# Generated with generate_ssl_tests.pl

num_tests = 56

test-0 = 0-ECDSA CipherString Selection

test-1 = 1-ECDSA CipherString Selection

test-2 = 2-ECDSA CipherString Selection

test-3 = 3-Ed25519 CipherString and Signature Algorithm Selection

test-4 = 4-Ed448 CipherString and Signature Algorithm Selection

test-5 = 5-ECDSA with brainpool

test-6 = 6-RSA CipherString Selection

test-7 = 7-RSA-PSS Certificate CipherString Selection

test-8 = 8-P-256 CipherString and Signature Algorithm Selection

test-9 = 9-Ed25519 CipherString and Curves Selection

test-10 = 10-Ed448 CipherString and Curves Selection

test-11 = 11-ECDSA CipherString Selection, no ECDSA certificate

test-12 = 12-ECDSA Signature Algorithm Selection

test-13 = 13-ECDSA Signature Algorithm Selection SHA384

test-14 = 14-ECDSA Signature Algorithm Selection SHA1

test-15 = 15-ECDSA Signature Algorithm Selection compressed point

test-16 = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate

test-17 = 17-RSA Signature Algorithm Selection

test-18 = 18-RSA-PSS Signature Algorithm Selection

test-19 = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection

test-20 = 20-RSA-PSS Certificate Unified Signature Algorithm Selection

test-21 = 21-Only RSA-PSS Certificate

test-22 = 22-Only RSA-PSS Certificate Valid Signature Algorithms

test-23 = 23-RSA-PSS Certificate, no PSS signature algorithms

test-24 = 24-Only RSA-PSS Restricted Certificate

test-25 = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms

test-26 = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm

test-27 = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms

test-28 = 28-RSA key exchange with all RSA certificate types

test-29 = 29-RSA key exchange with only RSA-PSS certificate

test-30 = 30-Suite B P-256 Hash Algorithm Selection

test-31 = 31-Suite B P-384 Hash Algorithm Selection

test-32 = 32-TLS 1.2 Ed25519 Client Auth

test-33 = 33-TLS 1.2 Ed448 Client Auth

test-34 = 34-Only RSA-PSS Certificate, TLS v1.1

test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection

test-36 = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point

test-37 = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1

test-38 = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS

test-39 = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS

test-40 = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate

test-41 = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS

test-42 = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection

test-43 = 43-TLS 1.3 Ed25519 Signature Algorithm Selection

test-44 = 44-TLS 1.3 Ed448 Signature Algorithm Selection

test-45 = 45-TLS 1.3 Ed25519 CipherString and Groups Selection

test-46 = 46-TLS 1.3 Ed448 CipherString and Groups Selection

test-47 = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection

test-48 = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names

test-49 = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection

test-50 = 50-TLS 1.3 Ed25519 Client Auth

test-51 = 51-TLS 1.3 Ed448 Client Auth

test-52 = 52-TLS 1.3 ECDSA with brainpool

test-53 = 53-TLS 1.2 DSA Certificate Test

test-54 = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms

test-55 = 55-TLS 1.3 DSA Certificate Test

# ===========================================================

[0-ECDSA CipherString Selection]

ssl_conf = 0-ECDSA CipherString Selection-ssl

[0-ECDSA CipherString Selection-ssl]

server = 0-ECDSA CipherString Selection-server

client = 0-ECDSA CipherString Selection-client

[0-ECDSA CipherString Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem

Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem

Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem

Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[0-ECDSA CipherString Selection-client]

CipherString = aECDSA

MaxProtocol = TLSv1.2

RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-0]

ExpectedResult = Success

ExpectedServerCANames = empty

ExpectedServerCertType = P-256

ExpectedServerSignType = EC

# ===========================================================

[1-ECDSA CipherString Selection]

ssl_conf = 1-ECDSA CipherString Selection-ssl

[1-ECDSA CipherString Selection-ssl]

server = 1-ECDSA CipherString Selection-server

client = 1-ECDSA CipherString Selection-client

[1-ECDSA CipherString Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

Groups = P-384

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[1-ECDSA CipherString Selection-client]

CipherString = aECDSA

Groups = P-256:P-384

MaxProtocol = TLSv1.2

RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-1]

ExpectedResult = Success

ExpectedServerCANames = empty

ExpectedServerCertType = P-256

ExpectedServerSignType = EC

# ===========================================================

[2-ECDSA CipherString Selection]

ssl_conf = 2-ECDSA CipherString Selection-ssl

[2-ECDSA CipherString Selection-ssl]

server = 2-ECDSA CipherString Selection-server

client = 2-ECDSA CipherString Selection-client

[2-ECDSA CipherString Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

Groups = P-256:P-384

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[2-ECDSA CipherString Selection-client]

CipherString = aECDSA

Groups = P-384

MaxProtocol = TLSv1.2

RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-2]

ExpectedResult = ServerFail

# ===========================================================

[3-Ed25519 CipherString and Signature Algorithm Selection]

ssl_conf = 3-Ed25519 CipherString and Signature Algorithm Selection-ssl

[3-Ed25519 CipherString and Signature Algorithm Selection-ssl]

server = 3-Ed25519 CipherString and Signature Algorithm Selection-server

client = 3-Ed25519 CipherString and Signature Algorithm Selection-client

[3-Ed25519 CipherString and Signature Algorithm Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem

Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem

Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem

Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[3-Ed25519 CipherString and Signature Algorithm Selection-client]

CipherString = aECDSA

MaxProtocol = TLSv1.2

RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem

SignatureAlgorithms = ed25519:ECDSA+SHA256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-3]

ExpectedResult = Success

ExpectedServerCANames = empty

ExpectedServerCertType = Ed25519

ExpectedServerSignType = Ed25519

# ===========================================================

[4-Ed448 CipherString and Signature Algorithm Selection]

ssl_conf = 4-Ed448 CipherString and Signature Algorithm Selection-ssl

[4-Ed448 CipherString and Signature Algorithm Selection-ssl]

server = 4-Ed448 CipherString and Signature Algorithm Selection-server

client = 4-Ed448 CipherString and Signature Algorithm Selection-client

[4-Ed448 CipherString and Signature Algorithm Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem

Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem

Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem

Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[4-Ed448 CipherString and Signature Algorithm Selection-client]

CipherString = aECDSA

MaxProtocol = TLSv1.2

RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem

SignatureAlgorithms = ed448:ECDSA+SHA256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem

VerifyMode = Peer

[test-4]

ExpectedResult = Success

ExpectedServerCANames = empty

ExpectedServerCertType = Ed448

ExpectedServerSignType = Ed448

# ===========================================================

[5-ECDSA with brainpool]

ssl_conf = 5-ECDSA with brainpool-ssl

[5-ECDSA with brainpool-ssl]

server = 5-ECDSA with brainpool-server

client = 5-ECDSA with brainpool-client

[5-ECDSA with brainpool-server]

Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

[5-ECDSA with brainpool-client]

CipherString = aECDSA

RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-5]

ExpectedResult = Success

# ===========================================================

[6-RSA CipherString Selection]

ssl_conf = 6-RSA CipherString Selection-ssl

[6-RSA CipherString Selection-ssl]

server = 6-RSA CipherString Selection-server

client = 6-RSA CipherString Selection-client

[6-RSA CipherString Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem

Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem

Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem

Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[6-RSA CipherString Selection-client]

CipherString = aRSA

MaxProtocol = TLSv1.2

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-6]

ExpectedResult = Success

ExpectedServerCertType = RSA

ExpectedServerSignType = RSA-PSS

# ===========================================================

[7-RSA-PSS Certificate CipherString Selection]

ssl_conf = 7-RSA-PSS Certificate CipherString Selection-ssl

[7-RSA-PSS Certificate CipherString Selection-ssl]

server = 7-RSA-PSS Certificate CipherString Selection-server

client = 7-RSA-PSS Certificate CipherString Selection-client

[7-RSA-PSS Certificate CipherString Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem

Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem

Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem

Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem

MaxProtocol = TLSv1.2

PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem

PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[7-RSA-PSS Certificate CipherString Selection-client]

CipherString = aRSA

MaxProtocol = TLSv1.2

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-7]

ExpectedResult = Success

ExpectedServerCertType = RSA-PSS

ExpectedServerSignType = RSA-PSS

# ===========================================================

[8-P-256 CipherString and Signature Algorithm Selection]

ssl_conf = 8-P-256 CipherString and Signature Algorithm Selection-ssl

[8-P-256 CipherString and Signature Algorithm Selection-ssl]

server = 8-P-256 CipherString and Signature Algorithm Selection-server

client = 8-P-256 CipherString and Signature Algorithm Selection-client

[8-P-256 CipherString and Signature Algorithm Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem

Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem

Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem

Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[8-P-256 CipherString and Signature Algorithm Selection-client]

CipherString = aECDSA

MaxProtocol = TLSv1.2

SignatureAlgorithms = ECDSA+SHA256:ed25519

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-8]

ExpectedResult = Success

ExpectedServerCertType = P-256

ExpectedServerSignHash = SHA256

ExpectedServerSignType = EC

# ===========================================================

[9-Ed25519 CipherString and Curves Selection]

ssl_conf = 9-Ed25519 CipherString and Curves Selection-ssl

[9-Ed25519 CipherString and Curves Selection-ssl]

server = 9-Ed25519 CipherString and Curves Selection-server

client = 9-Ed25519 CipherString and Curves Selection-client

[9-Ed25519 CipherString and Curves Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem

Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem

Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem

Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[9-Ed25519 CipherString and Curves Selection-client]

CipherString = aECDSA

Curves = X25519

MaxProtocol = TLSv1.2

SignatureAlgorithms = ECDSA+SHA256:ed25519

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-9]

ExpectedResult = Success

ExpectedServerCertType = Ed25519

ExpectedServerSignType = Ed25519

# ===========================================================

[10-Ed448 CipherString and Curves Selection]

ssl_conf = 10-Ed448 CipherString and Curves Selection-ssl

[10-Ed448 CipherString and Curves Selection-ssl]

server = 10-Ed448 CipherString and Curves Selection-server

client = 10-Ed448 CipherString and Curves Selection-client

[10-Ed448 CipherString and Curves Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem

Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem

Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem

Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[10-Ed448 CipherString and Curves Selection-client]

CipherString = aECDSA

Curves = X448

MaxProtocol = TLSv1.2

SignatureAlgorithms = ECDSA+SHA256:ed448

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem

VerifyMode = Peer

[test-10]

ExpectedResult = Success

ExpectedServerCertType = Ed448

ExpectedServerSignType = Ed448

# ===========================================================

[11-ECDSA CipherString Selection, no ECDSA certificate]

ssl_conf = 11-ECDSA CipherString Selection, no ECDSA certificate-ssl

[11-ECDSA CipherString Selection, no ECDSA certificate-ssl]

server = 11-ECDSA CipherString Selection, no ECDSA certificate-server

client = 11-ECDSA CipherString Selection, no ECDSA certificate-client

[11-ECDSA CipherString Selection, no ECDSA certificate-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[11-ECDSA CipherString Selection, no ECDSA certificate-client]

CipherString = aECDSA

MaxProtocol = TLSv1.2

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-11]

ExpectedResult = ServerFail

# ===========================================================

[12-ECDSA Signature Algorithm Selection]

ssl_conf = 12-ECDSA Signature Algorithm Selection-ssl

[12-ECDSA Signature Algorithm Selection-ssl]

server = 12-ECDSA Signature Algorithm Selection-server

client = 12-ECDSA Signature Algorithm Selection-client

[12-ECDSA Signature Algorithm Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem

Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem

Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem

Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[12-ECDSA Signature Algorithm Selection-client]

CipherString = DEFAULT

SignatureAlgorithms = ECDSA+SHA256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-12]

ExpectedResult = Success

ExpectedServerCertType = P-256

ExpectedServerSignHash = SHA256

ExpectedServerSignType = EC

# ===========================================================

[13-ECDSA Signature Algorithm Selection SHA384]

ssl_conf = 13-ECDSA Signature Algorithm Selection SHA384-ssl

[13-ECDSA Signature Algorithm Selection SHA384-ssl]

server = 13-ECDSA Signature Algorithm Selection SHA384-server

client = 13-ECDSA Signature Algorithm Selection SHA384-client

[13-ECDSA Signature Algorithm Selection SHA384-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem

Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem

Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem

Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[13-ECDSA Signature Algorithm Selection SHA384-client]

CipherString = DEFAULT

SignatureAlgorithms = ECDSA+SHA384

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-13]

ExpectedResult = Success

ExpectedServerCertType = P-256

ExpectedServerSignHash = SHA384

ExpectedServerSignType = EC

# ===========================================================

[14-ECDSA Signature Algorithm Selection SHA1]

ssl_conf = 14-ECDSA Signature Algorithm Selection SHA1-ssl

[14-ECDSA Signature Algorithm Selection SHA1-ssl]

server = 14-ECDSA Signature Algorithm Selection SHA1-server

client = 14-ECDSA Signature Algorithm Selection SHA1-client

[14-ECDSA Signature Algorithm Selection SHA1-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem

Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem

Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem

Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[14-ECDSA Signature Algorithm Selection SHA1-client]

CipherString = DEFAULT

SignatureAlgorithms = ECDSA+SHA1

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-14]

ExpectedResult = Success

ExpectedServerCertType = P-256

ExpectedServerSignHash = SHA1

ExpectedServerSignType = EC

# ===========================================================

[15-ECDSA Signature Algorithm Selection compressed point]

ssl_conf = 15-ECDSA Signature Algorithm Selection compressed point-ssl

[15-ECDSA Signature Algorithm Selection compressed point-ssl]

server = 15-ECDSA Signature Algorithm Selection compressed point-server

client = 15-ECDSA Signature Algorithm Selection compressed point-client

[15-ECDSA Signature Algorithm Selection compressed point-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[15-ECDSA Signature Algorithm Selection compressed point-client]

CipherString = DEFAULT

SignatureAlgorithms = ECDSA+SHA256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-15]

ExpectedResult = Success

ExpectedServerCertType = P-256

ExpectedServerSignHash = SHA256

ExpectedServerSignType = EC

# ===========================================================

[16-ECDSA Signature Algorithm Selection, no ECDSA certificate]

ssl_conf = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl

[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]

server = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server

client = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client

[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]

CipherString = DEFAULT

SignatureAlgorithms = ECDSA+SHA256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-16]

ExpectedResult = ServerFail

# ===========================================================

[17-RSA Signature Algorithm Selection]

ssl_conf = 17-RSA Signature Algorithm Selection-ssl

[17-RSA Signature Algorithm Selection-ssl]

server = 17-RSA Signature Algorithm Selection-server

client = 17-RSA Signature Algorithm Selection-client

[17-RSA Signature Algorithm Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem

Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem

Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem

Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[17-RSA Signature Algorithm Selection-client]

CipherString = DEFAULT

SignatureAlgorithms = RSA+SHA256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-17]

ExpectedResult = Success

ExpectedServerCertType = RSA

ExpectedServerSignHash = SHA256

ExpectedServerSignType = RSA

# ===========================================================

[18-RSA-PSS Signature Algorithm Selection]

ssl_conf = 18-RSA-PSS Signature Algorithm Selection-ssl

[18-RSA-PSS Signature Algorithm Selection-ssl]

server = 18-RSA-PSS Signature Algorithm Selection-server

client = 18-RSA-PSS Signature Algorithm Selection-client

[18-RSA-PSS Signature Algorithm Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem

Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem

Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem

Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[18-RSA-PSS Signature Algorithm Selection-client]

CipherString = DEFAULT

SignatureAlgorithms = RSA-PSS+SHA256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-18]

ExpectedResult = Success

ExpectedServerCertType = RSA

ExpectedServerSignHash = SHA256

ExpectedServerSignType = RSA-PSS

# ===========================================================

[19-RSA-PSS Certificate Legacy Signature Algorithm Selection]

ssl_conf = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl

[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl]

server = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server

client = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client

[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem

Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem

Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem

Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem

MaxProtocol = TLSv1.2

PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem

PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client]

CipherString = DEFAULT

SignatureAlgorithms = RSA-PSS+SHA256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-19]

ExpectedResult = Success

ExpectedServerCertType = RSA

ExpectedServerSignHash = SHA256

ExpectedServerSignType = RSA-PSS

# ===========================================================

[20-RSA-PSS Certificate Unified Signature Algorithm Selection]

ssl_conf = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl

[20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl]

server = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-server

client = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-client

[20-RSA-PSS Certificate Unified Signature Algorithm Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem

Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem

Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem

Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem

MaxProtocol = TLSv1.2

PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem

PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[20-RSA-PSS Certificate Unified Signature Algorithm Selection-client]

CipherString = DEFAULT

SignatureAlgorithms = rsa_pss_pss_sha256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-20]

ExpectedResult = Success

ExpectedServerCertType = RSA-PSS

ExpectedServerSignHash = SHA256

ExpectedServerSignType = RSA-PSS

# ===========================================================

[21-Only RSA-PSS Certificate]

ssl_conf = 21-Only RSA-PSS Certificate-ssl

[21-Only RSA-PSS Certificate-ssl]

server = 21-Only RSA-PSS Certificate-server

client = 21-Only RSA-PSS Certificate-client

[21-Only RSA-PSS Certificate-server]

Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem

[21-Only RSA-PSS Certificate-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-21]

ExpectedResult = Success

ExpectedServerCertType = RSA-PSS

ExpectedServerSignHash = SHA256

ExpectedServerSignType = RSA-PSS

# ===========================================================

[22-Only RSA-PSS Certificate Valid Signature Algorithms]

ssl_conf = 22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl

[22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl]

server = 22-Only RSA-PSS Certificate Valid Signature Algorithms-server

client = 22-Only RSA-PSS Certificate Valid Signature Algorithms-client

[22-Only RSA-PSS Certificate Valid Signature Algorithms-server]

Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem

[22-Only RSA-PSS Certificate Valid Signature Algorithms-client]

CipherString = DEFAULT

SignatureAlgorithms = rsa_pss_pss_sha512

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-22]

ExpectedResult = Success

ExpectedServerCertType = RSA-PSS

ExpectedServerSignHash = SHA512

ExpectedServerSignType = RSA-PSS

# ===========================================================

[23-RSA-PSS Certificate, no PSS signature algorithms]

ssl_conf = 23-RSA-PSS Certificate, no PSS signature algorithms-ssl

[23-RSA-PSS Certificate, no PSS signature algorithms-ssl]

server = 23-RSA-PSS Certificate, no PSS signature algorithms-server

client = 23-RSA-PSS Certificate, no PSS signature algorithms-client

[23-RSA-PSS Certificate, no PSS signature algorithms-server]

Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem

[23-RSA-PSS Certificate, no PSS signature algorithms-client]

CipherString = DEFAULT

SignatureAlgorithms = RSA+SHA256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-23]

ExpectedResult = ServerFail

# ===========================================================

[24-Only RSA-PSS Restricted Certificate]

ssl_conf = 24-Only RSA-PSS Restricted Certificate-ssl

[24-Only RSA-PSS Restricted Certificate-ssl]

server = 24-Only RSA-PSS Restricted Certificate-server

client = 24-Only RSA-PSS Restricted Certificate-client

[24-Only RSA-PSS Restricted Certificate-server]

Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem

[24-Only RSA-PSS Restricted Certificate-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-24]

ExpectedResult = Success

ExpectedServerCertType = RSA-PSS

ExpectedServerSignHash = SHA256

ExpectedServerSignType = RSA-PSS

# ===========================================================

[25-RSA-PSS Restricted Certificate Valid Signature Algorithms]

ssl_conf = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl

[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl]

server = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server

client = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client

[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server]

Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem

[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client]

CipherString = DEFAULT

SignatureAlgorithms = rsa_pss_pss_sha256:rsa_pss_pss_sha512

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-25]

ExpectedResult = Success

ExpectedServerCertType = RSA-PSS

ExpectedServerSignHash = SHA256

ExpectedServerSignType = RSA-PSS

# ===========================================================