a/examples/server/server.c b/examples/server/server.c index 7a8a57df5..47bce5fa0 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -670,6 +670,7 @@ static void Usage(void) #ifdef WOLFSSL_EARLY_DATA printf("%s", msg[++msgId]); /* -0 */ #endif + printf("-X Disable DH Prime check\n"); #ifdef WOLFSSL_MULTICAST printf("%s", msg[++msgId]); /* -3 */ #endif @@ -732,6 +733,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) short minEccKeyBits = DEFAULT_MIN_ECCKEY_BITS; int doListen = 1; int crlFlags = 0; + int doDhKeyCheck = 1; int ret; int err = 0; char* serverReadyFile = NULL; @@ -830,6 +832,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) (void)alpnList; (void)alpn_opt; (void)crlFlags; + (void)doDhKeyCheck; (void)readySignal; (void)updateKeysIVs; (void)postHandAuth; @@ -843,10 +846,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #ifdef WOLFSSL_VXWORKS useAnyAddr = 1; #else - /* Not Used: h, m, z, F, M, T, V, W, X */ + /* Not Used: h, m, z, F, M, T, V, W */ while ((ch = mygetopt(argc, argv, "?:" "abc:defgijk:l:nop:q:rstuv:wxy" - "A:B:C:D:E:GH:IJKL:NO:PQR:S:TUVYZ:" + "A:B:C:D:E:GH:IJKL:NO:PQR:S:TUVXYZ:" "01:3:")) != -1) { switch (ch) { case '?' : @@ -1153,6 +1156,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #endif break; + case 'X' : + doDhKeyCheck = 0; + break; + case '0' : #ifdef WOLFSSL_EARLY_DATA earlyData = 1; @@ -1765,6 +1772,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #elif !defined(NO_DH) SetDH(ssl); /* repick suites with DHE, higher priority than PSK */ #endif +#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + if (!doDhKeyCheck) + wolfSSL_SetEnableDhKeyTest(ssl, 0); +#endif } #ifndef WOLFSSL_CALLBACKS diff --git a/src/internal.c b/src/internal.c index c19cd0fa8..f10e6fef0 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4392,6 +4392,10 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->options.groupMessages = ctx->groupMessages; #ifndef NO_DH + #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + ssl->options.dhKeyTested = ctx->dhKeyTested; + #endif ssl->buffers.serverDH_P = ctx->serverDH_P; ssl->buffers.serverDH_G = ctx->serverDH_G; #endif @@ -4689,6 +4693,12 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->options.buildMsgState = BUILD_MSG_BEGIN; ssl->encrypt.state = CIPHER_STATE_BEGIN; ssl->decrypt.state = CIPHER_STATE_BEGIN; +#ifndef NO_DH + #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + ssl->options.dhDoKeyTest = 1; + #endif +#endif #ifdef WOLFSSL_DTLS #ifdef WOLFSSL_SCTP @@ -19588,21 +19598,21 @@ int SendClientKeyExchange(WOLFSSL* ssl) goto exit_scke; } -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - !defined(WOLFSSL_OLD_PRIME_CHECK) + #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + !defined(WOLFSSL_OLD_PRIME_CHECK) ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key, ssl->buffers.serverDH_P.buffer, ssl->buffers.serverDH_P.length, ssl->buffers.serverDH_G.buffer, ssl->buffers.serverDH_G.length, NULL, 0, 0, ssl->rng); -#else + #else ret = wc_DhSetKey(ssl->buffers.serverDH_Key, ssl->buffers.serverDH_P.buffer, ssl->buffers.serverDH_P.length, ssl->buffers.serverDH_G.buffer, ssl->buffers.serverDH_G.length); -#endif + #endif if (ret != 0) { goto exit_scke; } @@ -21431,13 +21441,35 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, goto exit_sske; } - ret = wc_DhSetKey(ssl->buffers.serverDH_Key, - ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); - if (ret != 0) { - goto exit_sske; + #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \ + !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + if (ssl->options.dhDoKeyTest && + !ssl->options.dhKeyTested) + { + ret = wc_DhSetCheckKey( + ssl->buffers.serverDH_Key, + ssl->buffers.serverDH_P.buffer, + ssl->buffers.serverDH_P.length, + ssl->buffers.serverDH_G.buffer, + ssl->buffers.serverDH_G.length, + NULL, 0, 0, ssl->rng); + if (ret != 0) { + goto exit_sske; + } + ssl->options.dhKeyTested = 1; + } + else + #endif + { + ret = wc_DhSetKey(ssl->buffers.serverDH_Key, + ssl->buffers.serverDH_P.buffer, + ssl->buffers.serverDH_P.length, + ssl->buffers.serverDH_G.buffer, + ssl->buffers.serverDH_G.length); + if (ret != 0) { + goto exit_sske; + } } ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key, diff --git a/src/ssl.c b/src/ssl.c index 99bd48497..ce5add06d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1482,21 +1482,8 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ !defined(HAVE_SELFTEST) - { - DhKey checkKey; - int error, freeKey = 0; - - error = wc_InitDhKey(&checkKey); - if (!error) { - freeKey = 1; - error = wc_DhSetCheckKey(&checkKey, - p, pSz, g, gSz, NULL, 0, 0, ssl->rng); - } - if (freeKey) - wc_FreeDhKey(&checkKey); - if (error) - return error; - } + ssl->options.dhKeyTested = 0; + ssl->options.dhDoKeyTest = 1; #endif if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) { @@ -1555,6 +1542,28 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, return WOLFSSL_SUCCESS; } + +#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) +/* Enables or disables the session's DH key prime test. */ +int wolfSSL_SetEnableDhKeyTest(WOLFSSL* ssl, int enable) +{ + WOLFSSL_ENTER("wolfSSL_SetEnableDhKeyTest"); + + if (ssl == NULL) + return BAD_FUNC_ARG; + + if (!enable) + ssl->options.dhDoKeyTest = 0; + else + ssl->options.dhDoKeyTest = 1; + + WOLFSSL_LEAVE("wolfSSL_SetEnableDhKeyTest", WOLFSSL_SUCCESS); + return WOLFSSL_SUCCESS; +} +#endif + + /* server ctx Diffie-Hellman parameters, WOLFSSL_SUCCESS on ok */ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz, const unsigned char* g, int gSz) @@ -1587,6 +1596,8 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz, wc_FreeRng(&rng); if (error) return error; + + ctx->dhKeyTested = 1; } #endif diff --git a/wolfssl/internal.h b/wolfssl/internal.h index d6a855384..2cb9cce87 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2531,6 +2531,12 @@ struct WOLFSSL_CTX { #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) byte postHandshakeAuth:1; /* Post-handshake auth supported. */ #endif +#ifndef NO_DH + #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + byte dhKeyTested:1; /* Set when key has been tested. */ + #endif +#endif #ifdef WOLFSSL_MULTICAST byte haveMcast; /* multicast requested */ byte mcastID; /* multicast group ID */ @@ -3240,7 +3246,13 @@ typedef struct Options { !defined(NO_ED25519_CLIENT_AUTH) word16 cacheMessages:1; /* Cache messages for sign/verify */ #endif - +#ifndef NO_DH + #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \ + !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + word16 dhDoKeyTest:1; /* Need to do the DH Key prime test */ + word16 dhKeyTested:1; /* Set when key has been tested. */ + #endif +#endif /* need full byte values for this section */ byte processReply; /* nonblocking resume */ byte cipherSuite0; /* first byte, normally 0 */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 1f6a22649..5b6efab44 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1649,6 +1649,7 @@ WOLFSSL_API int wolfSSL_SetTmpDH(WOLFSSL*, const unsigned char* p, int pSz, const unsigned char* g, int gSz); WOLFSSL_API int wolfSSL_SetTmpDH_buffer(WOLFSSL*, const unsigned char* b, long sz, int format); +WOLFSSL_API int wolfSSL_SetEnableDhKeyTest(WOLFSSL*, int); #ifndef NO_FILESYSTEM WOLFSSL_API int wolfSSL_SetTmpDH_file(WOLFSSL*, const char* f, int format); #endif From 564a1ee499599eca55f02f92a739e5546b1f4334 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Fri, 30 Nov 2018 09:19:11 -0800 Subject: [PATCH 2/5] Make the skip DH test flag build-conditional. --- examples/server/server.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/examples/server/server.c b/examples/server/server.c index 47bce5fa0..057907d45 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -733,7 +733,6 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) short minEccKeyBits = DEFAULT_MIN_ECCKEY_BITS; int doListen = 1; int crlFlags = 0; - int doDhKeyCheck = 1; int ret; int err = 0; char* serverReadyFile = NULL; @@ -782,6 +781,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) int hrrCookie = 0; #endif byte mcastID = 0; +#if !defined(NO_DH) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) + int doDhKeyCheck = 1; +#endif #ifdef WOLFSSL_STATIC_MEMORY #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \ @@ -832,7 +835,6 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) (void)alpnList; (void)alpn_opt; (void)crlFlags; - (void)doDhKeyCheck; (void)readySignal; (void)updateKeysIVs; (void)postHandAuth; @@ -1157,7 +1159,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) break; case 'X' : - doDhKeyCheck = 0; + #if !defined(NO_DH) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) + doDhKeyCheck = 0; + #endif break; case '0' : @@ -1772,8 +1777,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #elif !defined(NO_DH) SetDH(ssl); /* repick suites with DHE, higher priority than PSK */ #endif -#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ - !defined(HAVE_SELFTEST) +#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \ + !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) if (!doDhKeyCheck) wolfSSL_SetEnableDhKeyTest(ssl, 0); #endif From a55f11cdd8fcd80e4f381c29111c5771d94f0384 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 3 Dec 2018 13:53:44 -0800 Subject: [PATCH 3/5] DHE Speed Up 1. Also apply the setting to the client side. 2. Updated the server and client command line options to use "-2" for disabling the DHE check. --- examples/client/client.c | 32 +++++++++++++++- examples/server/server.c | 27 +++++++------ src/internal.c | 82 +++++++++++++++++++++++++--------------- 3 files changed, 98 insertions(+), 43 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index ddf5d52cc..b2d9574c2 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1232,6 +1232,10 @@ static void Usage(void) #ifdef WOLFSSL_EARLY_DATA printf("%s", msg[++msgid]); /* -0 */ #endif +#if !defined(NO_DH) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) + printf("-2 Disable DH Prime check\n"); +#endif #ifdef WOLFSSL_MULTICAST printf("%s", msg[++msgid]); /* -3 */ #endif @@ -1351,6 +1355,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef WOLFSSL_MULTICAST byte mcastID = 0; #endif +#if !defined(NO_DH) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) + int doDhKeyCheck = 1; +#endif #ifdef HAVE_OCSP int useOcsp = 0; @@ -1428,7 +1436,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) while ((ch = mygetopt(argc, argv, "?:" "ab:c:defgh:ijk:l:mnop:q:rstuv:wxyz" "A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:" - "01:3:")) != -1) { + "01:23:")) != -1) { switch (ch) { case '?' : if(myoptarg!=NULL) { @@ -1816,12 +1824,21 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) earlyData = 1; #endif break; + case '1' : lng_index = atoi(myoptarg); if(lng_index<0||lng_index>1){ lng_index = 0; } break; + + case '2' : + #if !defined(NO_DH) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) + doDhKeyCheck = 0; + #endif + break; + case '3' : #ifdef WOLFSSL_MULTICAST doMcast = 1; @@ -2558,6 +2575,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } #endif +#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \ + !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + if (!doDhKeyCheck) + wolfSSL_SetEnableDhKeyTest(ssl, 0); +#endif + + tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl); if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { wolfSSL_free(ssl); ssl = NULL; @@ -2841,6 +2865,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) err_sys("unable to get SSL object"); } +#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \ + !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + if (!doDhKeyCheck) + wolfSSL_SetEnableDhKeyTest(sslResume, 0); +#endif + if (dtlsUDP) { #ifdef USE_WINDOWS_API Sleep(500); diff --git a/examples/server/server.c b/examples/server/server.c index 057907d45..85248e86b 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -670,7 +670,10 @@ static void Usage(void) #ifdef WOLFSSL_EARLY_DATA printf("%s", msg[++msgId]); /* -0 */ #endif - printf("-X Disable DH Prime check\n"); +#if !defined(NO_DH) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) + printf("-2 Disable DH Prime check\n"); +#endif #ifdef WOLFSSL_MULTICAST printf("%s", msg[++msgId]); /* -3 */ #endif @@ -848,11 +851,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #ifdef WOLFSSL_VXWORKS useAnyAddr = 1; #else - /* Not Used: h, m, z, F, M, T, V, W */ + /* Not Used: h, m, z, F, M, T, V, W, X */ while ((ch = mygetopt(argc, argv, "?:" "abc:defgijk:l:nop:q:rstuv:wxy" - "A:B:C:D:E:GH:IJKL:NO:PQR:S:TUVXYZ:" - "01:3:")) != -1) { + "A:B:C:D:E:GH:IJKL:NO:PQR:S:TUVYZ:" + "01:23:")) != -1) { switch (ch) { case '?' : if(myoptarg!=NULL) { @@ -1158,24 +1161,26 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #endif break; - case 'X' : - #if !defined(NO_DH) && !defined(HAVE_FIPS) && \ - !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) - doDhKeyCheck = 0; - #endif - break; - case '0' : #ifdef WOLFSSL_EARLY_DATA earlyData = 1; #endif break; + case '1' : lng_index = atoi(myoptarg); if(lng_index<0||lng_index>1){ lng_index = 0; } break; + + case '2' : + #if !defined(NO_DH) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) + doDhKeyCheck = 0; + #endif + break; + case '3' : #ifdef WOLFSSL_MULTICAST doMcast = 1; diff --git a/src/internal.c b/src/internal.c index f10e6fef0..9973dabfb 100644 --- a/src/internal.c +++ b/src/internal.c @@ -19600,21 +19600,31 @@ int SendClientKeyExchange(WOLFSSL* ssl) #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ !defined(WOLFSSL_OLD_PRIME_CHECK) - ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key, - ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length, - NULL, 0, 0, ssl->rng); - #else - ret = wc_DhSetKey(ssl->buffers.serverDH_Key, - ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); + if (ssl->options.dhDoKeyTest && + !ssl->options.dhKeyTested) + { + ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key, + ssl->buffers.serverDH_P.buffer, + ssl->buffers.serverDH_P.length, + ssl->buffers.serverDH_G.buffer, + ssl->buffers.serverDH_G.length, + NULL, 0, 0, ssl->rng); + if (ret != 0) { + goto exit_scke; + } + ssl->options.dhKeyTested = 1; + } + else #endif - if (ret != 0) { - goto exit_scke; + { + ret = wc_DhSetKey(ssl->buffers.serverDH_Key, + ssl->buffers.serverDH_P.buffer, + ssl->buffers.serverDH_P.length, + ssl->buffers.serverDH_G.buffer, + ssl->buffers.serverDH_G.length); + if (ret != 0) { + goto exit_scke; + } } /* for DH, encSecret is Yc, agree is pre-master */ @@ -19703,23 +19713,33 @@ int SendClientKeyExchange(WOLFSSL* ssl) goto exit_scke; } -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - !defined(WOLFSSL_OLD_PRIME_CHECK) - ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key, - ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length, - NULL, 0, 0, ssl->rng); -#else - ret = wc_DhSetKey(ssl->buffers.serverDH_Key, - ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); -#endif - if (ret != 0) { - goto exit_scke; + #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + !defined(WOLFSSL_OLD_PRIME_CHECK) + if (ssl->options.dhDoKeyTest && + !ssl->options.dhKeyTested) + { + ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key, + ssl->buffers.serverDH_P.buffer, + ssl->buffers.serverDH_P.length, + ssl->buffers.serverDH_G.buffer, + ssl->buffers.serverDH_G.length, + NULL, 0, 0, ssl->rng); + if (ret != 0) { + goto exit_scke; + } + ssl->options.dhKeyTested = 1; + } + else + #endif + { + ret = wc_DhSetKey(ssl->buffers.serverDH_Key, + ssl->buffers.serverDH_P.buffer, + ssl->buffers.serverDH_P.length, + ssl->buffers.serverDH_G.buffer, + ssl->buffers.serverDH_G.length); + if (ret != 0) { + goto exit_scke; + } } /* for DH, encSecret is Yc, agree is pre-master */ From fa0b4cd2d5d44550c784ed48054947822a402d8b Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 3 Dec 2018 15:15:30 -0800 Subject: [PATCH 4/5] DHE Speed Up 1. Modify all the test configuration files to disable the DHE prime test. 2. Add a test configuration that tests three cipher suites with the DHE prime test enabled. --- tests/test-dtls.conf | 163 +++++++++++ tests/test-ed25519.conf | 8 + tests/test-enckeys.conf | 9 + tests/test-fails.conf | 29 ++ tests/test-maxfrag-dtls.conf | 35 +++ tests/test-maxfrag.conf | 35 +++ tests/test-psk-no-id.conf | 53 ++++ tests/test-psk.conf | 1 + tests/test-qsh.conf | 465 ++++++++++++++++++++++++++++++ tests/test-sctp.conf | 189 +++++++++++++ tests/test-sig.conf | 39 +++ tests/test-tls13-down.conf | 12 + tests/test-tls13-ecc.conf | 13 + tests/test-tls13-psk.conf | 5 + tests/test-tls13.conf | 41 +++ tests/test.conf | 531 +++++++++++++++++++++++++++++++++++ 16 files changed, 1628 insertions(+) diff --git a/tests/test-dtls.conf b/tests/test-dtls.conf index 1ace19d5f..cf651f4be 100644 --- a/tests/test-dtls.conf +++ b/tests/test-dtls.conf @@ -2,21 +2,25 @@ -u -v 3 -l DHE-RSA-CHACHA20-POLY1305 +-2 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 -u -v 3 -l DHE-RSA-CHACHA20-POLY1305 +-2 # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -u -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 +-2 # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -u -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 +-2 # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -u @@ -24,68 +28,80 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -u -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -u -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 +-2 # client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -u -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 +-2 # server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -u -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 +-2 # client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -u -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 +-2 # server TLSv1.2 PSK-CHACHA20-POLY1305 -u -v 3 -s -l PSK-CHACHA20-POLY1305 +-2 # client TLSv1.2 PSK-CHACHA20-POLY1305 -u -v 3 -s -l PSK-CHACHA20-POLY1305 +-2 # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -u -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD +-2 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -u -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD +-2 # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -u -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD +-2 # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -u -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD +-2 # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD -u @@ -93,192 +109,230 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD -u -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1 IDEA-CBC-SHA -u -v 2 -l IDEA-CBC-SHA +-2 # client DTLSv1 IDEA-CBC-SHA -u -v 2 -l IDEA-CBC-SHA +-2 # server DTLSv1 DES-CBC3-SHA -u -v 2 -l DES-CBC3-SHA +-2 # client DTLSv1 DES-CBC3-SHA -u -v 2 -l DES-CBC3-SHA +-2 # server DTLSv1.2 DES-CBC3-SHA -u -v 3 -l DES-CBC3-SHA +-2 # client DTLSv1.2 DES-CBC3-SHA -u -v 3 -l DES-CBC3-SHA +-2 # server DTLSv1 AES128-SHA -u -v 2 -l AES128-SHA +-2 # client DTLSv1 AES128-SHA -u -v 2 -l AES128-SHA +-2 # server DTLSv1.2 AES128-SHA -u -v 3 -l AES128-SHA +-2 # client DTLSv1.2 AES128-SHA -u -v 3 -l AES128-SHA +-2 # server DTLSv1 AES256-SHA -u -v 2 -l AES256-SHA +-2 # client DTLSv1 AES256-SHA -u -v 2 -l AES256-SHA +-2 # server DTLSv1.2 AES256-SHA -u -v 3 -l AES256-SHA +-2 # client DTLSv1.2 AES256-SHA -u -v 3 -l AES256-SHA +-2 # server DTLSv1 AES128-SHA256 -u -v 2 -l AES128-SHA256 +-2 # client DTLSv1 AES128-SHA256 -u -v 2 -l AES128-SHA256 +-2 # server DTLSv1.2 AES128-SHA256 -u -v 3 -l AES128-SHA256 +-2 # client DTLSv1.2 AES128-SHA256 -u -v 3 -l AES128-SHA256 +-2 # server DTLSv1 AES256-SHA256 -u -v 2 -l AES256-SHA256 +-2 # client DTLSv1 AES256-SHA256 -u -v 2 -l AES256-SHA256 +-2 # server DTLSv1.2 AES256-SHA256 -u -v 3 -l AES256-SHA256 +-2 # client DTLSv1.2 AES256-SHA256 -u -v 3 -l AES256-SHA256 +-2 # server DTLSv1.1 ECDHE-RSA-DES3 -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA +-2 # client DTLSv1.1 ECDHE-RSA-DES3 -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA +-2 # server DTLSv1.1 ECDHE-RSA-AES128 -u -v 2 -l ECDHE-RSA-AES128-SHA +-2 # client DTLSv1.1 ECDHE-RSA-AES128 -u -v 2 -l ECDHE-RSA-AES128-SHA +-2 # server DTLSv1.1 ECDHE-RSA-AES256 -u -v 2 -l ECDHE-RSA-AES256-SHA +-2 # client DTLSv1.1 ECDHE-RSA-AES256 -u -v 2 -l ECDHE-RSA-AES256-SHA +-2 # server DTLSv1.2 ECDHE-RSA-DES3 -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA +-2 # client DTLSv1.2 ECDHE-RSA-DES3 -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA +-2 # server DTLSv1.2 ECDHE-RSA-AES128 -u -v 3 -l ECDHE-RSA-AES128-SHA +-2 # client DTLSv1.2 ECDHE-RSA-AES128 -u -v 3 -l ECDHE-RSA-AES128-SHA +-2 # server DTLSv1.2 ECDHE-RSA-AES128-SHA256 -u -v 3 -l ECDHE-RSA-AES128-SHA256 +-2 # client DTLSv1.2 ECDHE-RSA-AES128-SHA256 -u -v 3 -l ECDHE-RSA-AES128-SHA256 +-2 # server DTLSv1.2 ECDHE-RSA-AES256 -u -v 3 -l ECDHE-RSA-AES256-SHA +-2 # client DTLSv1.2 ECDHE-RSA-AES256 -u -v 3 -l ECDHE-RSA-AES256-SHA +-2 # server TLSv1 ECDHE-ECDSA-NULL-SHA -u @@ -286,12 +340,14 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -u -v 1 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDHE-ECDSA-NULL-SHA -u @@ -299,12 +355,14 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -u -v 2 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-NULL-SHA -u @@ -312,12 +370,14 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-NULL-SHA -u -v 3 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.1 ECDHE-ECDSA-DES3 -u @@ -325,12 +385,14 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDHE-ECDSA-DES3 -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.1 ECDHE-ECDSA-AES128 -u @@ -338,12 +400,14 @@ -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDHE-ECDSA-AES128 -u -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.1 ECDHE-ECDSA-AES256 -u @@ -351,12 +415,14 @@ -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDHE-ECDSA-AES256 -u -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-ECDSA-DES3 -u @@ -364,12 +430,14 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-DES3 -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-ECDSA-AES128 -u @@ -377,12 +445,14 @@ -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES128 -u -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 -u @@ -390,12 +460,14 @@ -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-ECDSA-AES256 -u @@ -403,12 +475,14 @@ -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES256 -u -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.1 ECDH-RSA-DES3 -u @@ -416,11 +490,13 @@ -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDH-RSA-DES3 -u -v 2 -l ECDH-RSA-DES-CBC3-SHA +-2 # server DTLSv1.1 ECDH-RSA-AES128 -u @@ -428,11 +504,13 @@ -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDH-RSA-AES128 -u -v 2 -l ECDH-RSA-AES128-SHA +-2 # server DTLSv1.1 ECDH-RSA-AES256 -u @@ -440,11 +518,13 @@ -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDH-RSA-AES256 -u -v 2 -l ECDH-RSA-AES256-SHA +-2 # server DTLSv1.2 ECDH-RSA-DES3 -u @@ -452,11 +532,13 @@ -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-RSA-DES3 -u -v 3 -l ECDH-RSA-DES-CBC3-SHA +-2 # server DTLSv1.2 ECDH-RSA-AES128 -u @@ -464,11 +546,13 @@ -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-RSA-AES128 -u -v 3 -l ECDH-RSA-AES128-SHA +-2 # server DTLSv1.2 ECDH-RSA-AES128-SHA256 -u @@ -476,11 +560,13 @@ -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-RSA-AES128-SHA256 -u -v 3 -l ECDH-RSA-AES128-SHA256 +-2 # server DTLSv1.2 ECDH-RSA-AES256 -u @@ -488,11 +574,13 @@ -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-RSA-AES256 -u -v 3 -l ECDH-RSA-AES256-SHA +-2 # server DTLSv1.1 ECDH-ECDSA-DES3 -u @@ -500,12 +588,14 @@ -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDH-ECDSA-DES3 -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.1 ECDH-ECDSA-AES128 -u @@ -513,12 +603,14 @@ -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDH-ECDSA-AES128 -u -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.1 ECDH-ECDSA-AES256 -u @@ -526,12 +618,14 @@ -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDH-ECDSA-AES256 -u -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDH-ECDSA-DES3 -u @@ -539,12 +633,14 @@ -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-ECDSA-DES3 -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDH-ECDSA-AES128 -u @@ -552,12 +648,14 @@ -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-ECDSA-AES128 -u -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDH-ECDSA-AES128-SHA256 -u @@ -565,12 +663,14 @@ -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-ECDSA-AES128-SHA256 -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDH-ECDSA-AES256 -u @@ -578,22 +678,26 @@ -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-ECDSA-AES256 -u -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-RSA-AES256-SHA384 -u -v 3 -l ECDHE-RSA-AES256-SHA384 +-2 # client DTLSv1.2 ECDHE-RSA-AES256-SHA384 -u -v 3 -l ECDHE-RSA-AES256-SHA384 +-2 # server DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 -u @@ -601,12 +705,14 @@ -l ECDHE-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 -u -v 3 -l ECDHE-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDH-RSA-AES256-SHA384 -u @@ -614,11 +720,13 @@ -l ECDH-RSA-AES256-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-RSA-AES256-SHA384 -u -v 3 -l ECDH-RSA-AES256-SHA384 +-2 # server DTLSv1.2 ECDH-ECDSA-AES256-SHA384 -u @@ -626,156 +734,182 @@ -l ECDH-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-ECDSA-AES256-SHA384 -u -v 3 -l ECDH-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 ECDHE-PSK-AES128-SHA256 -s -u -v 1 -l ECDHE-PSK-AES128-SHA256 +-2 # client TLSv1 ECDHE-PSK-AES128-SHA256 -s -u -v 1 -l ECDHE-PSK-AES128-SHA256 +-2 # server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -u -v 2 -l ECDHE-PSK-AES128-SHA256 +-2 # client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -u -v 2 -l ECDHE-PSK-AES128-SHA256 +-2 # server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -u -v 3 -l ECDHE-PSK-AES128-SHA256 +-2 # client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -u -v 3 -l ECDHE-PSK-AES128-SHA256 +-2 # server TLSv1 ECDHE-PSK-NULL-SHA256 -s -u -v 1 -l ECDHE-PSK-NULL-SHA256 +-2 # client TLSv1 ECDHE-PSK-NULL-SHA256 -s -u -v 1 -l ECDHE-PSK-NULL-SHA256 +-2 # server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -u -v 2 -l ECDHE-PSK-NULL-SHA256 +-2 # client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -u -v 2 -l ECDHE-PSK-NULL-SHA256 +-2 # server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -u -v 3 -l ECDHE-PSK-NULL-SHA256 +-2 # client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -u -v 3 -l ECDHE-PSK-NULL-SHA256 +-2 # server DTLSv1 PSK-AES128 -s -u -v 2 -l PSK-AES128-CBC-SHA +-2 # client DTLSv1 PSK-AES128 -s -u -v 2 -l PSK-AES128-CBC-SHA +-2 # server DTLSv1 PSK-AES256 -s -u -v 2 -l PSK-AES256-CBC-SHA +-2 # client DTLSv1 PSK-AES256 -s -u -v 2 -l PSK-AES256-CBC-SHA +-2 # server DTLSv1.2 PSK-AES128 -s -u -v 3 -l PSK-AES128-CBC-SHA +-2 # client DTLSv1.2 PSK-AES128 -s -u -v 3 -l PSK-AES128-CBC-SHA +-2 # server DTLSv1.2 PSK-AES256 -s -u -v 3 -l PSK-AES256-CBC-SHA +-2 # client DTLSv1.2 PSK-AES256 -s -u -v 3 -l PSK-AES256-CBC-SHA +-2 # server DTLSv1.2 PSK-AES128-SHA256 -s -u -v 3 -l PSK-AES128-CBC-SHA256 +-2 # client DTLSv1.2 PSK-AES128-SHA256 -s -u -v 3 -l PSK-AES128-CBC-SHA256 +-2 # server DTLSv1.2 PSK-AES256-SHA384 -s -u -v 3 -l PSK-AES256-CBC-SHA384 +-2 # client DTLSv1.2 PSK-AES256-SHA384 -s -u -v 3 -l PSK-AES256-CBC-SHA384 +-2 # server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -u @@ -783,12 +917,14 @@ -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -u -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -796,12 +932,14 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -u @@ -809,12 +947,14 @@ -l ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -u -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -u @@ -822,32 +962,38 @@ -l ECDH-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -u -v 3 -l ECDH-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -u -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 +-2 # client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -u -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 +-2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 +-2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 +-2 # server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -u @@ -855,11 +1001,13 @@ -l ECDH-RSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -u -v 3 -l ECDH-RSA-AES128-GCM-SHA256 +-2 # server DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -u @@ -867,35 +1015,41 @@ -l ECDH-RSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDH-RSA-AES256-GCM-SHA384 +-2 # server DTLSv1.2 PSK-AES128-GCM-SHA256 -u -s -v 3 -l PSK-AES128-GCM-SHA256 +-2 # client DTLSv1.2 PSK-AES128-GCM-SHA256 -u -s -v 3 -l PSK-AES128-GCM-SHA256 +-2 # server DTLSv1.2 PSK-AES256-GCM-SHA384 -u -s -v 3 -l PSK-AES256-GCM-SHA384 +-2 # client DTLSv1.2 PSK-AES256-GCM-SHA384 -u -s -v 3 -l PSK-AES256-GCM-SHA384 +-2 # server DTLSv1.2 ECDHE-ECDSA-AES128-CCM -u @@ -903,12 +1057,14 @@ -l ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES128-CCM -u -v 3 -l ECDHE-ECDSA-AES128-CCM -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -u @@ -916,12 +1072,14 @@ -l ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -u -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -u @@ -929,30 +1087,35 @@ -l ECDHE-ECDSA-AES256-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -u -v 3 -l ECDHE-ECDSA-AES256-CCM-8 -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ADH-AES128-SHA -u -a -v 3 -l ADH-AES128-SHA +-2 # client DTLSv1.2 ADH-AES128-SHA -u -a -v 3 -l ADH-AES128-SHA +-2 # server DTLSv1.0 ADH-AES128-SHA -u -a -v 2 -l ADH-AES128-SHA +-2 # client DTLSv1.0 ADH-AES128-SHA -u diff --git a/tests/test-ed25519.conf b/tests/test-ed25519.conf index e13c67b18..8c73e2e22 100644 --- a/tests/test-ed25519.conf +++ b/tests/test-ed25519.conf @@ -3,12 +3,14 @@ -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ed25519/root-ed25519.pem -C +-2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 @@ -18,6 +20,7 @@ -A ./certs/ed25519/client-ed25519.pem -V # Remove -V when CRL for ED25519 certificates available. +-2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 @@ -26,18 +29,21 @@ -k ./certs/ed25519/client-ed25519-key.pem -A ./certs/ed25519/root-ed25519.pem -C +-2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-key.pem +-2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -A ./certs/ed25519/root-ed25519.pem -C +-2 # Enable when CRL for ED25519 certificates available. # server TLSv1.3 TLS13-AES128-GCM-SHA256 @@ -48,6 +54,7 @@ -A ./certs/ed25519/client-ed25519.pem -V # Remove -V when CRL for ED25519 certificates available. +-2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 @@ -56,4 +63,5 @@ -k ./certs/ed25519/client-ed25519-key.pem -A ./certs/ed25519/root-ed25519.pem -C +-2 diff --git a/tests/test-enckeys.conf b/tests/test-enckeys.conf index 9e371c239..a84e233cd 100644 --- a/tests/test-enckeys.conf +++ b/tests/test-enckeys.conf @@ -1,40 +1,49 @@ # server RSA encrypted key -v 3 -k ./certs/server-keyEnc.pem +-2 # client RSA encrypted key -v 3 -k ./certs/client-keyEnc.pem +-2 # server RSA encrypted key PKCS8 -v 3 -k ./certs/server-keyPkcs8Enc.pem +-2 # client RSA encrypted key -v 3 -k ./certs/client-keyEnc.pem +-2 # server RSA encrypted key PKCS8 2 -v 3 -k ./certs/server-keyPkcs8Enc2.pem +-2 # client RSA encrypted key -v 3 -k ./certs/client-keyEnc.pem +-2 # server RSA encrypted key PKCS8 12 -v 3 -k ./certs/server-keyPkcs8Enc12.pem +-2 # client RSA encrypted key -v 3 -k ./certs/client-keyEnc.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 PKCS8 encrypted key -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-keyPkcs8Enc.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 diff --git a/tests/test-fails.conf b/tests/test-fails.conf index d976b307b..f193725bf 100644 --- a/tests/test-fails.conf +++ b/tests/test-fails.conf @@ -5,6 +5,7 @@ -k ./certs/server-key.pem -c ./certs/test/server-badcnnull.pem -d +-2 # client bad certificate common name has null -v 3 @@ -13,6 +14,7 @@ -A ./certs/test/server-badcnnull.pem -m -x +-2 # server bad certificate alternate name has null -v 3 @@ -20,6 +22,7 @@ -k ./certs/server-key.pem -c ./certs/test/server-badaltnull.pem -d +-2 # client bad certificate alternate name has null -v 3 @@ -28,6 +31,7 @@ -A ./certs/test/server-badaltnull.pem -m -x +-2 # server nomatch common name -v 3 @@ -35,6 +39,7 @@ -k ./certs/server-key.pem -c ./certs/test/server-badcn.pem -d +-2 # client nomatch common name -v 3 @@ -43,6 +48,7 @@ -A ./certs/test/server-badcn.pem -m -x +-2 # server nomatch alternate name -v 3 @@ -50,6 +56,7 @@ -k ./certs/server-key.pem -c ./certs/test/server-badaltname.pem -d +-2 # client nomatch alternate name -v 3 @@ -58,47 +65,57 @@ -A ./certs/test/server-badaltname.pem -m -x +-2 # server RSA no signer error -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 +-2 # client RSA no signer error -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -A ./certs/client-cert.pem +-2 # server ECC no signer error -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 +-2 # client ECC no signer error -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/client-ecc-cert.pem +-2 # server RSA bad sig error -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-rsa-badsig.pem +-2 # client RSA bad sig error -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 +-2 # server ECC bad sig error -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-ecc-badsig.pem +-2 # client ECC bad sig error -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 +-2 # server missing CN from alternate names list -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-garbage.pem +-2 # client missing CN from alternate names list -v 3 @@ -106,44 +123,53 @@ -h localhost -A ./certs/test/server-garbage.pem -m +-2 # Verify Callback Failure Tests # no error going into callback, return error # server -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 +-2 # client verify should fail -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -H verifyFail +-2 # server verify should fail -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -H verifyFail +-2 # client -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 +-2 # server -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 +-2 # client verify should fail -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -H verifyFail +-2 # server verify should fail -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -H verifyFail +-2 # client -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 +-2 # error going into callback, return error # server @@ -151,17 +177,20 @@ -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-rsa-badsig.pem -k ./certs/server-key.pem +-2 # client verify should fail -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -H verifyFail +-2 # server -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-ecc-badsig.pem -k ./certs/ecc-key.pem +-2 # client verify should fail -v 3 diff --git a/tests/test-maxfrag-dtls.conf b/tests/test-maxfrag-dtls.conf index 67aef1776..7790c2558 100644 --- a/tests/test-maxfrag-dtls.conf +++ b/tests/test-maxfrag-dtls.conf @@ -4,6 +4,7 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -11,28 +12,33 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 1 +-2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 +-2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 1 +-2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 +-2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 1 +-2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -40,6 +46,7 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -47,28 +54,33 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 2 +-2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 +-2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 2 +-2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 +-2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 2 +-2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -76,6 +88,7 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -83,28 +96,33 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 3 +-2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 +-2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 3 +-2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 +-2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 3 +-2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -112,6 +130,7 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -119,28 +138,33 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 4 +-2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 +-2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 4 +-2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 +-2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 4 +-2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -148,6 +172,7 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -155,28 +180,33 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 5 +-2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 +-2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 5 +-2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 +-2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 5 +-2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -184,6 +214,7 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -191,22 +222,26 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 6 +-2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 +-2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 6 +-2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 +-2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u diff --git a/tests/test-maxfrag.conf b/tests/test-maxfrag.conf index 2ca6cc8dd..563f4d63c 100644 --- a/tests/test-maxfrag.conf +++ b/tests/test-maxfrag.conf @@ -3,175 +3,210 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 1 +-2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 +-2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 1 +-2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 +-2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 1 +-2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 2 +-2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 +-2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 2 +-2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 +-2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 2 +-2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 3 +-2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 +-2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 3 +-2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 +-2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 3 +-2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 4 +-2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 +-2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 4 +-2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 +-2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 4 +-2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 5 +-2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 +-2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 5 +-2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 +-2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 5 +-2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 6 +-2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 +-2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 6 +-2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 +-2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 diff --git a/tests/test-psk-no-id.conf b/tests/test-psk-no-id.conf index d6247b1e4..755b6e30d 100644 --- a/tests/test-psk-no-id.conf +++ b/tests/test-psk-no-id.conf @@ -3,263 +3,311 @@ -I -v 3 -l PSK-CHACHA20-POLY1305 +-2 # No Hint client TLSv1.2 PSK-CHACHA20-POLY1305 -s -v 3 -l PSK-CHACHA20-POLY1305 +-2 # No Hint server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -s -I -v 3 -l DHE-PSK-CHACHA20-POLY1305 +-2 # No Hint client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -s -v 3 -l DHE-PSK-CHACHA20-POLY1305 +-2 # No Hint server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -s -I -v 3 -l ECDHE-PSK-CHACHA20-POLY1305 +-2 # No Hint client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -s -v 3 -l ECDHE-PSK-CHACHA20-POLY1305 +-2 # No Hint server TLSv1 ECDHE-PSK-AES128-SHA256 -s -I -v 1 -l ECDHE-PSK-AES128-SHA256 +-2 # No Hint client TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l ECDHE-PSK-AES128-SHA256 +-2 # No Hint server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -I -v 2 -l ECDHE-PSK-AES128-SHA256 +-2 # No Hint client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l ECDHE-PSK-AES128-SHA256 +-2 # No Hint server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -I -v 3 -l ECDHE-PSK-AES128-SHA256 +-2 # No Hint client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l ECDHE-PSK-AES128-SHA256 +-2 # No Hint server TLSv1 ECDHE-PSK-NULL-SHA256 -s -I -v 1 -l ECDHE-PSK-NULL-SHA256 +-2 # No Hint client TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l ECDHE-PSK-NULL-SHA256 +-2 # No Hint server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -I -v 2 -l ECDHE-PSK-NULL-SHA256 +-2 # No Hint client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l ECDHE-PSK-NULL-SHA256 +-2 # No Hint server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -I -v 3 -l ECDHE-PSK-NULL-SHA256 +-2 # No Hint client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l ECDHE-PSK-NULL-SHA256 +-2 # No Hint server TLSv1 PSK-AES128 -s -I -v 1 -l PSK-AES128-CBC-SHA +-2 # No Hint client TLSv1 PSK-AES128 -s -v 1 -l PSK-AES128-CBC-SHA +-2 # No Hint server TLSv1 PSK-AES256 -s -I -v 1 -l PSK-AES256-CBC-SHA +-2 # No Hint client TLSv1 PSK-AES256 -s -v 1 -l PSK-AES256-CBC-SHA +-2 # No Hint server TLSv1.1 PSK-AES128 -s -I -v 2 -l PSK-AES128-CBC-SHA +-2 # No Hint client TLSv1.1 PSK-AES128 -s -v 2 -l PSK-AES128-CBC-SHA +-2 # No Hint server TLSv1.1 PSK-AES256 -s -I -v 2 -l PSK-AES256-CBC-SHA +-2 # No Hint client TLSv1.1 PSK-AES256 -s -v 2 -l PSK-AES256-CBC-SHA +-2 # No Hint server TLSv1.2 PSK-AES128 -s -I -v 3 -l PSK-AES128-CBC-SHA +-2 # No Hint client TLSv1.2 PSK-AES128 -s -v 3 -l PSK-AES128-CBC-SHA +-2 # No Hint server TLSv1.2 PSK-AES256 -s -I -v 3 -l PSK-AES256-CBC-SHA +-2 # No Hint client TLSv1.2 PSK-AES256 -s -v 3 -l PSK-AES256-CBC-SHA +-2 # No Hint server TLSv1.0 PSK-AES128-SHA256 -s -I -v 1 -l PSK-AES128-CBC-SHA256 +-2 # No Hint client TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l PSK-AES128-CBC-SHA256 +-2 # No Hint server TLSv1.1 PSK-AES128-SHA256 -s -I -v 2 -l PSK-AES128-CBC-SHA256 +-2 # No Hint client TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l PSK-AES128-CBC-SHA256 +-2 # No Hint server TLSv1.2 PSK-AES128-SHA256 -s -I -v 3 -l PSK-AES128-CBC-SHA256 +-2 # No Hint client TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l PSK-AES128-CBC-SHA256 +-2 # No Hint server TLSv1.0 PSK-AES256-SHA384 -s -I -v 1 -l PSK-AES256-CBC-SHA384 +-2 # No Hint client TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l PSK-AES256-CBC-SHA384 +-2 # No Hint server TLSv1.1 PSK-AES256-SHA384 -s -I -v 2 -l PSK-AES256-CBC-SHA384 +-2 # No Hint client TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l PSK-AES256-CBC-SHA384 +-2 # No Hint server TLSv1.2 PSK-AES256-SHA384 -s -I -v 3 -l PSK-AES256-CBC-SHA384 +-2 # No Hint client TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l PSK-AES256-CBC-SHA384 +-2 # server TLSv1.2 PSK-AES128-GCM-SHA256 -s -I -v 3 -l PSK-AES128-GCM-SHA256 +-2 # client TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l PSK-AES128-GCM-SHA256 +-2 # server TLSv1.2 PSK-AES256-GCM-SHA384 -s -I -v 3 -l PSK-AES256-GCM-SHA384 +-2 # client TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l PSK-AES256-GCM-SHA384 +-2 # server TLSv1.3 AES128-GCM-SHA256 -s -v 4 -l TLS13-AES128-GCM-SHA256 +-2 # client TLSv1.3 AES128-GCM-SHA256 -s -v 4 -l TLS13-AES128-GCM-SHA256 +-2 # server TLSv1.3 accepting EarlyData using PSK -v 4 @@ -267,6 +315,7 @@ -r -s -0 +-2 # client TLSv1.3 sending EarlyData using PSK -v 4 @@ -274,12 +323,14 @@ -r -s -0 +-2 # server TLSv1.3 not accepting EarlyData using PSK -v 4 -l TLS13-AES128-GCM-SHA256 -r -s +-2 # client TLSv1.3 sending EarlyData using PSK -v 4 @@ -287,6 +338,7 @@ -r -s -0 +-2 # server TLSv1.3 accepting EarlyData using PSK -v 4 @@ -294,6 +346,7 @@ -r -s -0 +-2 # client TLSv1.3 not sending EarlyData using PSK -v 4 diff --git a/tests/test-psk.conf b/tests/test-psk.conf index f4f11b298..cc9f2a4f1 100644 --- a/tests/test-psk.conf +++ b/tests/test-psk.conf @@ -1,6 +1,7 @@ # server - PSK plus certificates -j -l PSK-CHACHA20-POLY1305 +-2 # client- standard PSK -s diff --git a/tests/test-qsh.conf b/tests/test-qsh.conf index 357467465..428015c4d 100644 --- a/tests/test-qsh.conf +++ b/tests/test-qsh.conf @@ -2,2035 +2,2479 @@ -v 3 -s -l QSH:DHE-PSK-CHACHA20-POLY1305 +-2 # client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:DHE-PSK-CHACHA20-POLY1305 +-2 # server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:ECDHE-PSK-CHACHA20-POLY1305 +-2 # client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:ECDHE-PSK-CHACHA20-POLY1305 +-2 # server TLSv1.2 PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:PSK-CHACHA20-POLY1305 +-2 # client TLSv1.2 PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:PSK-CHACHA20-POLY1305 +-2 # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:DHE-RSA-CHACHA20-POLY1305-OLD +-2 # client TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:DHE-RSA-CHACHA20-POLY1305-OLD +-2 # server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:ECDHE-RSA-CHACHA20-POLY1305-OLD +-2 # client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:ECDHE-RSA-CHACHA20-POLY1305-OLD +-2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:ECDHE-ECDSA-CHACHA20-POLY1305-OLD -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:ECDHE-ECDSA-CHACHA20-POLY1305-OLD -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305 -v 3 -l QSH:DHE-RSA-CHACHA20-POLY1305 +-2 # client TLSv1.2 DHE-RSA-CHACHA20-POLY1305 -v 3 -l QSH:DHE-RSA-CHACHA20-POLY1305 +-2 # server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -v 3 -l QSH:ECDHE-RSA-CHACHA20-POLY1305 +-2 # client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -v 3 -l QSH:ECDHE-RSA-CHACHA20-POLY1305 +-2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -v 3 -l QSH:ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -v 3 -l QSH:ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem +-2 # server SSLv3 RC4-SHA -v 0 -l QSH:RC4-SHA +-2 # client SSLv3 RC4-SHA -v 0 -l QSH:RC4-SHA +-2 # server SSLv3 RC4-MD5 -v 0 -l QSH:RC4-MD5 +-2 # client SSLv3 RC4-MD5 -v 0 -l QSH:RC4-MD5 +-2 # server SSLv3 DES-CBC3-SHA -v 0 -l QSH:DES-CBC3-SHA +-2 # client SSLv3 DES-CBC3-SHA -v 0 -l QSH:DES-CBC3-SHA +-2 # server SSLv3 IDEA-CBC-SHA -v 0 -l QSH:IDEA-CBC-SHA +-2 # client SSLv3 IDEA-CBC-SHA -v 0 -l QSH:IDEA-CBC-SHA +-2 # server TLSv1 RC4-SHA -v 1 -l QSH:RC4-SHA +-2 # client TLSv1 RC4-SHA -v 1 -l QSH:RC4-SHA +-2 # server TLSv1 RC4-MD5 -v 1 -l QSH:RC4-MD5 +-2 # client TLSv1 RC4-MD5 -v 1 -l QSH:RC4-MD5 +-2 # server TLSv1 DES-CBC3-SHA -v 1 -l QSH:DES-CBC3-SHA +-2 # client TLSv1 DES-CBC3-SHA -v 1 -l QSH:DES-CBC3-SHA +-2 # server TLSv1 IDEA-CBC-SHA -v 1 -l QSH:IDEA-CBC-SHA +-2 # client TLSv1 IDEA-CBC-SHA -v 1 -l QSH:IDEA-CBC-SHA +-2 # server TLSv1 AES128-SHA -v 1 -l QSH:AES128-SHA +-2 # client TLSv1 AES128-SHA -v 1 -l QSH:AES128-SHA +-2 # server TLSv1 AES256-SHA -v 1 -l QSH:AES256-SHA +-2 # client TLSv1 AES256-SHA -v 1 -l QSH:AES256-SHA +-2 # server TLSv1 AES128-SHA256 -v 1 -l QSH:AES128-SHA256 +-2 # client TLSv1 AES128-SHA256 -v 1 -l QSH:AES128-SHA256 +-2 # server TLSv1 AES256-SHA256 -v 1 -l QSH:AES256-SHA256 +-2 # client TLSv1 AES256-SHA256 -v 1 -l QSH:AES256-SHA256 +-2 # server TLSv1.1 RC4-SHA -v 2 -l QSH:RC4-SHA +-2 # client TLSv1.1 RC4-SHA -v 2 -l QSH:RC4-SHA +-2 # server TLSv1.1 RC4-MD5 -v 2 -l QSH:RC4-MD5 +-2 # client TLSv1.1 RC4-MD5 -v 2 -l QSH:RC4-MD5 +-2 # server TLSv1.1 IDEA-CBC-SHA -v 2 -l QSH:IDEA-CBC-SHA +-2 # client TLSv1.1 IDEA-CBC-SHA -v 2 -l QSH:IDEA-CBC-SHA +-2 # server TLSv1.1 DES-CBC3-SHA -v 2 -l QSH:DES-CBC3-SHA +-2 # client TLSv1.1 DES-CBC3-SHA -v 2 -l QSH:DES-CBC3-SHA +-2 # server TLSv1.1 AES128-SHA -v 2 -l QSH:AES128-SHA +-2 # client TLSv1.1 AES128-SHA -v 2 -l QSH:AES128-SHA +-2 # server TLSv1.1 AES256-SHA -v 2 -l QSH:AES256-SHA +-2 # client TLSv1.1 AES256-SHA -v 2 -l QSH:AES256-SHA +-2 # server TLSv1.1 AES128-SHA256 -v 2 -l QSH:AES128-SHA256 +-2 # client TLSv1.1 AES128-SHA256 -v 2 -l QSH:AES128-SHA256 +-2 # server TLSv1.1 AES256-SHA256 -v 2 -l QSH:AES256-SHA256 +-2 # client TLSv1.1 AES256-SHA256 -v 2 -l QSH:AES256-SHA256 +-2 # server TLSv1.2 RC4-SHA -v 3 -l QSH:RC4-SHA +-2 # client TLSv1.2 RC4-SHA -v 3 -l QSH:RC4-SHA +-2 # server TLSv1.2 RC4-MD5 -v 3 -l QSH:RC4-MD5 +-2 # client TLSv1.2 RC4-MD5 -v 3 -l QSH:RC4-MD5 +-2 # server TLSv1.2 DES-CBC3-SHA -v 3 -l QSH:DES-CBC3-SHA +-2 # client TLSv1.2 DES-CBC3-SHA -v 3 -l QSH:DES-CBC3-SHA +-2 # server TLSv1.2 AES128-SHA -v 3 -l QSH:AES128-SHA +-2 # client TLSv1.2 AES128-SHA -v 3 -l QSH:AES128-SHA +-2 # server TLSv1.2 AES256-SHA -v 3 -l QSH:AES256-SHA +-2 # client TLSv1.2 AES256-SHA -v 3 -l QSH:AES256-SHA +-2 # server TLSv1.2 AES128-SHA256 -v 3 -l QSH:AES128-SHA256 +-2 # client TLSv1.2 AES128-SHA256 -v 3 -l QSH:AES128-SHA256 +-2 # server TLSv1.2 AES256-SHA256 -v 3 -l QSH:AES256-SHA256 +-2 # client TLSv1.2 AES256-SHA256 -v 3 -l QSH:AES256-SHA256 +-2 # server TLSv1 ECDHE-RSA-RC4 -v 1 -l QSH:ECDHE-RSA-RC4-SHA +-2 # client TLSv1 ECDHE-RSA-RC4 -v 1 -l QSH:ECDHE-RSA-RC4-SHA +-2 # server TLSv1 ECDHE-RSA-DES3 -v 1 -l QSH:ECDHE-RSA-DES-CBC3-SHA +-2 # client TLSv1 ECDHE-RSA-DES3 -v 1 -l QSH:ECDHE-RSA-DES-CBC3-SHA +-2 # server TLSv1 ECDHE-RSA-AES128 -v 1 -l QSH:ECDHE-RSA-AES128-SHA +-2 # client TLSv1 ECDHE-RSA-AES128 -v 1 -l QSH:ECDHE-RSA-AES128-SHA +-2 # server TLSv1 ECDHE-RSA-AES256 -v 1 -l QSH:ECDHE-RSA-AES256-SHA +-2 # client TLSv1 ECDHE-RSA-AES256 -v 1 -l QSH:ECDHE-RSA-AES256-SHA +-2 # server TLSv1 ECDHE-ECDSA-NULL-SHA -v 1 -l QSH:ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -v 1 -l QSH:ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDHE-ECDSA-NULL-SHA -v 2 -l QSH:ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -v 2 -l QSH:ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-NULL-SHA -v 3 -l QSH:ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-NULL-SHA -v 3 -l QSH:ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDHE-RSA-RC4 -v 2 -l QSH:ECDHE-RSA-RC4-SHA +-2 # client TLSv1.1 ECDHE-RSA-RC4 -v 2 -l QSH:ECDHE-RSA-RC4-SHA +-2 # server TLSv1.1 ECDHE-RSA-DES3 -v 2 -l QSH:ECDHE-RSA-DES-CBC3-SHA +-2 # client TLSv1.1 ECDHE-RSA-DES3 -v 2 -l QSH:ECDHE-RSA-DES-CBC3-SHA +-2 # server TLSv1.1 ECDHE-RSA-AES128 -v 2 -l QSH:ECDHE-RSA-AES128-SHA +-2 # client TLSv1.1 ECDHE-RSA-AES128 -v 2 -l QSH:ECDHE-RSA-AES128-SHA +-2 # server TLSv1.1 ECDHE-RSA-AES256 -v 2 -l QSH:ECDHE-RSA-AES256-SHA +-2 # client TLSv1.1 ECDHE-RSA-AES256 -v 2 -l QSH:ECDHE-RSA-AES256-SHA +-2 # server TLSv1.2 ECDHE-RSA-RC4 -v 3 -l QSH:ECDHE-RSA-RC4-SHA +-2 # client TLSv1.2 ECDHE-RSA-RC4 -v 3 -l QSH:ECDHE-RSA-RC4-SHA +-2 # server TLSv1.2 ECDHE-RSA-DES3 -v 3 -l QSH:ECDHE-RSA-DES-CBC3-SHA +-2 # client TLSv1.2 ECDHE-RSA-DES3 -v 3 -l QSH:ECDHE-RSA-DES-CBC3-SHA +-2 # server TLSv1.2 ECDHE-RSA-AES128 -v 3 -l QSH:ECDHE-RSA-AES128-SHA +-2 # client TLSv1.2 ECDHE-RSA-AES128 -v 3 -l QSH:ECDHE-RSA-AES128-SHA +-2 # server TLSv1.2 ECDHE-RSA-AES128-SHA256 -v 3 -l QSH:ECDHE-RSA-AES128-SHA256 +-2 # client TLSv1.2 ECDHE-RSA-AES128-SHA256 -v 3 -l QSH:ECDHE-RSA-AES128-SHA256 +-2 # server TLSv1.2 ECDHE-RSA-AES256 -v 3 -l QSH:ECDHE-RSA-AES256-SHA +-2 # client TLSv1.2 ECDHE-RSA-AES256 -v 3 -l QSH:ECDHE-RSA-AES256-SHA +-2 # server TLSv1 ECDHE-ECDSA-RC4 -v 1 -l QSH:ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-RC4 -v 1 -l QSH:ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 ECDHE-ECDSA-DES3 -v 1 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-DES3 -v 1 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 ECDHE-ECDSA-AES128 -v 1 -l QSH:ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-AES128 -v 1 -l QSH:ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 ECDHE-ECDSA-AES256 -v 1 -l QSH:ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-AES256 -v 1 -l QSH:ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDHE-EDCSA-RC4 -v 2 -l QSH:ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDHE-ECDSA-RC4 -v 2 -l QSH:ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l QSH:ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l QSH:ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l QSH:ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l QSH:ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l QSH:ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l QSH:ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l QSH:ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l QSH:ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l QSH:ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l QSH:ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l QSH:ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l QSH:ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 ECDH-RSA-RC4 -v 1 -l QSH:ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDH-RSA-RC4 -v 1 -l QSH:ECDH-RSA-RC4-SHA +-2 # server TLSv1 ECDH-RSA-DES3 -v 1 -l QSH:ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDH-RSA-DES3 -v 1 -l QSH:ECDH-RSA-DES-CBC3-SHA +-2 # server TLSv1 ECDH-RSA-AES128 -v 1 -l QSH:ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDH-RSA-AES128 -v 1 -l QSH:ECDH-RSA-AES128-SHA +-2 # server TLSv1 ECDH-RSA-AES256 -v 1 -l QSH:ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDH-RSA-AES256 -v 1 -l QSH:ECDH-RSA-AES256-SHA +-2 # server TLSv1.1 ECDH-RSA-RC4 -v 2 -l QSH:ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDH-RSA-RC4 -v 2 -l QSH:ECDH-RSA-RC4-SHA +-2 # server TLSv1.1 ECDH-RSA-DES3 -v 2 -l QSH:ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDH-RSA-DES3 -v 2 -l QSH:ECDH-RSA-DES-CBC3-SHA +-2 # server TLSv1.1 ECDH-RSA-AES128 -v 2 -l QSH:ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDH-RSA-AES128 -v 2 -l QSH:ECDH-RSA-AES128-SHA +-2 # server TLSv1.1 ECDH-RSA-AES256 -v 2 -l QSH:ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDH-RSA-AES256 -v 2 -l QSH:ECDH-RSA-AES256-SHA +-2 # server TLSv1.2 ECDH-RSA-RC4 -v 3 -l QSH:ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-RSA-RC4 -v 3 -l QSH:ECDH-RSA-RC4-SHA +-2 # server TLSv1.2 ECDH-RSA-DES3 -v 3 -l QSH:ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-RSA-DES3 -v 3 -l QSH:ECDH-RSA-DES-CBC3-SHA +-2 # server TLSv1.2 ECDH-RSA-AES128 -v 3 -l QSH:ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-RSA-AES128 -v 3 -l QSH:ECDH-RSA-AES128-SHA +-2 # server TLSv1.2 ECDH-RSA-AES128-SHA256 -v 3 -l QSH:ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-RSA-AES128-SHA256 -v 3 -l QSH:ECDH-RSA-AES128-SHA256 +-2 # server TLSv1.2 ECDH-RSA-AES256 -v 3 -l QSH:ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-RSA-AES256 -v 3 -l QSH:ECDH-RSA-AES256-SHA +-2 # server TLSv1 ECDH-ECDSA-RC4 -v 1 -l QSH:ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDH-ECDSA-RC4 -v 1 -l QSH:ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 ECDH-ECDSA-DES3 -v 1 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDH-ECDSA-DES3 -v 1 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 ECDH-ECDSA-AES128 -v 1 -l QSH:ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDH-ECDSA-AES128 -v 1 -l QSH:ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 ECDH-ECDSA-AES256 -v 1 -l QSH:ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDH-ECDSA-AES256 -v 1 -l QSH:ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDH-EDCSA-RC4 -v 2 -l QSH:ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDH-ECDSA-RC4 -v 2 -l QSH:ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDH-ECDSA-DES3 -v 2 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDH-ECDSA-DES3 -v 2 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDH-ECDSA-AES128 -v 2 -l QSH:ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDH-ECDSA-AES128 -v 2 -l QSH:ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDH-ECDSA-AES256 -v 2 -l QSH:ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDH-ECDSA-AES256 -v 2 -l QSH:ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l QSH:ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-ECDSA-RC4 -v 3 -l QSH:ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDH-ECDSA-DES3 -v 3 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-ECDSA-DES3 -v 3 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDH-ECDSA-AES128 -v 3 -l QSH:ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-ECDSA-AES128 -v 3 -l QSH:ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l QSH:ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l QSH:ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l QSH:ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l QSH:ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-RSA-AES256-SHA384 -v 3 -l QSH:ECDHE-RSA-AES256-SHA384 +-2 # client TLSv1.2 ECDHE-RSA-AES256-SHA384 -v 3 -l QSH:ECDHE-RSA-AES256-SHA384 +-2 # server TLSv1.2 ECDHE-ECDSA-AES256-SHA384 -v 3 -l QSH:ECDHE-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES256-SHA384 -v 3 -l QSH:ECDHE-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDH-RSA-AES256-SHA384 -v 3 -l QSH:ECDH-RSA-AES256-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-RSA-AES256-SHA384 -v 3 -l QSH:ECDH-RSA-AES256-SHA384 +-2 # server TLSv1.2 ECDH-ECDSA-AES256-SHA384 -v 3 -l QSH:ECDH-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-ECDSA-AES256-SHA384 -v 3 -l QSH:ECDH-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 HC128-SHA -v 1 -l QSH:HC128-SHA +-2 # client TLSv1 HC128-SHA -v 1 -l QSH:HC128-SHA +-2 # server TLSv1 HC128-MD5 -v 1 -l QSH:HC128-MD5 +-2 # client TLSv1 HC128-MD5 -v 1 -l QSH:HC128-MD5 +-2 # server TLSv1 HC128-B2B256 -v 1 -l QSH:HC128-B2B256 +-2 # client TLSv1 HC128-B2B256 -v 1 -l QSH:HC128-B2B256 +-2 # server TLSv1 AES128-B2B256 -v 1 -l QSH:AES128-B2B256 +-2 # client TLSv1 AES128-B2B256 -v 1 -l QSH:AES128-B2B256 +-2 # server TLSv1 AES256-B2B256 -v 1 -l QSH:AES256-B2B256 +-2 # client TLSv1 AES256-B2B256 -v 1 -l QSH:AES256-B2B256 +-2 # server TLSv1.1 HC128-SHA -v 2 -l QSH:HC128-SHA +-2 # client TLSv1.1 HC128-SHA -v 2 -l QSH:HC128-SHA +-2 # server TLSv1.1 HC128-MD5 -v 2 -l QSH:HC128-MD5 +-2 # client TLSv1.1 HC128-MD5 -v 2 -l QSH:HC128-MD5 +-2 # server TLSv1.1 HC128-B2B256 -v 2 -l QSH:HC128-B2B256 +-2 # client TLSv1.1 HC128-B2B256 -v 2 -l QSH:HC128-B2B256 +-2 # server TLSv1.1 AES128-B2B256 -v 2 -l QSH:AES128-B2B256 +-2 # client TLSv1.1 AES128-B2B256 -v 2 -l QSH:AES128-B2B256 +-2 # server TLSv1.1 AES256-B2B256 -v 2 -l QSH:AES256-B2B256 +-2 # client TLSv1.1 AES256-B2B256 -v 2 -l QSH:AES256-B2B256 +-2 # server TLSv1.2 HC128-SHA -v 3 -l QSH:HC128-SHA +-2 # client TLSv1.2 HC128-SHA -v 3 -l QSH:HC128-SHA +-2 # server TLSv1.2 HC128-MD5 -v 3 -l QSH:HC128-MD5 +-2 # client TLSv1.2 HC128-MD5 -v 3 -l QSH:HC128-MD5 +-2 # server TLSv1.2 HC128-B2B256 -v 3 -l QSH:HC128-B2B256 +-2 # client TLSv1.2 HC128-B2B256 -v 3 -l QSH:HC128-B2B256 +-2 # server TLSv1.2 AES128-B2B256 -v 3 -l QSH:AES128-B2B256 +-2 # client TLSv1.2 AES128-B2B256 -v 3 -l QSH:AES128-B2B256 +-2 # server TLSv1.2 AES256-B2B256 -v 3 -l QSH:AES256-B2B256 +-2 # client TLSv1.2 AES256-B2B256 -v 3 -l QSH:AES256-B2B256 +-2 # server TLSv1 RABBIT-SHA -v 1 -l QSH:RABBIT-SHA +-2 # client TLSv1 RABBIT-SHA -v 1 -l QSH:RABBIT-SHA +-2 # server TLSv1.1 RABBIT-SHA -v 2 -l QSH:RABBIT-SHA +-2 # client TLSv1.1 RABBIT-SHA -v 2 -l QSH:RABBIT-SHA +-2 # server TLSv1.2 RABBIT-SHA -v 3 -l QSH:RABBIT-SHA +-2 # client TLSv1.2 RABBIT-SHA -v 3 -l QSH:RABBIT-SHA +-2 # server TLSv1 DHE AES128 -v 1 -l QSH:DHE-RSA-AES128-SHA +-2 # client TLSv1 DHE AES128 -v 1 -l QSH:DHE-RSA-AES128-SHA +-2 # server TLSv1 DHE AES256 -v 1 -l QSH:DHE-RSA-AES256-SHA +-2 # client TLSv1 DHE AES256 -v 1 -l QSH:DHE-RSA-AES256-SHA +-2 # server TLSv1 DHE AES128-SHA256 -v 1 -l QSH:DHE-RSA-AES128-SHA256 +-2 # client TLSv1 DHE AES128-SHA256 -v 1 -l QSH:DHE-RSA-AES128-SHA256 +-2 # server TLSv1 DHE AES256-SHA256 -v 1 -l QSH:DHE-RSA-AES256-SHA256 +-2 # client TLSv1 DHE AES256-SHA256 -v 1 -l QSH:DHE-RSA-AES256-SHA256 +-2 # server TLSv1.1 DHE AES128 -v 2 -l QSH:DHE-RSA-AES128-SHA +-2 # client TLSv1.1 DHE AES128 -v 2 -l QSH:DHE-RSA-AES128-SHA +-2 # server TLSv1.1 DHE AES256 -v 2 -l QSH:DHE-RSA-AES256-SHA +-2 # client TLSv1.1 DHE AES256 -v 2 -l QSH:DHE-RSA-AES256-SHA +-2 # server TLSv1.1 DHE AES128-SHA256 -v 2 -l QSH:DHE-RSA-AES128-SHA256 +-2 # client TLSv1.1 DHE AES128-SHA256 -v 2 -l QSH:DHE-RSA-AES128-SHA256 +-2 # server TLSv1.1 DHE AES256-SHA256 -v 2 -l QSH:DHE-RSA-AES256-SHA256 +-2 # client TLSv1.1 DHE AES256-SHA256 -v 2 -l QSH:DHE-RSA-AES256-SHA256 +-2 # server TLSv1.2 DHE AES128 -v 3 -l QSH:DHE-RSA-AES128-SHA +-2 # client TLSv1.2 DHE AES128 -v 3 -l QSH:DHE-RSA-AES128-SHA +-2 # server TLSv1.2 DHE AES256 -v 3 -l QSH:DHE-RSA-AES256-SHA +-2 # client TLSv1.2 DHE AES256 -v 3 -l QSH:DHE-RSA-AES256-SHA +-2 # server TLSv1.2 DHE AES128-SHA256 -v 3 -l QSH:DHE-RSA-AES128-SHA256 +-2 # client TLSv1.2 DHE AES128-SHA256 -v 3 -l QSH:DHE-RSA-AES128-SHA256 +-2 # server TLSv1.2 DHE AES256-SHA256 -v 3 -l QSH:DHE-RSA-AES256-SHA256 +-2 # client TLSv1.2 DHE AES256-SHA256 -v 3 -l QSH:DHE-RSA-AES256-SHA256 +-2 # server TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l QSH:ECDHE-PSK-AES128-SHA256 +-2 # client TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l QSH:ECDHE-PSK-AES128-SHA256 +-2 # server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l QSH:ECDHE-PSK-AES128-SHA256 +-2 # client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l QSH:ECDHE-PSK-AES128-SHA256 +-2 # server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l QSH:ECDHE-PSK-AES128-SHA256 +-2 # client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l QSH:ECDHE-PSK-AES128-SHA256 +-2 # server TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l QSH:ECDHE-PSK-NULL-SHA256 +-2 # client TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l QSH:ECDHE-PSK-NULL-SHA256 +-2 # server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l QSH:ECDHE-PSK-NULL-SHA256 +-2 # client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l QSH:ECDHE-PSK-NULL-SHA256 +-2 # server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l QSH:ECDHE-PSK-NULL-SHA256 +-2 # client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l QSH:ECDHE-PSK-NULL-SHA256 +-2 # server TLSv1 PSK-AES128 -s -v 1 -l QSH:PSK-AES128-CBC-SHA +-2 # client TLSv1 PSK-AES128 -s -v 1 -l QSH:PSK-AES128-CBC-SHA +-2 # server TLSv1 PSK-AES256 -s -v 1 -l QSH:PSK-AES256-CBC-SHA +-2 # client TLSv1 PSK-AES256 -s -v 1 -l QSH:PSK-AES256-CBC-SHA +-2 # server TLSv1.1 PSK-AES128 -s -v 2 -l QSH:PSK-AES128-CBC-SHA +-2 # client TLSv1.1 PSK-AES128 -s -v 2 -l QSH:PSK-AES128-CBC-SHA +-2 # server TLSv1.1 PSK-AES256 -s -v 2 -l QSH:PSK-AES256-CBC-SHA +-2 # client TLSv1.1 PSK-AES256 -s -v 2 -l QSH:PSK-AES256-CBC-SHA +-2 # server TLSv1.2 PSK-AES128 -s -v 3 -l QSH:PSK-AES128-CBC-SHA +-2 # client TLSv1.2 PSK-AES128 -s -v 3 -l QSH:PSK-AES128-CBC-SHA +-2 # server TLSv1.2 PSK-AES256 -s -v 3 -l QSH:PSK-AES256-CBC-SHA +-2 # client TLSv1.2 PSK-AES256 -s -v 3 -l QSH:PSK-AES256-CBC-SHA +-2 # server TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l QSH:PSK-AES128-CBC-SHA256 +-2 # client TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l QSH:PSK-AES128-CBC-SHA256 +-2 # server TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l QSH:PSK-AES128-CBC-SHA256 +-2 # client TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l QSH:PSK-AES128-CBC-SHA256 +-2 # server TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l QSH:PSK-AES128-CBC-SHA256 +-2 # client TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l QSH:PSK-AES128-CBC-SHA256 +-2 # server TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l QSH:PSK-AES256-CBC-SHA384 +-2 # client TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l QSH:PSK-AES256-CBC-SHA384 +-2 # server TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l QSH:PSK-AES256-CBC-SHA384 +-2 # client TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l QSH:PSK-AES256-CBC-SHA384 +-2 # server TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l QSH:PSK-AES256-CBC-SHA384 +-2 # client TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l QSH:PSK-AES256-CBC-SHA384 +-2 # server TLSv1.0 PSK-NULL -s -v 1 -l QSH:PSK-NULL-SHA +-2 # client TLSv1.0 PSK-NULL -s -v 1 -l QSH:PSK-NULL-SHA +-2 # server TLSv1.1 PSK-NULL -s -v 2 -l QSH:PSK-NULL-SHA +-2 # client TLSv1.1 PSK-NULL -s -v 2 -l QSH:PSK-NULL-SHA +-2 # server TLSv1.2 PSK-NULL -s -v 3 -l QSH:PSK-NULL-SHA +-2 # client TLSv1.2 PSK-NULL -s -v 3 -l QSH:PSK-NULL-SHA +-2 # server TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l QSH:PSK-NULL-SHA256 +-2 # client TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l QSH:PSK-NULL-SHA256 +-2 # server TLSv1.2 PSK-NULL-SHA384 -s -v 3 -l QSH:PSK-NULL-SHA384 +-2 # client TLSv1.2 PSK-NULL-SHA384 -s -v 3 -l QSH:PSK-NULL-SHA384 +-2 # server TLSv1.2 PSK-NULL -s -v 3 -l QSH:PSK-NULL-SHA +-2 # client TLSv1.2 PSK-NULL -s -v 3 -l QSH:PSK-NULL-SHA +-2 # server TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l QSH:PSK-NULL-SHA256 +-2 # client TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l QSH:PSK-NULL-SHA256 +-2 # server TLSv1.0 RSA-NULL-SHA -v 1 -l QSH:NULL-SHA +-2 # client TLSv1.0 RSA-NULL-SHA -v 1 -l QSH:NULL-SHA +-2 # server TLSv1.1 RSA-NULL-SHA -v 2 -l QSH:NULL-SHA +-2 # client TLSv1.1 RSA-NULL-SHA -v 2 -l QSH:NULL-SHA +-2 # server TLSv1.2 RSA-NULL-SHA -v 3 -l QSH:NULL-SHA +-2 # client TLSv1.2 RSA-NULL-SHA -v 3 -l QSH:NULL-SHA +-2 # server TLSv1.0 RSA-NULL-SHA256 -v 1 -l QSH:NULL-SHA256 +-2 # client TLSv1.0 RSA-NULL-SHA256 -v 1 -l QSH:NULL-SHA256 +-2 # server TLSv1.1 RSA-NULL-SHA256 -v 2 -l QSH:NULL-SHA256 +-2 # client TLSv1.1 RSA-NULL-SHA256 -v 2 -l QSH:NULL-SHA256 +-2 # server TLSv1.2 RSA-NULL-SHA256 -v 3 -l QSH:NULL-SHA256 +-2 # client TLSv1.2 RSA-NULL-SHA256 -v 3 -l QSH:NULL-SHA256 +-2 # server TLSv1 CAMELLIA128-SHA -v 1 -l QSH:CAMELLIA128-SHA +-2 # client TLSv1 CAMELLIA128-SHA -v 1 -l QSH:CAMELLIA128-SHA +-2 # server TLSv1 CAMELLIA256-SHA -v 1 -l QSH:CAMELLIA256-SHA +-2 # client TLSv1 CAMELLIA256-SHA -v 1 -l QSH:CAMELLIA256-SHA +-2 # server TLSv1 CAMELLIA128-SHA256 -v 1 -l QSH:CAMELLIA128-SHA256 +-2 # client TLSv1 CAMELLIA128-SHA256 -v 1 -l QSH:CAMELLIA128-SHA256 +-2 # server TLSv1 CAMELLIA256-SHA256 -v 1 -l QSH:CAMELLIA256-SHA256 +-2 # client TLSv1 CAMELLIA256-SHA256 -v 1 -l QSH:CAMELLIA256-SHA256 +-2 # server TLSv1.1 CAMELLIA128-SHA -v 2 -l QSH:CAMELLIA128-SHA +-2 # client TLSv1.1 CAMELLIA128-SHA -v 2 -l QSH:CAMELLIA128-SHA +-2 # server TLSv1.1 CAMELLIA256-SHA -v 2 -l QSH:CAMELLIA256-SHA +-2 # client TLSv1.1 CAMELLIA256-SHA -v 2 -l QSH:CAMELLIA256-SHA +-2 # server TLSv1.1 CAMELLIA128-SHA256 -v 2 -l QSH:CAMELLIA128-SHA256 +-2 # client TLSv1.1 CAMELLIA128-SHA256 -v 2 -l QSH:CAMELLIA128-SHA256 +-2 # server TLSv1.1 CAMELLIA256-SHA256 -v 2 -l QSH:CAMELLIA256-SHA256 +-2 # client TLSv1.1 CAMELLIA256-SHA256 -v 2 -l QSH:CAMELLIA256-SHA256 +-2 # server TLSv1.2 CAMELLIA128-SHA -v 3 -l QSH:CAMELLIA128-SHA +-2 # client TLSv1.2 CAMELLIA128-SHA -v 3 -l QSH:CAMELLIA128-SHA +-2 # server TLSv1.2 CAMELLIA256-SHA -v 3 -l QSH:CAMELLIA256-SHA +-2 # client TLSv1.2 CAMELLIA256-SHA -v 3 -l QSH:CAMELLIA256-SHA +-2 # server TLSv1.2 CAMELLIA128-SHA256 -v 3 -l QSH:CAMELLIA128-SHA256 +-2 # client TLSv1.2 CAMELLIA128-SHA256 -v 3 -l QSH:CAMELLIA128-SHA256 +-2 # server TLSv1.2 CAMELLIA256-SHA256 -v 3 -l QSH:CAMELLIA256-SHA256 +-2 # client TLSv1.2 CAMELLIA256-SHA256 -v 3 -l QSH:CAMELLIA256-SHA256 +-2 # server TLSv1 DHE-RSA-CAMELLIA128-SHA -v 1 -l QSH:DHE-RSA-CAMELLIA128-SHA +-2 # client TLSv1 DHE-RSA-CAMELLIA128-SHA -v 1 -l QSH:DHE-RSA-CAMELLIA128-SHA +-2 # server TLSv1 DHE-RSA-CAMELLIA256-SHA -v 1 -l QSH:DHE-RSA-CAMELLIA256-SHA +-2 # client TLSv1 DHE-RSA-CAMELLIA256-SHA -v 1 -l QSH:DHE-RSA-CAMELLIA256-SHA +-2 # server TLSv1 DHE-RSA-CAMELLIA128-SHA256 -v 1 -l QSH:DHE-RSA-CAMELLIA128-SHA256 +-2 # client TLSv1 DHE-RSA-CAMELLIA128-SHA256 -v 1 -l QSH:DHE-RSA-CAMELLIA128-SHA256 +-2 # server TLSv1 DHE-RSA-CAMELLIA256-SHA256 -v 1 -l QSH:DHE-RSA-CAMELLIA256-SHA256 +-2 # client TLSv1 DHE-RSA-CAMELLIA256-SHA256 -v 1 -l QSH:DHE-RSA-CAMELLIA256-SHA256 +-2 # server TLSv1.1 DHE-RSA-CAMELLIA128-SHA -v 2 -l QSH:DHE-RSA-CAMELLIA128-SHA +-2 # client TLSv1.1 DHE-RSA-CAMELLIA128-SHA -v 2 -l QSH:DHE-RSA-CAMELLIA128-SHA +-2 # server TLSv1.1 DHE-RSA-CAMELLIA256-SHA -v 2 -l QSH:DHE-RSA-CAMELLIA256-SHA +-2 # client TLSv1.1 DHE-RSA-CAMELLIA256-SHA -v 2 -l QSH:DHE-RSA-CAMELLIA256-SHA +-2 # server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 -v 2 -l QSH:DHE-RSA-CAMELLIA128-SHA256 +-2 # client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 -v 2 -l QSH:DHE-RSA-CAMELLIA128-SHA256 +-2 # server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 -v 2 -l QSH:DHE-RSA-CAMELLIA256-SHA256 +-2 # client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 -v 2 -l QSH:DHE-RSA-CAMELLIA256-SHA256 +-2 # server TLSv1.2 DHE-RSA-CAMELLIA128-SHA -v 3 -l QSH:DHE-RSA-CAMELLIA128-SHA +-2 # client TLSv1.2 DHE-RSA-CAMELLIA128-SHA -v 3 -l QSH:DHE-RSA-CAMELLIA128-SHA +-2 # server TLSv1.2 DHE-RSA-CAMELLIA256-SHA -v 3 -l QSH:DHE-RSA-CAMELLIA256-SHA +-2 # client TLSv1.2 DHE-RSA-CAMELLIA256-SHA -v 3 -l QSH:DHE-RSA-CAMELLIA256-SHA +-2 # server TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 -v 3 -l QSH:DHE-RSA-CAMELLIA128-SHA256 +-2 # client TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 -v 3 -l QSH:DHE-RSA-CAMELLIA128-SHA256 +-2 # server TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 -v 3 -l QSH:DHE-RSA-CAMELLIA256-SHA256 +-2 # client TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 -v 3 -l QSH:DHE-RSA-CAMELLIA256-SHA256 +-2 # server TLSv1.2 RSA-AES128-GCM-SHA256 -v 3 -l QSH:AES128-GCM-SHA256 +-2 # client TLSv1.2 RSA-AES128-GCM-SHA256 -v 3 -l QSH:AES128-GCM-SHA256 +-2 # server TLSv1.2 RSA-AES256-GCM-SHA384 -v 3 -l QSH:AES256-GCM-SHA384 +-2 # client TLSv1.2 RSA-AES256-GCM-SHA384 -v 3 -l QSH:AES256-GCM-SHA384 +-2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDH-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDH-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDH-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDHE-RSA-AES128-GCM-SHA256 +-2 # client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDHE-RSA-AES128-GCM-SHA256 +-2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDHE-RSA-AES256-GCM-SHA384 +-2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDHE-RSA-AES256-GCM-SHA384 +-2 # server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDH-RSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDH-RSA-AES128-GCM-SHA256 +-2 # server TLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDH-RSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDH-RSA-AES256-GCM-SHA384 +-2 # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 -v 3 -l QSH:DHE-RSA-AES128-GCM-SHA256 +-2 # client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 -v 3 -l QSH:DHE-RSA-AES128-GCM-SHA256 +-2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l QSH:DHE-RSA-AES256-GCM-SHA384 +-2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l QSH:DHE-RSA-AES256-GCM-SHA384 +-2 # server TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l QSH:PSK-AES128-GCM-SHA256 +-2 # client TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l QSH:PSK-AES128-GCM-SHA256 +-2 # server TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l QSH:PSK-AES256-GCM-SHA384 +-2 # client TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l QSH:PSK-AES256-GCM-SHA384 +-2 # server TLSv1.2 AES128-CCM-8 -v 3 -l QSH:AES128-CCM-8 +-2 # client TLSv1.2 AES128-CCM-8 -v 3 -l QSH:AES128-CCM-8 +-2 # server TLSv1.2 AES256-CCM-8 -v 3 -l QSH:AES256-CCM-8 +-2 # client TLSv1.2 AES256-CCM-8 -v 3 -l QSH:AES256-CCM-8 +-2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l QSH:ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l QSH:ECDHE-ECDSA-AES128-CCM -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l QSH:ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l QSH:ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -v 3 -l QSH:ECDHE-ECDSA-AES256-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -v 3 -l QSH:ECDHE-ECDSA-AES256-CCM-8 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 PSK-AES128-CCM -s -v 3 -l QSH:PSK-AES128-CCM +-2 # client TLSv1.2 PSK-AES128-CCM -s -v 3 -l QSH:PSK-AES128-CCM +-2 # server TLSv1.2 PSK-AES256-CCM -s -v 3 -l QSH:PSK-AES256-CCM +-2 # client TLSv1.2 PSK-AES256-CCM -s -v 3 -l QSH:PSK-AES256-CCM +-2 # server TLSv1.2 PSK-AES128-CCM-8 -s -v 3 -l QSH:PSK-AES128-CCM-8 +-2 # client TLSv1.2 PSK-AES128-CCM-8 -s -v 3 -l QSH:PSK-AES128-CCM-8 +-2 # server TLSv1.2 PSK-AES256-CCM-8 -s -v 3 -l QSH:PSK-AES256-CCM-8 +-2 # client TLSv1.2 PSK-AES256-CCM-8 -s -v 3 -l QSH:PSK-AES256-CCM-8 +-2 # server TLSv1.0 DHE-PSK-AES128-CBC-SHA256 -s -v 1 -l QSH:DHE-PSK-AES128-CBC-SHA256 +-2 # client TLSv1.0 DHE-PSK-AES128-CBC-SHA256 -s -v 1 -l QSH:DHE-PSK-AES128-CBC-SHA256 +-2 # server TLSv1.1 DHE-PSK-AES128-CBC-SHA256 -s -v 2 -l QSH:DHE-PSK-AES128-CBC-SHA256 +-2 # client TLSv1.1 DHE-PSK-AES128-CBC-SHA256 -s -v 2 -l QSH:DHE-PSK-AES128-CBC-SHA256 +-2 # server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 -s -v 3 -l QSH:DHE-PSK-AES128-CBC-SHA256 +-2 # client TLSv1.2 DHE-PSK-AES128-CBC-SHA256 -s -v 3 -l QSH:DHE-PSK-AES128-CBC-SHA256 +-2 # server TLSv1.0 DHE-PSK-AES256-CBC-SHA384 -s -v 1 -l QSH:DHE-PSK-AES256-CBC-SHA384 +-2 # client TLSv1.0 DHE-PSK-AES256-CBC-SHA384 -s -v 1 -l QSH:DHE-PSK-AES256-CBC-SHA384 +-2 # server TLSv1.1 DHE-PSK-AES256-CBC-SHA384 -s -v 2 -l QSH:DHE-PSK-AES256-CBC-SHA384 +-2 # client TLSv1.1 DHE-PSK-AES256-CBC-SHA384 -s -v 2 -l QSH:DHE-PSK-AES256-CBC-SHA384 +-2 # server TLSv1.2 DHE-PSK-AES256-CBC-SHA384 -s -v 3 -l QSH:DHE-PSK-AES256-CBC-SHA384 +-2 # client TLSv1.2 DHE-PSK-AES256-CBC-SHA384 -s -v 3 -l QSH:DHE-PSK-AES256-CBC-SHA384 +-2 # server TLSv1.0 DHE-PSK-NULL-SHA256 -s -v 1 -l QSH:DHE-PSK-NULL-SHA256 +-2 # client TLSv1.0 DHE-PSK-NULL-SHA256 -s -v 1 -l QSH:DHE-PSK-NULL-SHA256 +-2 # server TLSv1.1 DHE-PSK-NULL-SHA256 -s -v 2 -l QSH:DHE-PSK-NULL-SHA256 +-2 # client TLSv1.1 DHE-PSK-NULL-SHA256 -s -v 2 -l QSH:DHE-PSK-NULL-SHA256 +-2 # server TLSv1.2 DHE-PSK-NULL-SHA256 -s -v 3 -l QSH:DHE-PSK-NULL-SHA256 +-2 # client TLSv1.2 DHE-PSK-NULL-SHA256 -s -v 3 -l QSH:DHE-PSK-NULL-SHA256 +-2 # server TLSv1.0 DHE-PSK-NULL-SHA384 -s -v 1 -l QSH:DHE-PSK-NULL-SHA384 +-2 # client TLSv1.0 DHE-PSK-NULL-SHA384 -s -v 1 -l QSH:DHE-PSK-NULL-SHA384 +-2 # server TLSv1.1 DHE-PSK-NULL-SHA384 -s -v 2 -l QSH:DHE-PSK-NULL-SHA384 +-2 # client TLSv1.1 DHE-PSK-NULL-SHA384 -s -v 2 -l QSH:DHE-PSK-NULL-SHA384 +-2 # server TLSv1.2 DHE-PSK-NULL-SHA384 -s -v 3 -l QSH:DHE-PSK-NULL-SHA384 +-2 # client TLSv1.2 DHE-PSK-NULL-SHA384 -s -v 3 -l QSH:DHE-PSK-NULL-SHA384 +-2 # server TLSv1.2 DHE-PSK-AES128-GCM-SHA256 -s -v 3 -l QSH:DHE-PSK-AES128-GCM-SHA256 +-2 # client TLSv1.2 DHE-PSK-AES128-GCM-SHA256 -s -v 3 -l QSH:DHE-PSK-AES128-GCM-SHA256 +-2 # server TLSv1.2 DHE-PSK-AES256-GCM-SHA384 -s -v 3 -l QSH:DHE-PSK-AES256-GCM-SHA384 +-2 # client TLSv1.2 DHE-PSK-AES256-GCM-SHA384 -s -v 3 -l QSH:DHE-PSK-AES256-GCM-SHA384 +-2 # server TLSv1.2 DHE-PSK-AES128-CCM -s -v 3 -l QSH:DHE-PSK-AES128-CCM +-2 # client TLSv1.2 DHE-PSK-AES128-CCM -s -v 3 -l QSH:DHE-PSK-AES128-CCM +-2 # server TLSv1.2 DHE-PSK-AES256-CCM -s -v 3 -l QSH:DHE-PSK-AES256-CCM +-2 # client TLSv1.2 DHE-PSK-AES256-CCM -s -v 3 -l QSH:DHE-PSK-AES256-CCM +-2 # server TLSv1.2 ADH-AES128-SHA -a -v 3 -l QSH:ADH-AES128-SHA +-2 # client TLSv1.2 ADH-AES128-SHA -a -v 3 -l QSH:ADH-AES128-SHA +-2 # server TLSv1.1 ADH-AES128-SHA -a -v 2 -l QSH:ADH-AES128-SHA +-2 # client TLSv1.1 ADH-AES128-SHA -a -v 2 -l QSH:ADH-AES128-SHA +-2 # server TLSv1.0 ADH-AES128-SHA -a -v 1 -l QSH:ADH-AES128-SHA +-2 # client TLSv1.0 ADH-AES128-SHA -a -v 1 -l QSH:ADH-AES128-SHA +-2 # server TLSv1 NTRU_RC4 -v 1 @@ -2038,10 +2482,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1 NTRU_RC4 -v 1 -l QSH:NTRU-RC4-SHA +-2 # server TLSv1 NTRU_DES3 -v 1 @@ -2049,10 +2495,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1 NTRU_DES3 -v 1 -l QSH:NTRU-DES-CBC3-SHA +-2 # server TLSv1 NTRU_AES128 -v 1 @@ -2060,10 +2508,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1 NTRU_AES128 -v 1 -l QSH:NTRU-AES128-SHA +-2 # server TLSv1 NTRU_AES256 -v 1 @@ -2071,10 +2521,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1 NTRU_AES256 -v 1 -l QSH:NTRU-AES256-SHA +-2 # server TLSv1.1 NTRU_RC4 -v 2 @@ -2082,10 +2534,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1.1 NTRU_RC4 -v 2 -l QSH:NTRU-RC4-SHA +-2 # server TLSv1.1 NTRU_DES3 -v 2 @@ -2093,10 +2547,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1.1 NTRU_DES3 -v 2 -l QSH:NTRU-DES-CBC3-SHA +-2 # server TLSv1.1 NTRU_AES128 -v 2 @@ -2104,10 +2560,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1.1 NTRU_AES128 -v 2 -l QSH:NTRU-AES128-SHA +-2 # server TLSv1.1 NTRU_AES256 -v 2 @@ -2115,10 +2573,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1.1 NTRU_AES256 -v 2 -l QSH:NTRU-AES256-SHA +-2 # server TLSv1.2 NTRU_RC4 -v 3 @@ -2126,10 +2586,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1.2 NTRU_RC4 -v 3 -l QSH:NTRU-RC4-SHA +-2 # server TLSv1.2 NTRU_DES3 -v 3 @@ -2137,10 +2599,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1.2 NTRU_DES3 -v 3 -l QSH:NTRU-DES-CBC3-SHA +-2 # server TLSv1.2 NTRU_AES128 -v 3 @@ -2148,6 +2612,7 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1.2 NTRU_AES128 -v 3 diff --git a/tests/test-sctp.conf b/tests/test-sctp.conf index 1f6a303fc..cedb2f59d 100644 --- a/tests/test-sctp.conf +++ b/tests/test-sctp.conf @@ -2,21 +2,25 @@ -G -v 2 -l DHE-RSA-CHACHA20-POLY1305 +-2 # client DTLSv1 DHE-RSA-CHACHA20-POLY1305 -G -v 2 -l DHE-RSA-CHACHA20-POLY1305 +-2 # server DTLSv1 ECDHE-RSA-CHACHA20-POLY1305 -G -v 2 -l ECDHE-RSA-CHACHA20-POLY1305 +-2 # client DTLSv1 ECDHE-RSA-CHACHA20-POLY1305 -G -v 2 -l ECDHE-RSA-CHACHA20-POLY1305 +-2 # server DTLSv1 ECDHE-EDCSA-CHACHA20-POLY1305 -G @@ -24,32 +28,38 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1 ECDHE-ECDSA-CHACHA20-POLY1305 -G -v 2 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 -G -v 3 -l DHE-RSA-CHACHA20-POLY1305 +-2 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 -G -v 3 -l DHE-RSA-CHACHA20-POLY1305 +-2 # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -G -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 +-2 # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -G -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 +-2 # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -G @@ -57,68 +67,80 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -G -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -G -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 +-2 # client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -G -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 +-2 # server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -G -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 +-2 # client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -G -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 +-2 # server TLSv1.2 PSK-CHACHA20-POLY1305 -G -v 3 -s -l PSK-CHACHA20-POLY1305 +-2 # client TLSv1.2 PSK-CHACHA20-POLY1305 -G -v 3 -s -l PSK-CHACHA20-POLY1305 +-2 # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -G -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD +-2 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -G -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD +-2 # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -G -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD +-2 # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -G -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD +-2 # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD -G @@ -126,232 +148,278 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD -G -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1 RC4-SHA -G -v 2 -l RC4-SHA +-2 # client DTLSv1 RC4-SHA -G -v 2 -l RC4-SHA +-2 # server DTLSv1.2 RC4-SHA -G -v 3 -l RC4-SHA +-2 # client DTLSv1.2 RC4-SHA -G -v 3 -l RC4-SHA +-2 # server DTLSv1 IDEA-CBC-SHA -G -v 2 -l IDEA-CBC-SHA +-2 # client DTLSv1 IDEA-CBC-SHA -G -v 2 -l IDEA-CBC-SHA +-2 # server DTLSv1 DES-CBC3-SHA -G -v 2 -l DES-CBC3-SHA +-2 # client DTLSv1 DES-CBC3-SHA -G -v 2 -l DES-CBC3-SHA +-2 # server DTLSv1.2 DES-CBC3-SHA -G -v 3 -l DES-CBC3-SHA +-2 # client DTLSv1.2 DES-CBC3-SHA -G -v 3 -l DES-CBC3-SHA +-2 # server DTLSv1 AES128-SHA -G -v 2 -l AES128-SHA +-2 # client DTLSv1 AES128-SHA -G -v 2 -l AES128-SHA +-2 # server DTLSv1.2 AES128-SHA -G -v 3 -l AES128-SHA +-2 # client DTLSv1.2 AES128-SHA -G -v 3 -l AES128-SHA +-2 # server DTLSv1 AES256-SHA -G -v 2 -l AES256-SHA +-2 # client DTLSv1 AES256-SHA -G -v 2 -l AES256-SHA +-2 # server DTLSv1.2 AES256-SHA -G -v 3 -l AES256-SHA +-2 # client DTLSv1.2 AES256-SHA -G -v 3 -l AES256-SHA +-2 # server DTLSv1 AES128-SHA256 -G -v 2 -l AES128-SHA256 +-2 # client DTLSv1 AES128-SHA256 -G -v 2 -l AES128-SHA256 +-2 # server DTLSv1.2 AES128-SHA256 -G -v 3 -l AES128-SHA256 +-2 # client DTLSv1.2 AES128-SHA256 -G -v 3 -l AES128-SHA256 +-2 # server DTLSv1 AES256-SHA256 -G -v 2 -l AES256-SHA256 +-2 # client DTLSv1 AES256-SHA256 -G -v 2 -l AES256-SHA256 +-2 # server DTLSv1.2 AES256-SHA256 -G -v 3 -l AES256-SHA256 +-2 # client DTLSv1.2 AES256-SHA256 -G -v 3 -l AES256-SHA256 +-2 # server DTLSv1 ECDHE-RSA-RC4 -G -v 2 -l ECDHE-RSA-RC4-SHA +-2 # client DTLSv1 ECDHE-RSA-RC4 -G -v 2 -l ECDHE-RSA-RC4-SHA +-2 # server DTLSv1.1 ECDHE-RSA-DES3 -G -v 2 -l ECDHE-RSA-DES-CBC3-SHA +-2 # client DTLSv1.1 ECDHE-RSA-DES3 -G -v 2 -l ECDHE-RSA-DES-CBC3-SHA +-2 # server DTLSv1.1 ECDHE-RSA-AES128 -G -v 2 -l ECDHE-RSA-AES128-SHA +-2 # client DTLSv1.1 ECDHE-RSA-AES128 -G -v 2 -l ECDHE-RSA-AES128-SHA +-2 # server DTLSv1.1 ECDHE-RSA-AES256 -G -v 2 -l ECDHE-RSA-AES256-SHA +-2 # client DTLSv1.1 ECDHE-RSA-AES256 -G -v 2 -l ECDHE-RSA-AES256-SHA +-2 # server DTLSv1.2 ECDHE-RSA-RC4 -G -v 3 -l ECDHE-RSA-RC4-SHA +-2 # client DTLSv1.2 ECDHE-RSA-RC4 -G -v 3 -l ECDHE-RSA-RC4-SHA +-2 # server DTLSv1.2 ECDHE-RSA-DES3 -G -v 3 -l ECDHE-RSA-DES-CBC3-SHA +-2 # client DTLSv1.2 ECDHE-RSA-DES3 -G -v 3 -l ECDHE-RSA-DES-CBC3-SHA +-2 # server DTLSv1.2 ECDHE-RSA-AES128 -G -v 3 -l ECDHE-RSA-AES128-SHA +-2 # client DTLSv1.2 ECDHE-RSA-AES128 -G -v 3 -l ECDHE-RSA-AES128-SHA +-2 # server DTLSv1.2 ECDHE-RSA-AES128-SHA256 -G -v 3 -l ECDHE-RSA-AES128-SHA256 +-2 # client DTLSv1.2 ECDHE-RSA-AES128-SHA256 -G -v 3 -l ECDHE-RSA-AES128-SHA256 +-2 # server DTLSv1.2 ECDHE-RSA-AES256 -G -v 3 -l ECDHE-RSA-AES256-SHA +-2 # client DTLSv1.2 ECDHE-RSA-AES256 -G -v 3 -l ECDHE-RSA-AES256-SHA +-2 # server TLSv1 ECDHE-ECDSA-NULL-SHA -G @@ -359,12 +427,14 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -G -v 1 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDHE-ECDSA-NULL-SHA -G @@ -372,12 +442,14 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -G -v 2 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-NULL-SHA -G @@ -385,12 +457,14 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-NULL-SHA -G -v 3 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.1 ECDHE-EDCSA-RC4 -G @@ -398,12 +472,14 @@ -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDHE-ECDSA-RC4 -G -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.1 ECDHE-ECDSA-DES3 -G @@ -411,12 +487,14 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDHE-ECDSA-DES3 -G -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.1 ECDHE-ECDSA-AES128 -G @@ -424,12 +502,14 @@ -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDHE-ECDSA-AES128 -G -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.1 ECDHE-ECDSA-AES256 -G @@ -437,12 +517,14 @@ -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDHE-ECDSA-AES256 -G -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-ECDSA-RC4 -G @@ -450,12 +532,14 @@ -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-RC4 -G -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-ECDSA-DES3 -G @@ -463,12 +547,14 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-DES3 -G -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-ECDSA-AES128 -G @@ -476,12 +562,14 @@ -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES128 -G -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 -G @@ -489,12 +577,14 @@ -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 -G -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-ECDSA-AES256 -G @@ -502,12 +592,14 @@ -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES256 -G -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.1 ECDH-RSA-RC4 -G @@ -515,11 +607,13 @@ -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDH-RSA-RC4 -G -v 2 -l ECDH-RSA-RC4-SHA +-2 # server DTLSv1.1 ECDH-RSA-DES3 -G @@ -527,11 +621,13 @@ -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDH-RSA-DES3 -G -v 2 -l ECDH-RSA-DES-CBC3-SHA +-2 # server DTLSv1.1 ECDH-RSA-AES128 -G @@ -539,11 +635,13 @@ -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDH-RSA-AES128 -G -v 2 -l ECDH-RSA-AES128-SHA +-2 # server DTLSv1.1 ECDH-RSA-AES256 -G @@ -551,11 +649,13 @@ -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDH-RSA-AES256 -G -v 2 -l ECDH-RSA-AES256-SHA +-2 # server DTLSv1.2 ECDH-RSA-RC4 -G @@ -563,11 +663,13 @@ -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-RSA-RC4 -G -v 3 -l ECDH-RSA-RC4-SHA +-2 # server DTLSv1.2 ECDH-RSA-DES3 -G @@ -575,11 +677,13 @@ -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-RSA-DES3 -G -v 3 -l ECDH-RSA-DES-CBC3-SHA +-2 # server DTLSv1.2 ECDH-RSA-AES128 -G @@ -587,11 +691,13 @@ -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-RSA-AES128 -G -v 3 -l ECDH-RSA-AES128-SHA +-2 # server DTLSv1.2 ECDH-RSA-AES128-SHA256 -G @@ -599,11 +705,13 @@ -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-RSA-AES128-SHA256 -G -v 3 -l ECDH-RSA-AES128-SHA256 +-2 # server DTLSv1.2 ECDH-RSA-AES256 -G @@ -611,11 +719,13 @@ -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-RSA-AES256 -G -v 3 -l ECDH-RSA-AES256-SHA +-2 # server DTLSv1.1 ECDH-EDCSA-RC4 -G @@ -623,12 +733,14 @@ -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDH-ECDSA-RC4 -G -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.1 ECDH-ECDSA-DES3 -G @@ -636,12 +748,14 @@ -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDH-ECDSA-DES3 -G -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.1 ECDH-ECDSA-AES128 -G @@ -649,12 +763,14 @@ -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDH-ECDSA-AES128 -G -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.1 ECDH-ECDSA-AES256 -G @@ -662,12 +778,14 @@ -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.1 ECDH-ECDSA-AES256 -G -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-ECDSA-RC4 -G @@ -675,12 +793,14 @@ -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-ECDSA-RC4 -G -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDH-ECDSA-DES3 -G @@ -688,12 +808,14 @@ -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-ECDSA-DES3 -G -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDH-ECDSA-AES128 -G @@ -701,12 +823,14 @@ -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-ECDSA-AES128 -G -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDH-ECDSA-AES128-SHA256 -G @@ -714,12 +838,14 @@ -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-ECDSA-AES128-SHA256 -G -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDH-ECDSA-AES256 -G @@ -727,22 +853,26 @@ -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-ECDSA-AES256 -G -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-RSA-AES256-SHA384 -G -v 3 -l ECDHE-RSA-AES256-SHA384 +-2 # client DTLSv1.2 ECDHE-RSA-AES256-SHA384 -G -v 3 -l ECDHE-RSA-AES256-SHA384 +-2 # server DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 -G @@ -750,12 +880,14 @@ -l ECDHE-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 -G -v 3 -l ECDHE-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDH-RSA-AES256-SHA384 -G @@ -763,11 +895,13 @@ -l ECDH-RSA-AES256-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-RSA-AES256-SHA384 -G -v 3 -l ECDH-RSA-AES256-SHA384 +-2 # server DTLSv1.2 ECDH-ECDSA-AES256-SHA384 -G @@ -775,156 +909,182 @@ -l ECDH-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-ECDSA-AES256-SHA384 -G -v 3 -l ECDH-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 ECDHE-PSK-AES128-SHA256 -s -G -v 1 -l ECDHE-PSK-AES128-SHA256 +-2 # client TLSv1 ECDHE-PSK-AES128-SHA256 -s -G -v 1 -l ECDHE-PSK-AES128-SHA256 +-2 # server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -G -v 2 -l ECDHE-PSK-AES128-SHA256 +-2 # client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -G -v 2 -l ECDHE-PSK-AES128-SHA256 +-2 # server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -G -v 3 -l ECDHE-PSK-AES128-SHA256 +-2 # client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -G -v 3 -l ECDHE-PSK-AES128-SHA256 +-2 # server TLSv1 ECDHE-PSK-NULL-SHA256 -s -G -v 1 -l ECDHE-PSK-NULL-SHA256 +-2 # client TLSv1 ECDHE-PSK-NULL-SHA256 -s -G -v 1 -l ECDHE-PSK-NULL-SHA256 +-2 # server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -G -v 2 -l ECDHE-PSK-NULL-SHA256 +-2 # client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -G -v 2 -l ECDHE-PSK-NULL-SHA256 +-2 # server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -G -v 3 -l ECDHE-PSK-NULL-SHA256 +-2 # client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -G -v 3 -l ECDHE-PSK-NULL-SHA256 +-2 # server DTLSv1 PSK-AES128 -s -G -v 2 -l PSK-AES128-CBC-SHA +-2 # client DTLSv1 PSK-AES128 -s -G -v 2 -l PSK-AES128-CBC-SHA +-2 # server DTLSv1 PSK-AES256 -s -G -v 2 -l PSK-AES256-CBC-SHA +-2 # client DTLSv1 PSK-AES256 -s -G -v 2 -l PSK-AES256-CBC-SHA +-2 # server DTLSv1.2 PSK-AES128 -s -G -v 3 -l PSK-AES128-CBC-SHA +-2 # client DTLSv1.2 PSK-AES128 -s -G -v 3 -l PSK-AES128-CBC-SHA +-2 # server DTLSv1.2 PSK-AES256 -s -G -v 3 -l PSK-AES256-CBC-SHA +-2 # client DTLSv1.2 PSK-AES256 -s -G -v 3 -l PSK-AES256-CBC-SHA +-2 # server DTLSv1.2 PSK-AES128-SHA256 -s -G -v 3 -l PSK-AES128-CBC-SHA256 +-2 # client DTLSv1.2 PSK-AES128-SHA256 -s -G -v 3 -l PSK-AES128-CBC-SHA256 +-2 # server DTLSv1.2 PSK-AES256-SHA384 -s -G -v 3 -l PSK-AES256-CBC-SHA384 +-2 # client DTLSv1.2 PSK-AES256-SHA384 -s -G -v 3 -l PSK-AES256-CBC-SHA384 +-2 # server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -G @@ -932,12 +1092,14 @@ -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -G -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -G @@ -945,12 +1107,14 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -G -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -G @@ -958,12 +1122,14 @@ -l ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -G -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -G @@ -971,32 +1137,38 @@ -l ECDH-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -G -v 3 -l ECDH-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -G -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 +-2 # client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -G -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 +-2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -G -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 +-2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -G -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 +-2 # server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -G @@ -1004,11 +1176,13 @@ -l ECDH-RSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -G -v 3 -l ECDH-RSA-AES128-GCM-SHA256 +-2 # server DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -G @@ -1016,35 +1190,41 @@ -l ECDH-RSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -G -v 3 -l ECDH-RSA-AES256-GCM-SHA384 +-2 # server DTLSv1.2 PSK-AES128-GCM-SHA256 -G -s -v 3 -l PSK-AES128-GCM-SHA256 +-2 # client DTLSv1.2 PSK-AES128-GCM-SHA256 -G -s -v 3 -l PSK-AES128-GCM-SHA256 +-2 # server DTLSv1.2 PSK-AES256-GCM-SHA384 -G -s -v 3 -l PSK-AES256-GCM-SHA384 +-2 # client DTLSv1.2 PSK-AES256-GCM-SHA384 -G -s -v 3 -l PSK-AES256-GCM-SHA384 +-2 # server DTLSv1.2 ECDHE-ECDSA-AES128-CCM -G @@ -1052,12 +1232,14 @@ -l ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES128-CCM -G -v 3 -l ECDHE-ECDSA-AES128-CCM -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -G @@ -1065,12 +1247,14 @@ -l ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -G -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -G @@ -1078,30 +1262,35 @@ -l ECDHE-ECDSA-AES256-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -G -v 3 -l ECDHE-ECDSA-AES256-CCM-8 -A ./certs/ca-ecc-cert.pem +-2 # server DTLSv1.2 ADH-AES128-SHA -G -a -v 3 -l ADH-AES128-SHA +-2 # client DTLSv1.2 ADH-AES128-SHA -G -a -v 3 -l ADH-AES128-SHA +-2 # server DTLSv1.0 ADH-AES128-SHA -G -a -v 2 -l ADH-AES128-SHA +-2 # client DTLSv1.0 ADH-AES128-SHA -G diff --git a/tests/test-sig.conf b/tests/test-sig.conf index 680eb3506..b71be85c9 100644 --- a/tests/test-sig.conf +++ b/tests/test-sig.conf @@ -3,215 +3,254 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-DES3 -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-cert.pem +-2 # server TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-cert.pem +-2 # server TLSv1 ECDHE-ECDSA-AES256 -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-AES256 -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-cert.pem +-2 # server TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-cert.pem +-2 # server TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-cert.pem +-2 # server TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-cert.pem +-2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-cert.pem +-2 # server TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-cert.pem +-2 # server TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-privkey.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l ECDHE-ECDSA-AES128-CCM -A ./certs/ca-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 diff --git a/tests/test-tls13-down.conf b/tests/test-tls13-down.conf index 181b286eb..f018cc2fe 100644 --- a/tests/test-tls13-down.conf +++ b/tests/test-tls13-down.conf @@ -2,43 +2,55 @@ # server TLSv1.3 downgrade #-v d #-l TLS13-CHACHA20-POLY1305-SHA256 +-2 # client TLSv1.2 #-v 3 +-2 # server TLSv1.2 -v 3 +-2 # client TLSv1.3 downgrade -v d +-2 # server TLSv1.3 downgrade -v d +-2 # client TLSv1.3 downgrade -v d +-2 # server TLSv1.3 downgrade but don't and resume -v d -r +-2 # client TLSv1.3 downgrade but don't and resume -v d -r +-2 # server TLSv1.3 downgrade and resume -v d -r +-2 # client TLSv1.2 and resume -v 3 -r +-2 # server TLSv1.2 and resume -v d -r +-2 # lcient TLSv1.3 downgrade and resume -v 3 -r +-2 diff --git a/tests/test-tls13-ecc.conf b/tests/test-tls13-ecc.conf index 3496eab8c..10a176e15 100644 --- a/tests/test-tls13-ecc.conf +++ b/tests/test-tls13-ecc.conf @@ -3,55 +3,65 @@ -l TLS13-CHACHA20-POLY1305-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256 -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.3 TLS13-AES256-GCM-SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.3 TLS13-AES256-GCM-SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.3 TLS13-AES128-CCM-SHA256 -v 4 -l TLS13-AES128-CCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.3 TLS13-AES128-CCM-SHA256 -v 4 -l TLS13-AES128-CCM-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.3 TLS13-AES128-CCM-8-SHA256 -v 4 -l TLS13-AES128-CCM-8-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.3 TLS13-AES128-CCM-8-SHA256 -v 4 -l TLS13-AES128-CCM-8-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 @@ -59,12 +69,14 @@ -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -t +-2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem -t +-2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 @@ -72,6 +84,7 @@ -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -Y +-2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 diff --git a/tests/test-tls13-psk.conf b/tests/test-tls13-psk.conf index b8b7e2607..8527461b4 100644 --- a/tests/test-tls13-psk.conf +++ b/tests/test-tls13-psk.conf @@ -3,28 +3,33 @@ -s -l TLS13-AES128-GCM-SHA256 -d +-2 # client TLSv1.3 PSK -v 4 -s -l TLS13-AES128-GCM-SHA256 +-2 # server TLSv1.3 PSK -v 4 -j -l TLS13-AES128-GCM-SHA256 -d +-2 # client TLSv1.3 PSK -v 4 -s -l TLS13-AES128-GCM-SHA256 +-2 # server TLSv1.3 PSK -v 4 -j -l TLS13-AES128-GCM-SHA256 -d +-2 # client TLSv1.3 not-PSK -v 4 diff --git a/tests/test-tls13.conf b/tests/test-tls13.conf index 5e07ad3fe..cc448b857 100644 --- a/tests/test-tls13.conf +++ b/tests/test-tls13.conf @@ -1,193 +1,234 @@ # server TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256 -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 +-2 # client TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256 -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 +-2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 +-2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 +-2 # server TLSv1.3 TLS13-AES256-GCM-SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 +-2 # client TLSv1.3 TLS13-AES256-GCM-SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 +-2 # server TLSv1.3 TLS13-AES128-CCM-SHA256 -v 4 -l TLS13-AES128-CCM-SHA256 +-2 # client TLSv1.3 TLS13-AES128-CCM-SHA256 -v 4 -l TLS13-AES128-CCM-SHA256 +-2 # server TLSv1.3 TLS13-AES128-CCM-8-SHA256 -v 4 -l TLS13-AES128-CCM-8-SHA256 +-2 # client TLSv1.3 TLS13-AES128-CCM-8-SHA256 -v 4 -l TLS13-AES128-CCM-8-SHA256 +-2 # server TLSv1.3 resumption -v 4 -l TLS13-AES128-GCM-SHA256 -r +-2 # client TLSv1.3 resumption -v 4 -l TLS13-AES128-GCM-SHA256 -r +-2 # server TLSv1.3 resumption - SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 -r +-2 # client TLSv1.3 resumption - SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 -r +-2 # server TLSv1.3 PSK without (EC)DHE -v 4 -l TLS13-AES128-GCM-SHA256 -r +-2 # client TLSv1.3 PSK without (EC)DHE -v 4 -l TLS13-AES128-GCM-SHA256 -r -K +-2 # server TLSv1.3 accepting EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r -0 +-2 # client TLSv1.3 sending EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r -0 +-2 # server TLSv1.3 not accepting EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r +-2 # client TLSv1.3 sending EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r -0 +-2 # server TLSv1.3 accepting EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r -0 +-2 # client TLSv1.3 not sending EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r +-2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 +-2 # client TLSv1.3 Fragments -v 4 -l TLS13-AES128-GCM-SHA256 -F 1 +-2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 +-2 # client TLSv1.3 HelloRetryRequest to negotiate Key Exchange algorithm -v 4 -l TLS13-AES128-GCM-SHA256 -J +-2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 -J +-2 # client TLSv1.3 HelloRetryRequest with cookie -v 4 -l TLS13-AES128-GCM-SHA256 -J +-2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 +-2 # client TLSv1.3 no client certificate -v 4 -l TLS13-AES128-GCM-SHA256 -x +-2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 +-2 # client TLSv1.3 DH key exchange -v 4 -l TLS13-AES128-GCM-SHA256 -y +-2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 +-2 # client TLSv1.3 ECC key exchange -v 4 -l TLS13-AES128-GCM-SHA256 -Y +-2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 +-2 # client TLSv1.3 ECC key exchange -v 4 -l TLS13-AES128-GCM-SHA256 -Y +-2 # server TLSv1.3 multiple cipher suites -v 4 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 +-2 # client TLSv1.3 -v 4 +-2 # server TLSv1.3 KeyUpdate -v 4 -l TLS13-AES128-GCM-SHA256 -U +-2 # client TLSv1.3 KeyUpdate -v 4 -l TLS13-AES128-GCM-SHA256 -I +-2 # server TLSv1.3 Post-Handshake Authentication -v 4 -l TLS13-AES128-GCM-SHA256 -Q +-2 # client TLSv1.3 Post-Handshake Authentication -v 4 diff --git a/tests/test.conf b/tests/test.conf index faad62e6e..206b933c8 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -1,2082 +1,2562 @@ # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305 -v 3 -l DHE-RSA-CHACHA20-POLY1305 +-2 # client TLSv1.2 DHE-RSA-CHACHA20-POLY1305 -v 3 -l DHE-RSA-CHACHA20-POLY1305 +-2 # server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 +-2 # client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 +-2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 +-2 # client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 +-2 # server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 +-2 # client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 +-2 # server TLSv1.2 PSK-CHACHA20-POLY1305 -v 3 -s -l PSK-CHACHA20-POLY1305 +-2 # client TLSv1.2 PSK-CHACHA20-POLY1305 -v 3 -s -l PSK-CHACHA20-POLY1305 +-2 # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD +-2 # client TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD +-2 # server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD +-2 # client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD +-2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -A ./certs/ca-ecc-cert.pem +-2 # server SSLv3 RC4-SHA -v 0 -l RC4-SHA +-2 # client SSLv3 RC4-SHA -v 0 -l RC4-SHA +-2 # server SSLv3 RC4-MD5 -v 0 -l RC4-MD5 +-2 # client SSLv3 RC4-MD5 -v 0 -l RC4-MD5 +-2 # server SSLv3 DES-CBC3-SHA -v 0 -l DES-CBC3-SHA +-2 # client SSLv3 DES-CBC3-SHA -v 0 -l DES-CBC3-SHA +-2 # server SSLv3 IDEA-CBC-SHA -v 0 -l IDEA-CBC-SHA +-2 # client SSLv3 IDEA-CBC-SHA -v 0 -l IDEA-CBC-SHA +-2 # server TLSv1 RC4-SHA -v 1 -l RC4-SHA +-2 # client TLSv1 RC4-SHA -v 1 -l RC4-SHA +-2 # server TLSv1 RC4-MD5 -v 1 -l RC4-MD5 +-2 # client TLSv1 RC4-MD5 -v 1 -l RC4-MD5 +-2 # server TLSv1 DES-CBC3-SHA -v 1 -l DES-CBC3-SHA +-2 # client TLSv1 DES-CBC3-SHA -v 1 -l DES-CBC3-SHA +-2 # server TLSv1 IDEA-CBC-SHA -v 1 -l IDEA-CBC-SHA +-2 # client TLSv1 IDEA-CBC-SHA -v 1 -l IDEA-CBC-SHA +-2 # server TLSv1 AES128-SHA -v 1 -l AES128-SHA +-2 # client TLSv1 AES128-SHA -v 1 -l AES128-SHA +-2 # server TLSv1 AES256-SHA -v 1 -l AES256-SHA +-2 # client TLSv1 AES256-SHA -v 1 -l AES256-SHA +-2 # server TLSv1 AES128-SHA256 -v 1 -l AES128-SHA256 +-2 # client TLSv1 AES128-SHA256 -v 1 -l AES128-SHA256 +-2 # server TLSv1 AES256-SHA256 -v 1 -l AES256-SHA256 +-2 # client TLSv1 AES256-SHA256 -v 1 -l AES256-SHA256 +-2 # server TLSv1.1 RC4-SHA -v 2 -l RC4-SHA +-2 # client TLSv1.1 RC4-SHA -v 2 -l RC4-SHA +-2 # server TLSv1.1 RC4-MD5 -v 2 -l RC4-MD5 +-2 # client TLSv1.1 RC4-MD5 -v 2 -l RC4-MD5 +-2 # server TLSv1.1 IDEA-CBC-SHA -v 2 -l IDEA-CBC-SHA +-2 # client TLSv1.1 IDEA-CBC-SHA -v 2 -l IDEA-CBC-SHA +-2 # server TLSv1.1 DES-CBC3-SHA -v 2 -l DES-CBC3-SHA +-2 # client TLSv1.1 DES-CBC3-SHA -v 2 -l DES-CBC3-SHA +-2 # server TLSv1.1 AES128-SHA -v 2 -l AES128-SHA +-2 # client TLSv1.1 AES128-SHA -v 2 -l AES128-SHA +-2 # server TLSv1.1 AES256-SHA -v 2 -l AES256-SHA +-2 # client TLSv1.1 AES256-SHA -v 2 -l AES256-SHA +-2 # server TLSv1.1 AES128-SHA256 -v 2 -l AES128-SHA256 +-2 # client TLSv1.1 AES128-SHA256 -v 2 -l AES128-SHA256 +-2 # server TLSv1.1 AES256-SHA256 -v 2 -l AES256-SHA256 +-2 # client TLSv1.1 AES256-SHA256 -v 2 -l AES256-SHA256 +-2 # server TLSv1.2 RC4-SHA -v 3 -l RC4-SHA +-2 # client TLSv1.2 RC4-SHA -v 3 -l RC4-SHA +-2 # server TLSv1.2 RC4-MD5 -v 3 -l RC4-MD5 +-2 # client TLSv1.2 RC4-MD5 -v 3 -l RC4-MD5 +-2 # server TLSv1.2 DES-CBC3-SHA -v 3 -l DES-CBC3-SHA +-2 # client TLSv1.2 DES-CBC3-SHA -v 3 -l DES-CBC3-SHA +-2 # server TLSv1.2 AES128-SHA -v 3 -l AES128-SHA +-2 # client TLSv1.2 AES128-SHA -v 3 -l AES128-SHA +-2 # server TLSv1.2 AES256-SHA -v 3 -l AES256-SHA +-2 # client TLSv1.2 AES256-SHA -v 3 -l AES256-SHA +-2 # server TLSv1.2 AES128-SHA256 -v 3 -l AES128-SHA256 +-2 # client TLSv1.2 AES128-SHA256 -v 3 -l AES128-SHA256 +-2 # server TLSv1.2 AES256-SHA256 -v 3 -l AES256-SHA256 +-2 # client TLSv1.2 AES256-SHA256 -v 3 -l AES256-SHA256 +-2 # server TLSv1 ECDHE-RSA-RC4 -v 1 -l ECDHE-RSA-RC4-SHA +-2 # client TLSv1 ECDHE-RSA-RC4 -v 1 -l ECDHE-RSA-RC4-SHA +-2 # server TLSv1 ECDHE-RSA-DES3 -v 1 -l ECDHE-RSA-DES-CBC3-SHA +-2 # client TLSv1 ECDHE-RSA-DES3 -v 1 -l ECDHE-RSA-DES-CBC3-SHA +-2 # server TLSv1 ECDHE-RSA-AES128 -v 1 -l ECDHE-RSA-AES128-SHA +-2 # client TLSv1 ECDHE-RSA-AES128 -v 1 -l ECDHE-RSA-AES128-SHA +-2 # server TLSv1 ECDHE-RSA-AES256 -v 1 -l ECDHE-RSA-AES256-SHA +-2 # client TLSv1 ECDHE-RSA-AES256 -v 1 -l ECDHE-RSA-AES256-SHA +-2 # server TLSv1.1 ECDHE-RSA-RC4 -v 2 -l ECDHE-RSA-RC4-SHA +-2 # client TLSv1.1 ECDHE-RSA-RC4 -v 2 -l ECDHE-RSA-RC4-SHA +-2 # server TLSv1.1 ECDHE-RSA-DES3 -v 2 -l ECDHE-RSA-DES-CBC3-SHA +-2 # client TLSv1.1 ECDHE-RSA-DES3 -v 2 -l ECDHE-RSA-DES-CBC3-SHA +-2 # server TLSv1.1 ECDHE-RSA-AES128 -v 2 -l ECDHE-RSA-AES128-SHA +-2 # client TLSv1.1 ECDHE-RSA-AES128 -v 2 -l ECDHE-RSA-AES128-SHA +-2 # server TLSv1.1 ECDHE-RSA-AES256 -v 2 -l ECDHE-RSA-AES256-SHA +-2 # client TLSv1.1 ECDHE-RSA-AES256 -v 2 -l ECDHE-RSA-AES256-SHA +-2 # server TLSv1.2 ECDHE-RSA-RC4 -v 3 -l ECDHE-RSA-RC4-SHA +-2 # client TLSv1.2 ECDHE-RSA-RC4 -v 3 -l ECDHE-RSA-RC4-SHA +-2 # server TLSv1.2 ECDHE-RSA-DES3 -v 3 -l ECDHE-RSA-DES-CBC3-SHA +-2 # client TLSv1.2 ECDHE-RSA-DES3 -v 3 -l ECDHE-RSA-DES-CBC3-SHA +-2 # server TLSv1.2 ECDHE-RSA-AES128 -v 3 -l ECDHE-RSA-AES128-SHA +-2 # client TLSv1.2 ECDHE-RSA-AES128 -v 3 -l ECDHE-RSA-AES128-SHA +-2 # server TLSv1.2 ECDHE-RSA-AES128-SHA256 -v 3 -l ECDHE-RSA-AES128-SHA256 +-2 # client TLSv1.2 ECDHE-RSA-AES128-SHA256 -v 3 -l ECDHE-RSA-AES128-SHA256 +-2 # server TLSv1.2 ECDHE-RSA-AES256 -v 3 -l ECDHE-RSA-AES256-SHA +-2 # client TLSv1.2 ECDHE-RSA-AES256 -v 3 -l ECDHE-RSA-AES256-SHA +-2 # server TLSv1 ECDHE-ECDSA-NULL-SHA -v 1 -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -v 1 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDHE-ECDSA-NULL-SHA -v 2 -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -v 2 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-NULL-SHA -v 3 -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-NULL-SHA -v 3 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 ECDHE-ECDSA-RC4 -v 1 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-RC4 -v 1 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 ECDHE-ECDSA-DES3 -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-DES3 -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 ECDHE-ECDSA-AES256 -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDHE-ECDSA-AES256 -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDHE-EDCSA-RC4 -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDHE-ECDSA-RC4 -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 ECDH-RSA-RC4 -v 1 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDH-RSA-RC4 -v 1 -l ECDH-RSA-RC4-SHA +-2 # server TLSv1 ECDH-RSA-DES3 -v 1 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDH-RSA-DES3 -v 1 -l ECDH-RSA-DES-CBC3-SHA +-2 # server TLSv1 ECDH-RSA-AES128 -v 1 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDH-RSA-AES128 -v 1 -l ECDH-RSA-AES128-SHA +-2 # server TLSv1 ECDH-RSA-AES256 -v 1 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDH-RSA-AES256 -v 1 -l ECDH-RSA-AES256-SHA +-2 # server TLSv1.1 ECDH-RSA-RC4 -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDH-RSA-RC4 -v 2 -l ECDH-RSA-RC4-SHA +-2 # server TLSv1.1 ECDH-RSA-DES3 -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDH-RSA-DES3 -v 2 -l ECDH-RSA-DES-CBC3-SHA +-2 # server TLSv1.1 ECDH-RSA-AES128 -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDH-RSA-AES128 -v 2 -l ECDH-RSA-AES128-SHA +-2 # server TLSv1.1 ECDH-RSA-AES256 -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDH-RSA-AES256 -v 2 -l ECDH-RSA-AES256-SHA +-2 # server TLSv1.2 ECDH-RSA-RC4 -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-RSA-RC4 -v 3 -l ECDH-RSA-RC4-SHA +-2 # server TLSv1.2 ECDH-RSA-DES3 -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-RSA-DES3 -v 3 -l ECDH-RSA-DES-CBC3-SHA +-2 # server TLSv1.2 ECDH-RSA-AES128 -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-RSA-AES128 -v 3 -l ECDH-RSA-AES128-SHA +-2 # server TLSv1.2 ECDH-RSA-AES128-SHA256 -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-RSA-AES128-SHA256 -v 3 -l ECDH-RSA-AES128-SHA256 +-2 # server TLSv1.2 ECDH-RSA-AES256 -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-RSA-AES256 -v 3 -l ECDH-RSA-AES256-SHA +-2 # server TLSv1 ECDH-ECDSA-RC4 -v 1 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDH-ECDSA-RC4 -v 1 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 ECDH-ECDSA-DES3 -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDH-ECDSA-DES3 -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 ECDH-ECDSA-AES128 -v 1 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDH-ECDSA-AES128 -v 1 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 ECDH-ECDSA-AES256 -v 1 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1 ECDH-ECDSA-AES256 -v 1 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDH-EDCSA-RC4 -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDH-ECDSA-RC4 -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDH-ECDSA-DES3 -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDH-ECDSA-DES3 -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDH-ECDSA-AES128 -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDH-ECDSA-AES128 -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.1 ECDH-ECDSA-AES256 -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.1 ECDH-ECDSA-AES256 -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-ECDSA-RC4 -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDH-ECDSA-DES3 -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-ECDSA-DES3 -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDH-ECDSA-AES128 -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-ECDSA-AES128 -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-RSA-AES256-SHA384 -v 3 -l ECDHE-RSA-AES256-SHA384 +-2 # client TLSv1.2 ECDHE-RSA-AES256-SHA384 -v 3 -l ECDHE-RSA-AES256-SHA384 +-2 # server TLSv1.2 ECDHE-ECDSA-AES256-SHA384 -v 3 -l ECDHE-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES256-SHA384 -v 3 -l ECDHE-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDH-RSA-AES256-SHA384 -v 3 -l ECDH-RSA-AES256-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-RSA-AES256-SHA384 -v 3 -l ECDH-RSA-AES256-SHA384 +-2 # server TLSv1.2 ECDH-ECDSA-AES256-SHA384 -v 3 -l ECDH-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-ECDSA-AES256-SHA384 -v 3 -l ECDH-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1 HC128-SHA -v 1 -l HC128-SHA +-2 # client TLSv1 HC128-SHA -v 1 -l HC128-SHA +-2 # server TLSv1 HC128-MD5 -v 1 -l HC128-MD5 +-2 # client TLSv1 HC128-MD5 -v 1 -l HC128-MD5 +-2 # server TLSv1 HC128-B2B256 -v 1 -l HC128-B2B256 +-2 # client TLSv1 HC128-B2B256 -v 1 -l HC128-B2B256 +-2 # server TLSv1 AES128-B2B256 -v 1 -l AES128-B2B256 +-2 # client TLSv1 AES128-B2B256 -v 1 -l AES128-B2B256 +-2 # server TLSv1 AES256-B2B256 -v 1 -l AES256-B2B256 +-2 # client TLSv1 AES256-B2B256 -v 1 -l AES256-B2B256 +-2 # server TLSv1.1 HC128-SHA -v 2 -l HC128-SHA +-2 # client TLSv1.1 HC128-SHA -v 2 -l HC128-SHA +-2 # server TLSv1.1 HC128-MD5 -v 2 -l HC128-MD5 +-2 # client TLSv1.1 HC128-MD5 -v 2 -l HC128-MD5 +-2 # server TLSv1.1 HC128-B2B256 -v 2 -l HC128-B2B256 +-2 # client TLSv1.1 HC128-B2B256 -v 2 -l HC128-B2B256 +-2 # server TLSv1.1 AES128-B2B256 -v 2 -l AES128-B2B256 +-2 # client TLSv1.1 AES128-B2B256 -v 2 -l AES128-B2B256 +-2 # server TLSv1.1 AES256-B2B256 -v 2 -l AES256-B2B256 +-2 # client TLSv1.1 AES256-B2B256 -v 2 -l AES256-B2B256 +-2 # server TLSv1.2 HC128-SHA -v 3 -l HC128-SHA +-2 # client TLSv1.2 HC128-SHA -v 3 -l HC128-SHA +-2 # server TLSv1.2 HC128-MD5 -v 3 -l HC128-MD5 +-2 # client TLSv1.2 HC128-MD5 -v 3 -l HC128-MD5 +-2 # server TLSv1.2 HC128-B2B256 -v 3 -l HC128-B2B256 +-2 # client TLSv1.2 HC128-B2B256 -v 3 -l HC128-B2B256 +-2 # server TLSv1.2 AES128-B2B256 -v 3 -l AES128-B2B256 +-2 # client TLSv1.2 AES128-B2B256 -v 3 -l AES128-B2B256 +-2 # server TLSv1.2 AES256-B2B256 -v 3 -l AES256-B2B256 +-2 # client TLSv1.2 AES256-B2B256 -v 3 -l AES256-B2B256 +-2 # server TLSv1 RABBIT-SHA -v 1 -l RABBIT-SHA +-2 # client TLSv1 RABBIT-SHA -v 1 -l RABBIT-SHA +-2 # server TLSv1.1 RABBIT-SHA -v 2 -l RABBIT-SHA +-2 # client TLSv1.1 RABBIT-SHA -v 2 -l RABBIT-SHA +-2 # server TLSv1.2 RABBIT-SHA -v 3 -l RABBIT-SHA +-2 # client TLSv1.2 RABBIT-SHA -v 3 -l RABBIT-SHA +-2 # server TLSv1 DHE AES128 -v 1 -l DHE-RSA-AES128-SHA +-2 # client TLSv1 DHE AES128 -v 1 -l DHE-RSA-AES128-SHA +-2 # server TLSv1 DHE AES256 -v 1 -l DHE-RSA-AES256-SHA +-2 # client TLSv1 DHE AES256 -v 1 -l DHE-RSA-AES256-SHA +-2 # server TLSv1 DHE AES128-SHA256 -v 1 -l DHE-RSA-AES128-SHA256 +-2 # client TLSv1 DHE AES128-SHA256 -v 1 -l DHE-RSA-AES128-SHA256 +-2 # server TLSv1 DHE AES256-SHA256 -v 1 -l DHE-RSA-AES256-SHA256 +-2 # client TLSv1 DHE AES256-SHA256 -v 1 -l DHE-RSA-AES256-SHA256 +-2 # server TLSv1.1 DHE AES128 -v 2 -l DHE-RSA-AES128-SHA +-2 # client TLSv1.1 DHE AES128 -v 2 -l DHE-RSA-AES128-SHA +-2 # server TLSv1.1 DHE AES256 -v 2 -l DHE-RSA-AES256-SHA +-2 # client TLSv1.1 DHE AES256 -v 2 -l DHE-RSA-AES256-SHA +-2 # server TLSv1.1 DHE AES128-SHA256 -v 2 -l DHE-RSA-AES128-SHA256 +-2 # client TLSv1.1 DHE AES128-SHA256 -v 2 -l DHE-RSA-AES128-SHA256 +-2 # server TLSv1.1 DHE AES256-SHA256 -v 2 -l DHE-RSA-AES256-SHA256 +-2 # client TLSv1.1 DHE AES256-SHA256 -v 2 -l DHE-RSA-AES256-SHA256 +-2 # server TLSv1.1 DHE 3DES -v 2 -l EDH-RSA-DES-CBC3-SHA +-2 # client TLSv1.1 DHE 3DES -v 2 -l EDH-RSA-DES-CBC3-SHA +-2 # server TLSv1.2 DHE 3DES -v 3 -l EDH-RSA-DES-CBC3-SHA +-2 # client TLSv1.2 DHE 3DES -v 3 -l EDH-RSA-DES-CBC3-SHA +-2 + +# server TLSv1.2 DHE AES128 (DHE prime test) +-v 3 +-l DHE-RSA-AES128-SHA + +# client TLSv1.2 DHE AES128 (DHE prime test) +-v 3 +-l DHE-RSA-AES128-SHA # server TLSv1.2 DHE AES128 -v 3 -l DHE-RSA-AES128-SHA +-2 # client TLSv1.2 DHE AES128 -v 3 -l DHE-RSA-AES128-SHA +-2 # server TLSv1.2 DHE AES256 -v 3 -l DHE-RSA-AES256-SHA +-2 # client TLSv1.2 DHE AES256 -v 3 -l DHE-RSA-AES256-SHA +-2 # server TLSv1.2 DHE AES128-SHA256 -v 3 -l DHE-RSA-AES128-SHA256 +-2 # client TLSv1.2 DHE AES128-SHA256 -v 3 -l DHE-RSA-AES128-SHA256 +-2 + +# server TLSv1.2 DHE AES256-SHA256 (DHE prime test) +-v 3 +-l DHE-RSA-AES256-SHA256 + +# client TLSv1.2 DHE AES256-SHA256 (DHE prime test) +-v 3 +-l DHE-RSA-AES256-SHA256 # server TLSv1.2 DHE AES256-SHA256 -v 3 -l DHE-RSA-AES256-SHA256 +-2 # client TLSv1.2 DHE AES256-SHA256 -v 3 -l DHE-RSA-AES256-SHA256 +-2 # server TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l ECDHE-PSK-NULL-SHA256 +-2 # client TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l ECDHE-PSK-NULL-SHA256 +-2 # server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l ECDHE-PSK-NULL-SHA256 +-2 # client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l ECDHE-PSK-NULL-SHA256 +-2 # server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l ECDHE-PSK-NULL-SHA256 +-2 # client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l ECDHE-PSK-NULL-SHA256 +-2 # server TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l ECDHE-PSK-AES128-SHA256 +-2 # client TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l ECDHE-PSK-AES128-SHA256 +-2 # server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l ECDHE-PSK-AES128-SHA256 +-2 # client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l ECDHE-PSK-AES128-SHA256 +-2 # server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l ECDHE-PSK-AES128-SHA256 +-2 # client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l ECDHE-PSK-AES128-SHA256 +-2 # server TLSv1 PSK-AES128 -s -v 1 -l PSK-AES128-CBC-SHA +-2 # client TLSv1 PSK-AES128 -s -v 1 -l PSK-AES128-CBC-SHA +-2 # server TLSv1 PSK-AES256 -s -v 1 -l PSK-AES256-CBC-SHA +-2 # client TLSv1 PSK-AES256 -s -v 1 -l PSK-AES256-CBC-SHA +-2 # server TLSv1.1 PSK-AES128 -s -v 2 -l PSK-AES128-CBC-SHA +-2 # client TLSv1.1 PSK-AES128 -s -v 2 -l PSK-AES128-CBC-SHA +-2 # server TLSv1.1 PSK-AES256 -s -v 2 -l PSK-AES256-CBC-SHA +-2 # client TLSv1.1 PSK-AES256 -s -v 2 -l PSK-AES256-CBC-SHA +-2 # server TLSv1.2 PSK-AES128 -s -v 3 -l PSK-AES128-CBC-SHA +-2 # client TLSv1.2 PSK-AES128 -s -v 3 -l PSK-AES128-CBC-SHA +-2 # server TLSv1.2 PSK-AES256 -s -v 3 -l PSK-AES256-CBC-SHA +-2 # client TLSv1.2 PSK-AES256 -s -v 3 -l PSK-AES256-CBC-SHA +-2 # server TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l PSK-AES128-CBC-SHA256 +-2 # client TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l PSK-AES128-CBC-SHA256 +-2 # server TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l PSK-AES128-CBC-SHA256 +-2 # client TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l PSK-AES128-CBC-SHA256 +-2 # server TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l PSK-AES128-CBC-SHA256 +-2 # client TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l PSK-AES128-CBC-SHA256 +-2 # server TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l PSK-AES256-CBC-SHA384 +-2 # client TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l PSK-AES256-CBC-SHA384 +-2 # server TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l PSK-AES256-CBC-SHA384 +-2 # client TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l PSK-AES256-CBC-SHA384 +-2 # server TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l PSK-AES256-CBC-SHA384 +-2 # client TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l PSK-AES256-CBC-SHA384 +-2 # server TLSv1.0 PSK-NULL -s -v 1 -l PSK-NULL-SHA +-2 # client TLSv1.0 PSK-NULL -s -v 1 -l PSK-NULL-SHA +-2 # server TLSv1.1 PSK-NULL -s -v 2 -l PSK-NULL-SHA +-2 # client TLSv1.1 PSK-NULL -s -v 2 -l PSK-NULL-SHA +-2 # server TLSv1.2 PSK-NULL -s -v 3 -l PSK-NULL-SHA +-2 # client TLSv1.2 PSK-NULL -s -v 3 -l PSK-NULL-SHA +-2 # server TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l PSK-NULL-SHA256 +-2 # client TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l PSK-NULL-SHA256 +-2 # server TLSv1.2 PSK-NULL-SHA384 -s -v 3 -l PSK-NULL-SHA384 +-2 # client TLSv1.2 PSK-NULL-SHA384 -s -v 3 -l PSK-NULL-SHA384 +-2 # server TLSv1.2 PSK-NULL -s -v 3 -l PSK-NULL-SHA +-2 # client TLSv1.2 PSK-NULL -s -v 3 -l PSK-NULL-SHA +-2 # server TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l PSK-NULL-SHA256 +-2 # client TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l PSK-NULL-SHA256 +-2 # server TLSv1.0 RSA-NULL-SHA -v 1 -l NULL-SHA +-2 # client TLSv1.0 RSA-NULL-SHA -v 1 -l NULL-SHA +-2 # server TLSv1.1 RSA-NULL-SHA -v 2 -l NULL-SHA +-2 # client TLSv1.1 RSA-NULL-SHA -v 2 -l NULL-SHA +-2 # server TLSv1.2 RSA-NULL-SHA -v 3 -l NULL-SHA +-2 # client TLSv1.2 RSA-NULL-SHA -v 3 -l NULL-SHA +-2 # server TLSv1.0 RSA-NULL-SHA256 -v 1 -l NULL-SHA256 +-2 # client TLSv1.0 RSA-NULL-SHA256 -v 1 -l NULL-SHA256 +-2 # server TLSv1.1 RSA-NULL-SHA256 -v 2 -l NULL-SHA256 +-2 # client TLSv1.1 RSA-NULL-SHA256 -v 2 -l NULL-SHA256 +-2 # server TLSv1.2 RSA-NULL-SHA256 -v 3 -l NULL-SHA256 +-2 # client TLSv1.2 RSA-NULL-SHA256 -v 3 -l NULL-SHA256 +-2 # server TLSv1 CAMELLIA128-SHA -v 1 -l CAMELLIA128-SHA +-2 # client TLSv1 CAMELLIA128-SHA -v 1 -l CAMELLIA128-SHA +-2 # server TLSv1 CAMELLIA256-SHA -v 1 -l CAMELLIA256-SHA +-2 # client TLSv1 CAMELLIA256-SHA -v 1 -l CAMELLIA256-SHA +-2 # server TLSv1 CAMELLIA128-SHA256 -v 1 -l CAMELLIA128-SHA256 +-2 # client TLSv1 CAMELLIA128-SHA256 -v 1 -l CAMELLIA128-SHA256 +-2 # server TLSv1 CAMELLIA256-SHA256 -v 1 -l CAMELLIA256-SHA256 +-2 # client TLSv1 CAMELLIA256-SHA256 -v 1 -l CAMELLIA256-SHA256 +-2 # server TLSv1.1 CAMELLIA128-SHA -v 2 -l CAMELLIA128-SHA +-2 # client TLSv1.1 CAMELLIA128-SHA -v 2 -l CAMELLIA128-SHA +-2 # server TLSv1.1 CAMELLIA256-SHA -v 2 -l CAMELLIA256-SHA +-2 # client TLSv1.1 CAMELLIA256-SHA -v 2 -l CAMELLIA256-SHA +-2 # server TLSv1.1 CAMELLIA128-SHA256 -v 2 -l CAMELLIA128-SHA256 +-2 # client TLSv1.1 CAMELLIA128-SHA256 -v 2 -l CAMELLIA128-SHA256 +-2 # server TLSv1.1 CAMELLIA256-SHA256 -v 2 -l CAMELLIA256-SHA256 +-2 # client TLSv1.1 CAMELLIA256-SHA256 -v 2 -l CAMELLIA256-SHA256 +-2 # server TLSv1.2 CAMELLIA128-SHA -v 3 -l CAMELLIA128-SHA +-2 # client TLSv1.2 CAMELLIA128-SHA -v 3 -l CAMELLIA128-SHA +-2 # server TLSv1.2 CAMELLIA256-SHA -v 3 -l CAMELLIA256-SHA +-2 # client TLSv1.2 CAMELLIA256-SHA -v 3 -l CAMELLIA256-SHA +-2 # server TLSv1.2 CAMELLIA128-SHA256 -v 3 -l CAMELLIA128-SHA256 +-2 # client TLSv1.2 CAMELLIA128-SHA256 -v 3 -l CAMELLIA128-SHA256 +-2 # server TLSv1.2 CAMELLIA256-SHA256 -v 3 -l CAMELLIA256-SHA256 +-2 # client TLSv1.2 CAMELLIA256-SHA256 -v 3 -l CAMELLIA256-SHA256 +-2 # server TLSv1 DHE-RSA-CAMELLIA128-SHA -v 1 -l DHE-RSA-CAMELLIA128-SHA +-2 # client TLSv1 DHE-RSA-CAMELLIA128-SHA -v 1 -l DHE-RSA-CAMELLIA128-SHA +-2 # server TLSv1 DHE-RSA-CAMELLIA256-SHA -v 1 -l DHE-RSA-CAMELLIA256-SHA +-2 # client TLSv1 DHE-RSA-CAMELLIA256-SHA -v 1 -l DHE-RSA-CAMELLIA256-SHA +-2 # server TLSv1 DHE-RSA-CAMELLIA128-SHA256 -v 1 -l DHE-RSA-CAMELLIA128-SHA256 +-2 # client TLSv1 DHE-RSA-CAMELLIA128-SHA256 -v 1 -l DHE-RSA-CAMELLIA128-SHA256 +-2 # server TLSv1 DHE-RSA-CAMELLIA256-SHA256 -v 1 -l DHE-RSA-CAMELLIA256-SHA256 +-2 # client TLSv1 DHE-RSA-CAMELLIA256-SHA256 -v 1 -l DHE-RSA-CAMELLIA256-SHA256 +-2 # server TLSv1.1 DHE-RSA-CAMELLIA128-SHA -v 2 -l DHE-RSA-CAMELLIA128-SHA +-2 # client TLSv1.1 DHE-RSA-CAMELLIA128-SHA -v 2 -l DHE-RSA-CAMELLIA128-SHA +-2 # server TLSv1.1 DHE-RSA-CAMELLIA256-SHA -v 2 -l DHE-RSA-CAMELLIA256-SHA +-2 # client TLSv1.1 DHE-RSA-CAMELLIA256-SHA -v 2 -l DHE-RSA-CAMELLIA256-SHA +-2 # server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 -v 2 -l DHE-RSA-CAMELLIA128-SHA256 +-2 # client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 -v 2 -l DHE-RSA-CAMELLIA128-SHA256 +-2 # server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 -v 2 -l DHE-RSA-CAMELLIA256-SHA256 +-2 # client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 -v 2 -l DHE-RSA-CAMELLIA256-SHA256 +-2 # server TLSv1.2 DHE-RSA-CAMELLIA128-SHA -v 3 -l DHE-RSA-CAMELLIA128-SHA +-2 # client TLSv1.2 DHE-RSA-CAMELLIA128-SHA -v 3 -l DHE-RSA-CAMELLIA128-SHA +-2 # server TLSv1.2 DHE-RSA-CAMELLIA256-SHA -v 3 -l DHE-RSA-CAMELLIA256-SHA +-2 # client TLSv1.2 DHE-RSA-CAMELLIA256-SHA -v 3 -l DHE-RSA-CAMELLIA256-SHA +-2 # server TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 -v 3 -l DHE-RSA-CAMELLIA128-SHA256 +-2 # client TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 -v 3 -l DHE-RSA-CAMELLIA128-SHA256 +-2 # server TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 -v 3 -l DHE-RSA-CAMELLIA256-SHA256 +-2 # client TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 -v 3 -l DHE-RSA-CAMELLIA256-SHA256 +-2 # server TLSv1.2 RSA-AES128-GCM-SHA256 -v 3 -l AES128-GCM-SHA256 +-2 # client TLSv1.2 RSA-AES128-GCM-SHA256 -v 3 -l AES128-GCM-SHA256 +-2 # server TLSv1.2 RSA-AES256-GCM-SHA384 -v 3 -l AES256-GCM-SHA384 +-2 # client TLSv1.2 RSA-AES256-GCM-SHA384 -v 3 -l AES256-GCM-SHA384 +-2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDH-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDH-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 +-2 # client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 +-2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 +-2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 +-2 # server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -v 3 -l ECDH-RSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -v 3 -l ECDH-RSA-AES128-GCM-SHA256 +-2 # server TLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -v 3 -l ECDH-RSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -v 3 -l ECDH-RSA-AES256-GCM-SHA384 +-2 # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 -v 3 -l DHE-RSA-AES128-GCM-SHA256 +-2 # client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 -v 3 -l DHE-RSA-AES128-GCM-SHA256 +-2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 +-2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 +-2 # server TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l PSK-AES128-GCM-SHA256 +-2 # client TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l PSK-AES128-GCM-SHA256 +-2 # server TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l PSK-AES256-GCM-SHA384 +-2 # client TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l PSK-AES256-GCM-SHA384 +-2 # server TLSv1.2 AES128-CCM-8 -v 3 -l AES128-CCM-8 +-2 # client TLSv1.2 AES128-CCM-8 -v 3 -l AES128-CCM-8 +-2 # server TLSv1.2 AES256-CCM-8 -v 3 -l AES256-CCM-8 +-2 # client TLSv1.2 AES256-CCM-8 -v 3 -l AES256-CCM-8 +-2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l ECDHE-ECDSA-AES128-CCM -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -v 3 -l ECDHE-ECDSA-AES256-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -v 3 -l ECDHE-ECDSA-AES256-CCM-8 -A ./certs/ca-ecc-cert.pem +-2 # server TLSv1.2 PSK-AES128-CCM -s -v 3 -l PSK-AES128-CCM +-2 # client TLSv1.2 PSK-AES128-CCM -s -v 3 -l PSK-AES128-CCM +-2 # server TLSv1.2 PSK-AES256-CCM -s -v 3 -l PSK-AES256-CCM +-2 # client TLSv1.2 PSK-AES256-CCM -s -v 3 -l PSK-AES256-CCM +-2 # server TLSv1.2 PSK-AES128-CCM-8 -s -v 3 -l PSK-AES128-CCM-8 +-2 # client TLSv1.2 PSK-AES128-CCM-8 -s -v 3 -l PSK-AES128-CCM-8 +-2 # server TLSv1.2 PSK-AES256-CCM-8 -s -v 3 -l PSK-AES256-CCM-8 +-2 # client TLSv1.2 PSK-AES256-CCM-8 -s -v 3 -l PSK-AES256-CCM-8 +-2 # server TLSv1.0 DHE-PSK-AES128-CBC-SHA256 -s -v 1 -l DHE-PSK-AES128-CBC-SHA256 +-2 # client TLSv1.0 DHE-PSK-AES128-CBC-SHA256 -s -v 1 -l DHE-PSK-AES128-CBC-SHA256 +-2 # server TLSv1.1 DHE-PSK-AES128-CBC-SHA256 -s -v 2 -l DHE-PSK-AES128-CBC-SHA256 +-2 # client TLSv1.1 DHE-PSK-AES128-CBC-SHA256 -s -v 2 -l DHE-PSK-AES128-CBC-SHA256 +-2 + +# server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 (DHE prime test) +-s +-v 3 +-l DHE-PSK-AES128-CBC-SHA256 + +# client TLSv1.2 DHE-PSK-AES128-CBC-SHA256 (DHE prime test) +-s +-v 3 +-l DHE-PSK-AES128-CBC-SHA256 # server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 -s -v 3 -l DHE-PSK-AES128-CBC-SHA256 +-2 # client TLSv1.2 DHE-PSK-AES128-CBC-SHA256 -s -v 3 -l DHE-PSK-AES128-CBC-SHA256 +-2 # server TLSv1.0 DHE-PSK-AES256-CBC-SHA384 -s -v 1 -l DHE-PSK-AES256-CBC-SHA384 +-2 # client TLSv1.0 DHE-PSK-AES256-CBC-SHA384 -s -v 1 -l DHE-PSK-AES256-CBC-SHA384 +-2 # server TLSv1.1 DHE-PSK-AES256-CBC-SHA384 -s -v 2 -l DHE-PSK-AES256-CBC-SHA384 +-2 # client TLSv1.1 DHE-PSK-AES256-CBC-SHA384 -s -v 2 -l DHE-PSK-AES256-CBC-SHA384 +-2 # server TLSv1.2 DHE-PSK-AES256-CBC-SHA384 -s -v 3 -l DHE-PSK-AES256-CBC-SHA384 +-2 # client TLSv1.2 DHE-PSK-AES256-CBC-SHA384 -s -v 3 -l DHE-PSK-AES256-CBC-SHA384 +-2 # server TLSv1.0 DHE-PSK-NULL-SHA256 -s -v 1 -l DHE-PSK-NULL-SHA256 +-2 # client TLSv1.0 DHE-PSK-NULL-SHA256 -s -v 1 -l DHE-PSK-NULL-SHA256 +-2 # server TLSv1.1 DHE-PSK-NULL-SHA256 -s -v 2 -l DHE-PSK-NULL-SHA256 +-2 # client TLSv1.1 DHE-PSK-NULL-SHA256 -s -v 2 -l DHE-PSK-NULL-SHA256 +-2 # server TLSv1.2 DHE-PSK-NULL-SHA256 -s -v 3 -l DHE-PSK-NULL-SHA256 +-2 # client TLSv1.2 DHE-PSK-NULL-SHA256 -s -v 3 -l DHE-PSK-NULL-SHA256 +-2 # server TLSv1.0 DHE-PSK-NULL-SHA384 -s -v 1 -l DHE-PSK-NULL-SHA384 +-2 # client TLSv1.0 DHE-PSK-NULL-SHA384 -s -v 1 -l DHE-PSK-NULL-SHA384 +-2 # server TLSv1.1 DHE-PSK-NULL-SHA384 -s -v 2 -l DHE-PSK-NULL-SHA384 +-2 # client TLSv1.1 DHE-PSK-NULL-SHA384 -s -v 2 -l DHE-PSK-NULL-SHA384 +-2 # server TLSv1.2 DHE-PSK-NULL-SHA384 -s -v 3 -l DHE-PSK-NULL-SHA384 +-2 # client TLSv1.2 DHE-PSK-NULL-SHA384 -s -v 3 -l DHE-PSK-NULL-SHA384 +-2 # server TLSv1.2 DHE-PSK-AES128-GCM-SHA256 -s -v 3 -l DHE-PSK-AES128-GCM-SHA256 +-2 # client TLSv1.2 DHE-PSK-AES128-GCM-SHA256 -s -v 3 -l DHE-PSK-AES128-GCM-SHA256 +-2 # server TLSv1.2 DHE-PSK-AES256-GCM-SHA384 -s -v 3 -l DHE-PSK-AES256-GCM-SHA384 +-2 # client TLSv1.2 DHE-PSK-AES256-GCM-SHA384 -s -v 3 -l DHE-PSK-AES256-GCM-SHA384 +-2 # server TLSv1.2 DHE-PSK-AES128-CCM -s -v 3 -l DHE-PSK-AES128-CCM +-2 # client TLSv1.2 DHE-PSK-AES128-CCM -s -v 3 -l DHE-PSK-AES128-CCM +-2 # server TLSv1.2 DHE-PSK-AES256-CCM -s -v 3 -l DHE-PSK-AES256-CCM +-2 # client TLSv1.2 DHE-PSK-AES256-CCM -s -v 3 -l DHE-PSK-AES256-CCM +-2 # server TLSv1.2 ADH-AES128-SHA -a -v 3 -l ADH-AES128-SHA +-2 # client TLSv1.2 ADH-AES128-SHA -a -v 3 -l ADH-AES128-SHA +-2 # server TLSv1.1 ADH-AES128-SHA -a -v 2 -l ADH-AES128-SHA +-2 # client TLSv1.1 ADH-AES128-SHA -a -v 2 -l ADH-AES128-SHA +-2 # server TLSv1.0 ADH-AES128-SHA -a -v 1 -l ADH-AES128-SHA +-2 # client TLSv1.0 ADH-AES128-SHA -a -v 1 -l ADH-AES128-SHA +-2 # server TLSv1.2 ADH-AES256-GCM-SHA384 -a -v 3 -l ADH-AES256-GCM-SHA384 +-2 # client TLSv1.2 ADH-AES256-GCM-SHA384 -a -v 3 -l ADH-AES256-GCM-SHA384 +-2 # server TLSv1.1 ADH-AES256-GCM-SHA384 -a -v 2 -l ADH-AES256-GCM-SHA384 +-2 # client TLSv1.1 ADH-AES256-GCM-SHA384 -a -v 2 -l ADH-AES256-GCM-SHA384 +-2 # server TLSv1.0 ADH-AES256-GCM-SHA384 -a -v 1 -l ADH-AES256-GCM-SHA384 +-2 # client TLSv1.0 ADH-AES256-GCM-SHA384 -a -v 1 -l ADH-AES256-GCM-SHA384 +-2 # server TLSv1 NTRU_RC4 -v 1 @@ -2084,10 +2564,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1 NTRU_RC4 -v 1 -l NTRU-RC4-SHA +-2 # server TLSv1 NTRU_DES3 -v 1 @@ -2095,10 +2577,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1 NTRU_DES3 -v 1 -l NTRU-DES-CBC3-SHA +-2 # server TLSv1 NTRU_AES128 -v 1 @@ -2106,10 +2590,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1 NTRU_AES128 -v 1 -l NTRU-AES128-SHA +-2 # server TLSv1 NTRU_AES256 -v 1 @@ -2117,10 +2603,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1 NTRU_AES256 -v 1 -l NTRU-AES256-SHA +-2 # server TLSv1.1 NTRU_RC4 -v 2 @@ -2128,10 +2616,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1.1 NTRU_RC4 -v 2 -l NTRU-RC4-SHA +-2 # server TLSv1.1 NTRU_DES3 -v 2 @@ -2139,10 +2629,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1.1 NTRU_DES3 -v 2 -l NTRU-DES-CBC3-SHA +-2 # server TLSv1.1 NTRU_AES128 -v 2 @@ -2150,10 +2642,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1.1 NTRU_AES128 -v 2 -l NTRU-AES128-SHA +-2 # server TLSv1.1 NTRU_AES256 -v 2 @@ -2161,10 +2655,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1.1 NTRU_AES256 -v 2 -l NTRU-AES256-SHA +-2 # server TLSv1.2 NTRU_RC4 -v 3 @@ -2172,10 +2668,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1.2 NTRU_RC4 -v 3 -l NTRU-RC4-SHA +-2 # server TLSv1.2 NTRU_DES3 -v 3 @@ -2183,10 +2681,12 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1.2 NTRU_DES3 -v 3 -l NTRU-DES-CBC3-SHA +-2 # server TLSv1.2 NTRU_AES128 -v 3 @@ -2194,95 +2694,113 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +-2 # client TLSv1.2 NTRU_AES128 -v 3 -l NTRU-AES128-SHA +-2 # error going into callback, return ok # server TLSv1.2 verify callback override -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-rsa-badsig.pem +-2 # client TLSv1.2 verify callback override -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -j +-2 # server TLSv1.2 verify callback override -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-ecc-badsig.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 verify callback override -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem -j +-2 # no error going into callback, return ok # server TLSv1.2 verify callback override -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/server-cert.pem +-2 # client TLSv1.2 verify callback override -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -j +-2 # server TLSv1.2 verify callback override -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/test/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 verify callback override -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem -j +-2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +-2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem -t +-2 # server TLSv1.2 private-only key -v 3 -c ./certs/ecc-privOnlyCert.pem -k ./certs/ecc-privOnlyKey.pem +-2 # client TLSv1.2 private-only key on server -v 3 -d +-2 # server TLSv1.2 with fragment -v 3 +-2 # client TLSv1.2 with fragment -v 3 -F 1 +-2 # server TLSv1.2 RSA 3072-bit DH 3072-bit -v 3 -D certs/dh3072.pem -A certs/client-cert-3072.pem +-2 # client TLSv1.2 RSA 3072-bit DH 3072-bit -v 3 -D certs/dh3072.pem -c certs/client-cert-3072.pem -k certs/client-key-3072.pem +-2 # server good certificate common name -v 3 @@ -2290,6 +2808,7 @@ -k ./certs/server-key.pem -c ./certs/test/server-goodcn.pem -d +-2 # client good certificate common name -v 3 @@ -2298,6 +2817,7 @@ -A ./certs/test/server-goodcn.pem -m -C +-2 # server good certificate alt name -v 3 @@ -2305,6 +2825,7 @@ -k ./certs/server-key.pem -c ./certs/test/server-goodalt.pem -d +-2 # client good certificate alt name -v 3 @@ -2313,6 +2834,7 @@ -A ./certs/test/server-goodalt.pem -m -C +-2 # server good certificate common name wild -v 3 @@ -2320,6 +2842,7 @@ -k ./certs/server-key.pem -c ./certs/test/server-goodcnwild.pem -d +-2 # client good certificate common name wild -v 3 @@ -2328,6 +2851,7 @@ -A ./certs/test/server-goodcnwild.pem -m -C +-2 # server good certificate alt name wild -v 3 @@ -2335,6 +2859,7 @@ -k ./certs/server-key.pem -c ./certs/test/server-goodaltwild.pem -d +-2 # client good certificate alt name wild -v 3 @@ -2343,11 +2868,13 @@ -A ./certs/test/server-goodaltwild.pem -m -C +-2 # server CN in alternate names list -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-localhost.pem +-2 # client CN in alternate names list -v 3 @@ -2355,15 +2882,18 @@ -h localhost -A ./certs/test/server-localhost.pem -m +-2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 +-2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 with user curve (384 or 256) -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -H useSupCurve +-2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 with P-384 Certs and CA -v 3 @@ -2371,6 +2901,7 @@ -c ./certs/server-ecc384-cert.pem -k ./certs/server-ecc384-key.pem -A ./certs/ca-ecc384-cert.pem +-2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 with P-384 Certs and CA -v 3 From a47e08c49e7a9953497abd44f269fc252a0c0437 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 4 Dec 2018 12:04:12 -0800 Subject: [PATCH 5/5] DHE Speed Up 1. Add missing "-2" flags to the last line of most of the test conf files. --- tests/test-dtls.conf | 1 + tests/test-enckeys.conf | 1 + tests/test-fails.conf | 1 + tests/test-maxfrag-dtls.conf | 1 + tests/test-maxfrag.conf | 1 + tests/test-psk-no-id.conf | 1 + tests/test-psk.conf | 1 + tests/test-qsh.conf | 1 + tests/test-sctp.conf | 1 + tests/test-sig.conf | 1 + tests/test-tls13-ecc.conf | 1 + tests/test-tls13-psk.conf | 1 + tests/test-tls13.conf | 1 + tests/test.conf | 1 + 14 files changed, 14 insertions(+) diff --git a/tests/test-dtls.conf b/tests/test-dtls.conf index cf651f4be..fed6448ba 100644 --- a/tests/test-dtls.conf +++ b/tests/test-dtls.conf @@ -1122,3 +1122,4 @@ -a -v 2 -l ADH-AES128-SHA +-2 diff --git a/tests/test-enckeys.conf b/tests/test-enckeys.conf index a84e233cd..929dca03b 100644 --- a/tests/test-enckeys.conf +++ b/tests/test-enckeys.conf @@ -49,3 +49,4 @@ -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem +-2 diff --git a/tests/test-fails.conf b/tests/test-fails.conf index f193725bf..223b163bf 100644 --- a/tests/test-fails.conf +++ b/tests/test-fails.conf @@ -196,3 +196,4 @@ -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -H verifyFail +-2 diff --git a/tests/test-maxfrag-dtls.conf b/tests/test-maxfrag-dtls.conf index 7790c2558..988ad4d7d 100644 --- a/tests/test-maxfrag-dtls.conf +++ b/tests/test-maxfrag-dtls.conf @@ -248,3 +248,4 @@ -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 6 +-2 diff --git a/tests/test-maxfrag.conf b/tests/test-maxfrag.conf index 563f4d63c..ac109a28b 100644 --- a/tests/test-maxfrag.conf +++ b/tests/test-maxfrag.conf @@ -212,3 +212,4 @@ -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 6 +-2 diff --git a/tests/test-psk-no-id.conf b/tests/test-psk-no-id.conf index 755b6e30d..bc36456de 100644 --- a/tests/test-psk-no-id.conf +++ b/tests/test-psk-no-id.conf @@ -353,3 +353,4 @@ -l TLS13-AES128-GCM-SHA256 -r -s +-2 diff --git a/tests/test-psk.conf b/tests/test-psk.conf index cc9f2a4f1..e726ac9cf 100644 --- a/tests/test-psk.conf +++ b/tests/test-psk.conf @@ -6,3 +6,4 @@ # client- standard PSK -s -l PSK-CHACHA20-POLY1305 +-2 diff --git a/tests/test-qsh.conf b/tests/test-qsh.conf index 428015c4d..9704987db 100644 --- a/tests/test-qsh.conf +++ b/tests/test-qsh.conf @@ -2617,3 +2617,4 @@ # client TLSv1.2 NTRU_AES128 -v 3 -l QSH:NTRU-AES128-SHA +-2 diff --git a/tests/test-sctp.conf b/tests/test-sctp.conf index cedb2f59d..79727512d 100644 --- a/tests/test-sctp.conf +++ b/tests/test-sctp.conf @@ -1297,3 +1297,4 @@ -a -v 2 -l ADH-AES128-SHA +-2 diff --git a/tests/test-sig.conf b/tests/test-sig.conf index b71be85c9..044ce2bf5 100644 --- a/tests/test-sig.conf +++ b/tests/test-sig.conf @@ -256,3 +256,4 @@ -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-cert.pem +-2 diff --git a/tests/test-tls13-ecc.conf b/tests/test-tls13-ecc.conf index 10a176e15..3bc261f6c 100644 --- a/tests/test-tls13-ecc.conf +++ b/tests/test-tls13-ecc.conf @@ -91,3 +91,4 @@ -l TLS13-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem -y +-2 diff --git a/tests/test-tls13-psk.conf b/tests/test-tls13-psk.conf index 8527461b4..90dec0e17 100644 --- a/tests/test-tls13-psk.conf +++ b/tests/test-tls13-psk.conf @@ -34,3 +34,4 @@ # client TLSv1.3 not-PSK -v 4 -l TLS13-AES128-GCM-SHA256 +-2 diff --git a/tests/test-tls13.conf b/tests/test-tls13.conf index cc448b857..7445aa8ed 100644 --- a/tests/test-tls13.conf +++ b/tests/test-tls13.conf @@ -234,3 +234,4 @@ -v 4 -l TLS13-AES128-GCM-SHA256 -Q +-2 diff --git a/tests/test.conf b/tests/test.conf index 206b933c8..b3ccf704d 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -2909,3 +2909,4 @@ -c ./certs/client-ecc384-cert.pem -k ./certs/client-ecc384-key.pem -A ./certs/ca-ecc384-cert.pem +-2