mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-04-12 22:35:48 +02:00
eb8ba6124e
This also fixes TLS 1.2 authentication to only succeed in case the brainpool curve was present in the supported_groups extension.
244 lines
5.5 KiB
Plaintext
244 lines
5.5 KiB
Plaintext
# ----- secp256k1 ------
|
|
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/ecc/server-secp256k1-cert.pem
|
|
-k ./certs/ecc/secp256k1-key.pem
|
|
-d
|
|
|
|
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-A ./certs/ecc/server-secp256k1-cert.pem
|
|
-x
|
|
-C
|
|
|
|
# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static)
|
|
-v 3
|
|
-l ECDH-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/ecc/server-secp256k1-cert.pem
|
|
-k ./certs/ecc/secp256k1-key.pem
|
|
-d
|
|
|
|
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static)
|
|
-v 3
|
|
-l ECDH-ECDSA-AES128-GCM-SHA256
|
|
-A ./certs/ecc/server-secp256k1-cert.pem
|
|
-x
|
|
-C
|
|
|
|
# server TLSv1.3 TLS13-AES128-GCM-SHA256
|
|
-v 4
|
|
-l TLS13-AES128-GCM-SHA256
|
|
-c ./certs/ecc/server-secp256k1-cert.pem
|
|
-k ./certs/ecc/secp256k1-key.pem
|
|
-d
|
|
|
|
# client TLSv1.3 TLS13-AES128-GCM-SHA256
|
|
-v 4
|
|
-l TLS13-AES128-GCM-SHA256
|
|
-A ./certs/ecc/server-secp256k1-cert.pem
|
|
-x
|
|
-C
|
|
|
|
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 (mutual auth)
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/ecc/server-secp256k1-cert.pem
|
|
-k ./certs/ecc/secp256k1-key.pem
|
|
-A ./certs/ecc/client-secp256k1-cert.pem
|
|
-V
|
|
|
|
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 (mutual auth)
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/ecc/client-secp256k1-cert.pem
|
|
-k ./certs/ecc/secp256k1-key.pem
|
|
-A ./certs/ecc/server-secp256k1-cert.pem
|
|
-C
|
|
|
|
# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static - mutual auth)
|
|
-v 3
|
|
-l ECDH-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/ecc/server-secp256k1-cert.pem
|
|
-k ./certs/ecc/secp256k1-key.pem
|
|
-A ./certs/ecc/client-secp256k1-cert.pem
|
|
-V
|
|
|
|
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static - mutual auth)
|
|
-v 3
|
|
-l ECDH-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/ecc/client-secp256k1-cert.pem
|
|
-k ./certs/ecc/secp256k1-key.pem
|
|
-A ./certs/ecc/server-secp256k1-cert.pem
|
|
-C
|
|
|
|
# server TLSv1.3 TLS13-AES128-GCM-SHA256 (mutual auth)
|
|
-v 4
|
|
-l TLS13-AES128-GCM-SHA256
|
|
-c ./certs/ecc/server-secp256k1-cert.pem
|
|
-k ./certs/ecc/secp256k1-key.pem
|
|
-A ./certs/ecc/client-secp256k1-cert.pem
|
|
-V
|
|
|
|
# client TLSv1.3 TLS13-AES128-GCM-SHA256 (mutual auth)
|
|
-v 4
|
|
-l TLS13-AES128-GCM-SHA256
|
|
-c ./certs/ecc/client-secp256k1-cert.pem
|
|
-k ./certs/ecc/secp256k1-key.pem
|
|
-A ./certs/ecc/server-secp256k1-cert.pem
|
|
-C
|
|
|
|
# ----- bp256r1 ------
|
|
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/ecc/server-bp256r1-cert.pem
|
|
-k ./certs/ecc/bp256r1-key.pem
|
|
-d
|
|
|
|
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-A ./certs/ecc/server-bp256r1-cert.pem
|
|
-x
|
|
-C
|
|
|
|
# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static)
|
|
-v 3
|
|
-l ECDH-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/ecc/server-bp256r1-cert.pem
|
|
-k ./certs/ecc/bp256r1-key.pem
|
|
-d
|
|
|
|
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static)
|
|
-v 3
|
|
-l ECDH-ECDSA-AES128-GCM-SHA256
|
|
-A ./certs/ecc/server-bp256r1-cert.pem
|
|
-x
|
|
-C
|
|
|
|
# server TLSv1.3 TLS13-AES128-GCM-SHA256
|
|
-v 4
|
|
-l TLS13-AES128-GCM-SHA256
|
|
-c ./certs/ecc/server-bp256r1-cert.pem
|
|
-k ./certs/ecc/bp256r1-key.pem
|
|
-d
|
|
|
|
# client TLSv1.3 TLS13-AES128-GCM-SHA256
|
|
-v 4
|
|
-l TLS13-AES128-GCM-SHA256
|
|
-A ./certs/ecc/server-bp256r1-cert.pem
|
|
-x
|
|
-C
|
|
|
|
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 (mutual auth)
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/ecc/server-bp256r1-cert.pem
|
|
-k ./certs/ecc/bp256r1-key.pem
|
|
-A ./certs/ecc/client-bp256r1-cert.pem
|
|
-V
|
|
|
|
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 (mutual auth)
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/ecc/client-bp256r1-cert.pem
|
|
-k ./certs/ecc/bp256r1-key.pem
|
|
-A ./certs/ecc/server-bp256r1-cert.pem
|
|
-C
|
|
|
|
# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static - mutual auth)
|
|
-v 3
|
|
-l ECDH-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/ecc/server-bp256r1-cert.pem
|
|
-k ./certs/ecc/bp256r1-key.pem
|
|
-A ./certs/ecc/client-bp256r1-cert.pem
|
|
-V
|
|
|
|
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static - mutual auth)
|
|
-v 3
|
|
-l ECDH-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/ecc/client-bp256r1-cert.pem
|
|
-k ./certs/ecc/bp256r1-key.pem
|
|
-A ./certs/ecc/server-bp256r1-cert.pem
|
|
-C
|
|
|
|
# server TLSv1.3 TLS13-AES128-GCM-SHA256 (mutual auth)
|
|
-v 4
|
|
-l TLS13-AES128-GCM-SHA256
|
|
-c ./certs/ecc/server-bp256r1-cert.pem
|
|
-k ./certs/ecc/bp256r1-key.pem
|
|
-A ./certs/ecc/client-bp256r1-cert.pem
|
|
-V
|
|
|
|
# client TLSv1.3 TLS13-AES128-GCM-SHA256 (mutual auth)
|
|
-v 4
|
|
-l TLS13-AES128-GCM-SHA256
|
|
-c ./certs/ecc/client-bp256r1-cert.pem
|
|
-k ./certs/ecc/bp256r1-key.pem
|
|
-A ./certs/ecc/server-bp256r1-cert.pem
|
|
-C
|
|
|
|
# server TLSv1.3 TLS13-AES128-GCM-SHA256
|
|
-v 4
|
|
-l TLS13-AES128-GCM-SHA256
|
|
-c ./certs/ecc/server-bp256r1-cert.pem
|
|
-k ./certs/ecc/bp256r1-key.pem
|
|
-d
|
|
|
|
# client TLSv1.3 TLS13-AES128-GCM-SHA256 (brainpool key share)
|
|
-v 4
|
|
-l TLS13-AES128-GCM-SHA256
|
|
-A ./certs/ecc/server-bp256r1-cert.pem
|
|
-x
|
|
-C
|
|
--bpKs
|
|
|
|
# server TLSv1.3 TLS13-AES128-GCM-SHA256
|
|
-v 4
|
|
-l "TLS13-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256"
|
|
-c ./certs/ecc/server-bp256r1-cert.pem
|
|
-k ./certs/ecc/bp256r1-key.pem
|
|
-d
|
|
|
|
# client TLSv1.3 TLS13-AES128-GCM-SHA256 (brainpool key share; downgrade)
|
|
-v d
|
|
-l "TLS13-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256"
|
|
-A ./certs/ecc/server-bp256r1-cert.pem
|
|
-x
|
|
-C
|
|
--bpKs
|
|
-7 3
|
|
|
|
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/ecc/server-bp256r1-cert.pem
|
|
-k ./certs/ecc/bp256r1-key.pem
|
|
-d
|
|
|
|
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 (brainpool key share)
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-A ./certs/ecc/server-bp256r1-cert.pem
|
|
-x
|
|
-C
|
|
--bpKs
|
|
|
|
# -- SECP256K1 without OID inside PKCS#8 --
|
|
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/ecc/server2-secp256k1-cert.pem
|
|
-k ./certs/ecc/secp256k1-privkey.pem
|
|
-d
|
|
|
|
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-A ./certs/ecc/ca-secp256k1-cert.pem
|
|
-x
|
|
-C
|
|
|