diff options
| author | Matt Caswell <matt@openssl.org> | 2018-11-12 14:23:07 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-11-14 11:28:01 +0000 |
| commit | 65d2c16cbe0da8efed2f285f59930297326fb435 (patch) | |
| tree | 9eace2e0557186ee94a44b9435db515983c600e8 /test/ssl-tests | |
| parent | 2dc37bc2b4c678462a24d2904604e58c0c5ac1cb (diff) | |
| download | openssl-65d2c16cbe0da8efed2f285f59930297326fb435.tar.gz | |
Fix no-ec and no-tls1_2
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7620)
Diffstat (limited to 'test/ssl-tests')
| -rw-r--r-- | test/ssl-tests/28-seclevel.conf | 52 | ||||
| -rw-r--r-- | test/ssl-tests/28-seclevel.conf.in | 28 |
2 files changed, 45 insertions, 35 deletions
diff --git a/test/ssl-tests/28-seclevel.conf b/test/ssl-tests/28-seclevel.conf index ddc2448f85..f863f68b08 100644 --- a/test/ssl-tests/28-seclevel.conf +++ b/test/ssl-tests/28-seclevel.conf @@ -4,8 +4,8 @@ num_tests = 4 test-0 = 0-SECLEVEL 3 with default key test-1 = 1-SECLEVEL 3 with ED448 key -test-2 = 2-SECLEVEL 3 with ED448 key, TLSv1.2 -test-3 = 3-SECLEVEL 3 with P-384 key, X25519 ECDHE +test-2 = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE +test-3 = 3-SECLEVEL 3 with ED448 key, TLSv1.2 # =========================================================== [0-SECLEVEL 3 with default key] @@ -54,22 +54,22 @@ ExpectedResult = Success # =========================================================== -[2-SECLEVEL 3 with ED448 key, TLSv1.2] -ssl_conf = 2-SECLEVEL 3 with ED448 key, TLSv1.2-ssl +[2-SECLEVEL 3 with P-384 key, X25519 ECDHE] +ssl_conf = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl -[2-SECLEVEL 3 with ED448 key, TLSv1.2-ssl] -server = 2-SECLEVEL 3 with ED448 key, TLSv1.2-server -client = 2-SECLEVEL 3 with ED448 key, TLSv1.2-client +[2-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl] +server = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE-server +client = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE-client -[2-SECLEVEL 3 with ED448 key, TLSv1.2-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +[2-SECLEVEL 3 with P-384 key, X25519 ECDHE-server] +Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem CipherString = DEFAULT:@SECLEVEL=3 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +Groups = X25519 +PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem -[2-SECLEVEL 3 with ED448 key, TLSv1.2-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +[2-SECLEVEL 3 with P-384 key, X25519 ECDHE-client] +CipherString = ECDHE:@SECLEVEL=3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem VerifyMode = Peer [test-2] @@ -78,22 +78,22 @@ ExpectedResult = Success # =========================================================== -[3-SECLEVEL 3 with P-384 key, X25519 ECDHE] -ssl_conf = 3-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl +[3-SECLEVEL 3 with ED448 key, TLSv1.2] +ssl_conf = 3-SECLEVEL 3 with ED448 key, TLSv1.2-ssl -[3-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl] -server = 3-SECLEVEL 3 with P-384 key, X25519 ECDHE-server -client = 3-SECLEVEL 3 with P-384 key, X25519 ECDHE-client +[3-SECLEVEL 3 with ED448 key, TLSv1.2-ssl] +server = 3-SECLEVEL 3 with ED448 key, TLSv1.2-server +client = 3-SECLEVEL 3 with ED448 key, TLSv1.2-client -[3-SECLEVEL 3 with P-384 key, X25519 ECDHE-server] -Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem +[3-SECLEVEL 3 with ED448 key, TLSv1.2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem CipherString = DEFAULT:@SECLEVEL=3 -Groups = X25519 -PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -[3-SECLEVEL 3 with P-384 key, X25519 ECDHE-client] -CipherString = ECDHE:@SECLEVEL=3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem +[3-SECLEVEL 3 with ED448 key, TLSv1.2-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-3] diff --git a/test/ssl-tests/28-seclevel.conf.in b/test/ssl-tests/28-seclevel.conf.in index 5a1ee4638f..9f85a955e1 100644 --- a/test/ssl-tests/28-seclevel.conf.in +++ b/test/ssl-tests/28-seclevel.conf.in @@ -10,6 +10,7 @@ ## SSL test configurations package ssltests; +use OpenSSL::Test::Utils; our @tests = ( { @@ -18,6 +19,9 @@ our @tests = ( client => { }, test => { "ExpectedResult" => "ServerFail" }, }, +); + +our @tests_ec = ( { name => "SECLEVEL 3 with ED448 key", server => { "CipherString" => "DEFAULT:\@SECLEVEL=3", @@ -27,15 +31,6 @@ our @tests = ( test => { "ExpectedResult" => "Success" }, }, { - name => "SECLEVEL 3 with ED448 key, TLSv1.2", - server => { "CipherString" => "DEFAULT:\@SECLEVEL=3", - "Certificate" => test_pem("server-ed448-cert.pem"), - "PrivateKey" => test_pem("server-ed448-key.pem"), - "MaxProtocol" => "TLSv1.2" }, - client => { }, - test => { "ExpectedResult" => "Success" }, - }, - { name => "SECLEVEL 3 with P-384 key, X25519 ECDHE", server => { "CipherString" => "DEFAULT:\@SECLEVEL=3", "Certificate" => test_pem("p384-server-cert.pem"), @@ -46,3 +41,18 @@ our @tests = ( test => { "ExpectedResult" => "Success" }, }, ); + +our @tests_tls1_2 = ( + { + name => "SECLEVEL 3 with ED448 key, TLSv1.2", + server => { "CipherString" => "DEFAULT:\@SECLEVEL=3", + "Certificate" => test_pem("server-ed448-cert.pem"), + "PrivateKey" => test_pem("server-ed448-key.pem"), + "MaxProtocol" => "TLSv1.2" }, + client => { }, + test => { "ExpectedResult" => "Success" }, + }, +); + +push @tests, @tests_ec unless disabled("ec"); +push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec"); |