1*e0c4386eSCy Schubert# -*- mode: perl; -*- 2*e0c4386eSCy Schubert# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. 3*e0c4386eSCy Schubert# 4*e0c4386eSCy Schubert# Licensed under the Apache License 2.0 (the "License"). You may not use 5*e0c4386eSCy Schubert# this file except in compliance with the License. You can obtain a copy 6*e0c4386eSCy Schubert# in the file LICENSE in the source distribution or at 7*e0c4386eSCy Schubert# https://www.openssl.org/source/license.html 8*e0c4386eSCy Schubert 9*e0c4386eSCy Schubert 10*e0c4386eSCy Schubert## Test version negotiation 11*e0c4386eSCy Schubert 12*e0c4386eSCy Schubertuse strict; 13*e0c4386eSCy Schubertuse warnings; 14*e0c4386eSCy Schubert 15*e0c4386eSCy Schubertpackage ssltests; 16*e0c4386eSCy Schubertuse OpenSSL::Test::Utils; 17*e0c4386eSCy Schubert 18*e0c4386eSCy Schubertour $fips_mode; 19*e0c4386eSCy Schubert 20*e0c4386eSCy Schubertour @tests = ( 21*e0c4386eSCy Schubert { 22*e0c4386eSCy Schubert name => "cipher-server-1", 23*e0c4386eSCy Schubert server => { 24*e0c4386eSCy Schubert "MaxProtocol" => "TLSv1.2", 25*e0c4386eSCy Schubert "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", 26*e0c4386eSCy Schubert }, 27*e0c4386eSCy Schubert client => { 28*e0c4386eSCy Schubert "MaxProtocol" => "TLSv1.2", 29*e0c4386eSCy Schubert "CipherString" => "ECDHE-RSA-AES256-SHA384" 30*e0c4386eSCy Schubert }, 31*e0c4386eSCy Schubert test => { 32*e0c4386eSCy Schubert "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", 33*e0c4386eSCy Schubert }, 34*e0c4386eSCy Schubert }, 35*e0c4386eSCy Schubert { 36*e0c4386eSCy Schubert name => "cipher-server-2", 37*e0c4386eSCy Schubert server => { 38*e0c4386eSCy Schubert "MaxProtocol" => "TLSv1.2", 39*e0c4386eSCy Schubert "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", 40*e0c4386eSCy Schubert }, 41*e0c4386eSCy Schubert client => { 42*e0c4386eSCy Schubert "MaxProtocol" => "TLSv1.2", 43*e0c4386eSCy Schubert "CipherString" => "ECDHE-RSA-AES128-SHA256" 44*e0c4386eSCy Schubert }, 45*e0c4386eSCy Schubert test => { 46*e0c4386eSCy Schubert "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256", 47*e0c4386eSCy Schubert }, 48*e0c4386eSCy Schubert }, 49*e0c4386eSCy Schubert { 50*e0c4386eSCy Schubert name => "cipher-server-client-list", 51*e0c4386eSCy Schubert server => { 52*e0c4386eSCy Schubert "MaxProtocol" => "TLSv1.2", 53*e0c4386eSCy Schubert "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", 54*e0c4386eSCy Schubert }, 55*e0c4386eSCy Schubert client => { 56*e0c4386eSCy Schubert "MaxProtocol" => "TLSv1.2", 57*e0c4386eSCy Schubert "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", 58*e0c4386eSCy Schubert }, 59*e0c4386eSCy Schubert test => { 60*e0c4386eSCy Schubert "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256", 61*e0c4386eSCy Schubert }, 62*e0c4386eSCy Schubert }, 63*e0c4386eSCy Schubert { 64*e0c4386eSCy Schubert name => "cipher-server-pref-1", 65*e0c4386eSCy Schubert server => { 66*e0c4386eSCy Schubert "MaxProtocol" => "TLSv1.2", 67*e0c4386eSCy Schubert "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", 68*e0c4386eSCy Schubert "Options" => "ServerPreference", 69*e0c4386eSCy Schubert }, 70*e0c4386eSCy Schubert client => { 71*e0c4386eSCy Schubert "MaxProtocol" => "TLSv1.2", 72*e0c4386eSCy Schubert "CipherString" => "ECDHE-RSA-AES256-SHA384" 73*e0c4386eSCy Schubert }, 74*e0c4386eSCy Schubert test => { 75*e0c4386eSCy Schubert "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", 76*e0c4386eSCy Schubert }, 77*e0c4386eSCy Schubert }, 78*e0c4386eSCy Schubert { 79*e0c4386eSCy Schubert name => "cipher-server-pref-2", 80*e0c4386eSCy Schubert server => { 81*e0c4386eSCy Schubert "MaxProtocol" => "TLSv1.2", 82*e0c4386eSCy Schubert "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", 83*e0c4386eSCy Schubert "Options" => "ServerPreference", 84*e0c4386eSCy Schubert }, 85*e0c4386eSCy Schubert client => { 86*e0c4386eSCy Schubert "MaxProtocol" => "TLSv1.2", 87*e0c4386eSCy Schubert "CipherString" => "ECDHE-RSA-AES128-SHA256" 88*e0c4386eSCy Schubert }, 89*e0c4386eSCy Schubert test => { 90*e0c4386eSCy Schubert "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256", 91*e0c4386eSCy Schubert }, 92*e0c4386eSCy Schubert }, 93*e0c4386eSCy Schubert { 94*e0c4386eSCy Schubert name => "cipher-server-pref-client-list", 95*e0c4386eSCy Schubert server => { 96*e0c4386eSCy Schubert "MaxProtocol" => "TLSv1.2", 97*e0c4386eSCy Schubert "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", 98*e0c4386eSCy Schubert "Options" => "ServerPreference", 99*e0c4386eSCy Schubert }, 100*e0c4386eSCy Schubert client => { 101*e0c4386eSCy Schubert "MaxProtocol" => "TLSv1.2", 102*e0c4386eSCy Schubert "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", 103*e0c4386eSCy Schubert }, 104*e0c4386eSCy Schubert test => { 105*e0c4386eSCy Schubert "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", 106*e0c4386eSCy Schubert }, 107*e0c4386eSCy Schubert }, 108*e0c4386eSCy Schubert { 109*e0c4386eSCy Schubert name => "cipher-server-pref-not-mobile", 110*e0c4386eSCy Schubert server => { 111*e0c4386eSCy Schubert "MaxProtocol" => "TLSv1.2", 112*e0c4386eSCy Schubert "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305", 113*e0c4386eSCy Schubert "Options" => "ServerPreference", 114*e0c4386eSCy Schubert }, 115*e0c4386eSCy Schubert client => { 116*e0c4386eSCy Schubert "MaxProtocol" => "TLSv1.2", 117*e0c4386eSCy Schubert "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", 118*e0c4386eSCy Schubert }, 119*e0c4386eSCy Schubert test => { 120*e0c4386eSCy Schubert "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", 121*e0c4386eSCy Schubert }, 122*e0c4386eSCy Schubert }, 123*e0c4386eSCy Schubert { 124*e0c4386eSCy Schubert name => "cipher-server-pref-mobile", 125*e0c4386eSCy Schubert server => { 126*e0c4386eSCy Schubert "MaxProtocol" => "TLSv1.2", 127*e0c4386eSCy Schubert "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305", 128*e0c4386eSCy Schubert "Options" => "ServerPreference,PrioritizeChaCha", 129*e0c4386eSCy Schubert }, 130*e0c4386eSCy Schubert client => { 131*e0c4386eSCy Schubert "MaxProtocol" => "TLSv1.2", 132*e0c4386eSCy Schubert "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305", 133*e0c4386eSCy Schubert }, 134*e0c4386eSCy Schubert test => { 135*e0c4386eSCy Schubert "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", 136*e0c4386eSCy Schubert }, 137*e0c4386eSCy Schubert }, 138*e0c4386eSCy Schubert); 139*e0c4386eSCy Schubert 140*e0c4386eSCy Schubertmy @tests_poly1305 = ( 141*e0c4386eSCy Schubert { 142*e0c4386eSCy Schubert name => "cipher-server-pref-mobile2", 143*e0c4386eSCy Schubert server => { 144*e0c4386eSCy Schubert "MaxProtocol" => "TLSv1.2", 145*e0c4386eSCy Schubert "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305", 146*e0c4386eSCy Schubert "Options" => "ServerPreference,PrioritizeChaCha", 147*e0c4386eSCy Schubert }, 148*e0c4386eSCy Schubert client => { 149*e0c4386eSCy Schubert "MaxProtocol" => "TLSv1.2", 150*e0c4386eSCy Schubert "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", 151*e0c4386eSCy Schubert }, 152*e0c4386eSCy Schubert test => { 153*e0c4386eSCy Schubert "ExpectedCipher" => "ECDHE-RSA-CHACHA20-POLY1305", 154*e0c4386eSCy Schubert }, 155*e0c4386eSCy Schubert }, 156*e0c4386eSCy Schubert); 157*e0c4386eSCy Schubert 158*e0c4386eSCy Schubertpush @tests, @tests_poly1305 159*e0c4386eSCy Schubert unless disabled("poly1305") || disabled("chacha") || $fips_mode; 160