source-git / openssl

Clone
Source Code
GIT

Blame test/ssl-tests/28-seclevel.conf.in

c8 c8s master
  1.   c4476c2d191c8f18018d947521358ac6321a212e
  2.   test
  3.   ssl-tests
  4.   28-seclevel.conf.in
Blob History Raw
Packit c4476c 
# -*- mode: perl; -*-
Packit c4476c 
# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
Packit c4476c 
#
Packit c4476c 
# Licensed under the OpenSSL license (the "License").  You may not use
Packit c4476c 
# this file except in compliance with the License.  You can obtain a copy
Packit c4476c 
# in the file LICENSE in the source distribution or at
Packit c4476c 
# https://www.openssl.org/source/license.html
Packit c4476c
Packit c4476c
Packit c4476c 
## SSL test configurations
Packit c4476c
Packit c4476c 
package ssltests;
Packit c4476c 
use OpenSSL::Test::Utils;
Packit c4476c
Packit c4476c 
our @tests = (
Packit c4476c 
    {
Packit c4476c 
        name => "SECLEVEL 3 with default key",
Packit c4476c 
        server => { "CipherString" => "DEFAULT:\@SECLEVEL=3" },
Packit c4476c 
        client => { },
Packit c4476c 
        test   => { "ExpectedResult" => "ServerFail" },
Packit c4476c 
    },
Packit c4476c 
);
Packit c4476c
Packit c4476c 
our @tests_ec = (
Packit c4476c 
    {
Packit c4476c 
        name => "SECLEVEL 4 with ED448 key",
Packit c4476c 
        server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
Packit c4476c 
                    "Certificate" => test_pem("server-ed448-cert.pem"),
Packit c4476c 
                    "PrivateKey" => test_pem("server-ed448-key.pem") },
Packit c4476c 
        client => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
Packit c4476c 
                    "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
Packit c4476c 
        test   => { "ExpectedResult" => "Success" },
Packit c4476c 
    },
Packit c4476c 
    {
Packit c4476c 
        # The Ed488 signature algorithm will not be enabled.
Packit c4476c 
        # Because of the config order, the certificate is first loaded, and
Packit c4476c 
        # then the security level is chaged. If you try this with s_server
Packit c4476c 
        # the order will be reversed and it will instead fail to load the key.
Packit c4476c 
        name => "SECLEVEL 5 server with ED448 key",
Packit c4476c 
        server => { "CipherString" => "DEFAULT:\@SECLEVEL=5",
Packit c4476c 
                    "Certificate" => test_pem("server-ed448-cert.pem"),
Packit c4476c 
                    "PrivateKey" => test_pem("server-ed448-key.pem") },
Packit c4476c 
        client => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
Packit c4476c 
                    "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
Packit c4476c 
        test   => { "ExpectedResult" => "ServerFail" },
Packit c4476c 
    },
Packit c4476c 
    {
Packit c4476c 
        # The client will not sent the Ed488 signature algorithm, so the server
Packit c4476c 
        # doesn't have a useable signature algorithm for the certificate.
Packit c4476c 
        name => "SECLEVEL 5 client with ED448 key",
Packit c4476c 
        server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
Packit c4476c 
                    "Certificate" => test_pem("server-ed448-cert.pem"),
Packit c4476c 
                    "PrivateKey" => test_pem("server-ed448-key.pem") },
Packit c4476c 
        client => { "CipherString" => "DEFAULT:\@SECLEVEL=5",
Packit c4476c 
                    "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
Packit c4476c 
        test   => { "ExpectedResult" => "ServerFail" },
Packit c4476c 
    },
Packit c4476c 
    {
Packit c4476c 
        name => "SECLEVEL 3 with P-384 key, X25519 ECDHE",
Packit c4476c 
        server => { "CipherString" => "DEFAULT:\@SECLEVEL=3",
Packit c4476c 
                    "Certificate" => test_pem("p384-server-cert.pem"),
Packit c4476c 
                    "PrivateKey" => test_pem("p384-server-key.pem"),
Packit c4476c 
                    "Groups" => "X25519" },
Packit c4476c 
        client => { "CipherString" => "ECDHE:\@SECLEVEL=3",
Packit c4476c 
                    "VerifyCAFile" => test_pem("p384-root.pem") },
Packit c4476c 
        test   => { "ExpectedResult" => "Success" },
Packit c4476c 
    },
Packit c4476c 
);
Packit c4476c
Packit c4476c 
our @tests_tls1_2 = (
Packit c4476c 
    {
Packit c4476c 
        name => "SECLEVEL 3 with ED448 key, TLSv1.2",
Packit c4476c 
        server => { "CipherString" => "DEFAULT:\@SECLEVEL=3",
Packit c4476c 
                    "Certificate" => test_pem("server-ed448-cert.pem"),
Packit c4476c 
                    "PrivateKey" => test_pem("server-ed448-key.pem"),
Packit c4476c 
                    "MaxProtocol" => "TLSv1.2" },
Packit c4476c 
        client => { "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
Packit c4476c 
        test   => { "ExpectedResult" => "Success" },
Packit c4476c 
    },
Packit c4476c 
);
Packit c4476c
Packit c4476c 
push @tests, @tests_ec unless disabled("ec");
Packit c4476c 
push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec");

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation