xref: /freebsd-src/crypto/openssl/test/ssl-tests/19-mac-then-encrypt.cnf.in (revision e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6) 
1*e0c4386eSCy Schubert# -*- mode: perl; -*-
2*e0c4386eSCy Schubert# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
3*e0c4386eSCy Schubert#
4*e0c4386eSCy Schubert# Licensed under the Apache License 2.0 (the "License").  You may not use
5*e0c4386eSCy Schubert# this file except in compliance with the License.  You can obtain a copy
6*e0c4386eSCy Schubert# in the file LICENSE in the source distribution or at
7*e0c4386eSCy Schubert# https://www.openssl.org/source/license.html
8*e0c4386eSCy Schubert
9*e0c4386eSCy Schubert
10*e0c4386eSCy Schubert## SSL test configurations
11*e0c4386eSCy Schubert
12*e0c4386eSCy Schubertpackage ssltests;
13*e0c4386eSCy Schubert
14*e0c4386eSCy Schubertuse OpenSSL::Test::Utils;
15*e0c4386eSCy Schubert
16*e0c4386eSCy Schubertour $fips_mode;
17*e0c4386eSCy Schubert
18*e0c4386eSCy Schubertour @tests = (
19*e0c4386eSCy Schubert    {
20*e0c4386eSCy Schubert        name => "disable-encrypt-then-mac-server-sha",
21*e0c4386eSCy Schubert        server => {
22*e0c4386eSCy Schubert          "Options" => "-EncryptThenMac",
23*e0c4386eSCy Schubert        },
24*e0c4386eSCy Schubert        client => {
25*e0c4386eSCy Schubert          "CipherString" => "AES128-SHA",
26*e0c4386eSCy Schubert          "MaxProtocol" => "TLSv1.2"
27*e0c4386eSCy Schubert        },
28*e0c4386eSCy Schubert        test   => {
29*e0c4386eSCy Schubert          "ExpectedResult" => "Success",
30*e0c4386eSCy Schubert        },
31*e0c4386eSCy Schubert    },
32*e0c4386eSCy Schubert    {
33*e0c4386eSCy Schubert        name => "disable-encrypt-then-mac-client-sha",
34*e0c4386eSCy Schubert        server => {
35*e0c4386eSCy Schubert        },
36*e0c4386eSCy Schubert        client => {
37*e0c4386eSCy Schubert          "CipherString" => "AES128-SHA",
38*e0c4386eSCy Schubert          "Options" => "-EncryptThenMac",
39*e0c4386eSCy Schubert          "MaxProtocol" => "TLSv1.2"
40*e0c4386eSCy Schubert        },
41*e0c4386eSCy Schubert        test   => {
42*e0c4386eSCy Schubert          "ExpectedResult" => "Success",
43*e0c4386eSCy Schubert        },
44*e0c4386eSCy Schubert    },
45*e0c4386eSCy Schubert    {
46*e0c4386eSCy Schubert        name => "disable-encrypt-then-mac-both-sha",
47*e0c4386eSCy Schubert        server => {
48*e0c4386eSCy Schubert          "Options" => "-EncryptThenMac",
49*e0c4386eSCy Schubert        },
50*e0c4386eSCy Schubert        client => {
51*e0c4386eSCy Schubert          "CipherString" => "AES128-SHA",
52*e0c4386eSCy Schubert          "Options" => "-EncryptThenMac",
53*e0c4386eSCy Schubert          "MaxProtocol" => "TLSv1.2"
54*e0c4386eSCy Schubert        },
55*e0c4386eSCy Schubert        test   => {
56*e0c4386eSCy Schubert          "ExpectedResult" => "Success",
57*e0c4386eSCy Schubert        },
58*e0c4386eSCy Schubert    },
59*e0c4386eSCy Schubert);
60*e0c4386eSCy Schubert
61*e0c4386eSCy Schubertmy @tests_tls1_2 = (
62*e0c4386eSCy Schubert    {
63*e0c4386eSCy Schubert        name => "disable-encrypt-then-mac-server-sha2",
64*e0c4386eSCy Schubert        server => {
65*e0c4386eSCy Schubert          "Options" => "-EncryptThenMac",
66*e0c4386eSCy Schubert        },
67*e0c4386eSCy Schubert        client => {
68*e0c4386eSCy Schubert          "CipherString" => "AES128-SHA256",
69*e0c4386eSCy Schubert          "MaxProtocol" => "TLSv1.2"
70*e0c4386eSCy Schubert        },
71*e0c4386eSCy Schubert        test   => {
72*e0c4386eSCy Schubert          "ExpectedResult" => "Success",
73*e0c4386eSCy Schubert        },
74*e0c4386eSCy Schubert    },
75*e0c4386eSCy Schubert    {
76*e0c4386eSCy Schubert        name => "disable-encrypt-then-mac-client-sha2",
77*e0c4386eSCy Schubert        server => {
78*e0c4386eSCy Schubert        },
79*e0c4386eSCy Schubert        client => {
80*e0c4386eSCy Schubert          "CipherString" => "AES128-SHA256",
81*e0c4386eSCy Schubert          "Options" => "-EncryptThenMac",
82*e0c4386eSCy Schubert          "MaxProtocol" => "TLSv1.2"
83*e0c4386eSCy Schubert        },
84*e0c4386eSCy Schubert        test   => {
85*e0c4386eSCy Schubert          "ExpectedResult" => "Success",
86*e0c4386eSCy Schubert        },
87*e0c4386eSCy Schubert    },
88*e0c4386eSCy Schubert    {
89*e0c4386eSCy Schubert        name => "disable-encrypt-then-mac-both-sha2",
90*e0c4386eSCy Schubert        server => {
91*e0c4386eSCy Schubert          "Options" => "-EncryptThenMac",
92*e0c4386eSCy Schubert        },
93*e0c4386eSCy Schubert        client => {
94*e0c4386eSCy Schubert          "CipherString" => "AES128-SHA256",
95*e0c4386eSCy Schubert          "Options" => "-EncryptThenMac",
96*e0c4386eSCy Schubert          "MaxProtocol" => "TLSv1.2"
97*e0c4386eSCy Schubert        },
98*e0c4386eSCy Schubert        test   => {
99*e0c4386eSCy Schubert          "ExpectedResult" => "Success",
100*e0c4386eSCy Schubert        },
101*e0c4386eSCy Schubert    },
102*e0c4386eSCy Schubert);
103*e0c4386eSCy Schubert
104*e0c4386eSCy Schubertour @tests_tls1 = (
105*e0c4386eSCy Schubert    {
106*e0c4386eSCy Schubert        name => "disable-encrypt-then-mac-server-sha-tls1",
107*e0c4386eSCy Schubert        server => {
108*e0c4386eSCy Schubert          "CipherString" => 'DEFAULT:@SECLEVEL=0',
109*e0c4386eSCy Schubert          "Options" => "-EncryptThenMac",
110*e0c4386eSCy Schubert        },
111*e0c4386eSCy Schubert        client => {
112*e0c4386eSCy Schubert          "CipherString" => 'AES128-SHA@SECLEVEL=0',
113*e0c4386eSCy Schubert          "MinProtocol" => "TLSv1",
114*e0c4386eSCy Schubert          "MaxProtocol" => "TLSv1"
115*e0c4386eSCy Schubert        },
116*e0c4386eSCy Schubert        test   => {
117*e0c4386eSCy Schubert          "ExpectedResult" => "Success",
118*e0c4386eSCy Schubert        },
119*e0c4386eSCy Schubert    },
120*e0c4386eSCy Schubert    {
121*e0c4386eSCy Schubert        name => "disable-encrypt-then-mac-client-sha-tls1",
122*e0c4386eSCy Schubert        server => {
123*e0c4386eSCy Schubert          "CipherString" => 'DEFAULT:@SECLEVEL=0',
124*e0c4386eSCy Schubert        },
125*e0c4386eSCy Schubert        client => {
126*e0c4386eSCy Schubert          "CipherString" => 'AES128-SHA@SECLEVEL=0',
127*e0c4386eSCy Schubert          "Options" => "-EncryptThenMac",
128*e0c4386eSCy Schubert          "MinProtocol" => "TLSv1",
129*e0c4386eSCy Schubert          "MaxProtocol" => "TLSv1"
130*e0c4386eSCy Schubert        },
131*e0c4386eSCy Schubert        test   => {
132*e0c4386eSCy Schubert          "ExpectedResult" => "Success",
133*e0c4386eSCy Schubert        },
134*e0c4386eSCy Schubert    },
135*e0c4386eSCy Schubert    {
136*e0c4386eSCy Schubert        name => "disable-encrypt-then-mac-both-sha-tls1",
137*e0c4386eSCy Schubert        server => {
138*e0c4386eSCy Schubert          "CipherString" => 'DEFAULT:@SECLEVEL=0',
139*e0c4386eSCy Schubert          "Options" => "-EncryptThenMac",
140*e0c4386eSCy Schubert        },
141*e0c4386eSCy Schubert        client => {
142*e0c4386eSCy Schubert          "CipherString" => 'AES128-SHA@SECLEVEL=0',
143*e0c4386eSCy Schubert          "Options" => "-EncryptThenMac",
144*e0c4386eSCy Schubert          "MinProtocol" => "TLSv1",
145*e0c4386eSCy Schubert          "MaxProtocol" => "TLSv1"
146*e0c4386eSCy Schubert        },
147*e0c4386eSCy Schubert        test   => {
148*e0c4386eSCy Schubert          "ExpectedResult" => "Success",
149*e0c4386eSCy Schubert        },
150*e0c4386eSCy Schubert    },
151*e0c4386eSCy Schubert);
152*e0c4386eSCy Schubert
153*e0c4386eSCy Schubert
154*e0c4386eSCy Schubertpush @tests, @tests_tls1_2 unless disabled("tls1_2");
155*e0c4386eSCy Schubertpush @tests, @tests_tls1 unless disabled("tls1") || $fips_mode;
156