xref: /netbsd-src/crypto/external/bsd/openssl/dist/test/ssl-tests/25-cipher.cnf.in (revision b0d1725196a7921d003d2c66a14f186abda4176b) 
1*b0d17251Schristos# -*- mode: perl; -*-
2*b0d17251Schristos# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
3*b0d17251Schristos#
4*b0d17251Schristos# Licensed under the Apache License 2.0 (the "License").  You may not use
5*b0d17251Schristos# this file except in compliance with the License.  You can obtain a copy
6*b0d17251Schristos# in the file LICENSE in the source distribution or at
7*b0d17251Schristos# https://www.openssl.org/source/license.html
8*b0d17251Schristos
9*b0d17251Schristos
10*b0d17251Schristos## Test version negotiation
11*b0d17251Schristos
12*b0d17251Schristosuse strict;
13*b0d17251Schristosuse warnings;
14*b0d17251Schristos
15*b0d17251Schristospackage ssltests;
16*b0d17251Schristosuse OpenSSL::Test::Utils;
17*b0d17251Schristos
18*b0d17251Schristosour $fips_mode;
19*b0d17251Schristos
20*b0d17251Schristosour @tests = (
21*b0d17251Schristos    {
22*b0d17251Schristos        name => "cipher-server-1",
23*b0d17251Schristos        server => {
24*b0d17251Schristos            "MaxProtocol" => "TLSv1.2",
25*b0d17251Schristos            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
26*b0d17251Schristos    },
27*b0d17251Schristos        client => {
28*b0d17251Schristos            "MaxProtocol" => "TLSv1.2",
29*b0d17251Schristos            "CipherString" => "ECDHE-RSA-AES256-SHA384"
30*b0d17251Schristos        },
31*b0d17251Schristos        test => {
32*b0d17251Schristos            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
33*b0d17251Schristos        },
34*b0d17251Schristos    },
35*b0d17251Schristos    {
36*b0d17251Schristos        name => "cipher-server-2",
37*b0d17251Schristos        server => {
38*b0d17251Schristos            "MaxProtocol" => "TLSv1.2",
39*b0d17251Schristos            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
40*b0d17251Schristos        },
41*b0d17251Schristos        client => {
42*b0d17251Schristos            "MaxProtocol" => "TLSv1.2",
43*b0d17251Schristos            "CipherString" => "ECDHE-RSA-AES128-SHA256"
44*b0d17251Schristos        },
45*b0d17251Schristos        test => {
46*b0d17251Schristos            "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256",
47*b0d17251Schristos        },
48*b0d17251Schristos    },
49*b0d17251Schristos    {
50*b0d17251Schristos        name => "cipher-server-client-list",
51*b0d17251Schristos        server => {
52*b0d17251Schristos            "MaxProtocol" => "TLSv1.2",
53*b0d17251Schristos            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
54*b0d17251Schristos        },
55*b0d17251Schristos        client => {
56*b0d17251Schristos            "MaxProtocol" => "TLSv1.2",
57*b0d17251Schristos            "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
58*b0d17251Schristos        },
59*b0d17251Schristos        test => {
60*b0d17251Schristos            "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256",
61*b0d17251Schristos        },
62*b0d17251Schristos    },
63*b0d17251Schristos    {
64*b0d17251Schristos        name => "cipher-server-pref-1",
65*b0d17251Schristos        server => {
66*b0d17251Schristos            "MaxProtocol" => "TLSv1.2",
67*b0d17251Schristos            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
68*b0d17251Schristos            "Options" => "ServerPreference",
69*b0d17251Schristos        },
70*b0d17251Schristos        client => {
71*b0d17251Schristos            "MaxProtocol" => "TLSv1.2",
72*b0d17251Schristos            "CipherString" => "ECDHE-RSA-AES256-SHA384"
73*b0d17251Schristos        },
74*b0d17251Schristos        test => {
75*b0d17251Schristos            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
76*b0d17251Schristos        },
77*b0d17251Schristos    },
78*b0d17251Schristos    {
79*b0d17251Schristos        name => "cipher-server-pref-2",
80*b0d17251Schristos        server => {
81*b0d17251Schristos            "MaxProtocol" => "TLSv1.2",
82*b0d17251Schristos            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
83*b0d17251Schristos            "Options" => "ServerPreference",
84*b0d17251Schristos        },
85*b0d17251Schristos        client => {
86*b0d17251Schristos            "MaxProtocol" => "TLSv1.2",
87*b0d17251Schristos            "CipherString" => "ECDHE-RSA-AES128-SHA256"
88*b0d17251Schristos        },
89*b0d17251Schristos        test => {
90*b0d17251Schristos            "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256",
91*b0d17251Schristos        },
92*b0d17251Schristos    },
93*b0d17251Schristos    {
94*b0d17251Schristos        name => "cipher-server-pref-client-list",
95*b0d17251Schristos        server => {
96*b0d17251Schristos            "MaxProtocol" => "TLSv1.2",
97*b0d17251Schristos            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
98*b0d17251Schristos            "Options" => "ServerPreference",
99*b0d17251Schristos        },
100*b0d17251Schristos        client => {
101*b0d17251Schristos            "MaxProtocol" => "TLSv1.2",
102*b0d17251Schristos            "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
103*b0d17251Schristos        },
104*b0d17251Schristos        test => {
105*b0d17251Schristos            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
106*b0d17251Schristos        },
107*b0d17251Schristos    },
108*b0d17251Schristos    {
109*b0d17251Schristos        name => "cipher-server-pref-not-mobile",
110*b0d17251Schristos        server => {
111*b0d17251Schristos            "MaxProtocol" => "TLSv1.2",
112*b0d17251Schristos            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305",
113*b0d17251Schristos            "Options" => "ServerPreference",
114*b0d17251Schristos        },
115*b0d17251Schristos        client => {
116*b0d17251Schristos            "MaxProtocol" => "TLSv1.2",
117*b0d17251Schristos            "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
118*b0d17251Schristos        },
119*b0d17251Schristos        test => {
120*b0d17251Schristos            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
121*b0d17251Schristos        },
122*b0d17251Schristos    },
123*b0d17251Schristos    {
124*b0d17251Schristos        name => "cipher-server-pref-mobile",
125*b0d17251Schristos        server => {
126*b0d17251Schristos            "MaxProtocol" => "TLSv1.2",
127*b0d17251Schristos            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305",
128*b0d17251Schristos            "Options" => "ServerPreference,PrioritizeChaCha",
129*b0d17251Schristos        },
130*b0d17251Schristos        client => {
131*b0d17251Schristos            "MaxProtocol" => "TLSv1.2",
132*b0d17251Schristos            "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305",
133*b0d17251Schristos        },
134*b0d17251Schristos        test => {
135*b0d17251Schristos            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
136*b0d17251Schristos        },
137*b0d17251Schristos    },
138*b0d17251Schristos);
139*b0d17251Schristos
140*b0d17251Schristosmy @tests_poly1305 = (
141*b0d17251Schristos    {
142*b0d17251Schristos        name => "cipher-server-pref-mobile2",
143*b0d17251Schristos        server => {
144*b0d17251Schristos            "MaxProtocol" => "TLSv1.2",
145*b0d17251Schristos            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305",
146*b0d17251Schristos            "Options" => "ServerPreference,PrioritizeChaCha",
147*b0d17251Schristos        },
148*b0d17251Schristos        client => {
149*b0d17251Schristos            "MaxProtocol" => "TLSv1.2",
150*b0d17251Schristos            "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
151*b0d17251Schristos        },
152*b0d17251Schristos        test => {
153*b0d17251Schristos            "ExpectedCipher" => "ECDHE-RSA-CHACHA20-POLY1305",
154*b0d17251Schristos        },
155*b0d17251Schristos    },
156*b0d17251Schristos);
157*b0d17251Schristos
158*b0d17251Schristospush @tests, @tests_poly1305
159*b0d17251Schristos    unless disabled("poly1305") || disabled("chacha") || $fips_mode;
160