ssl-opt.sh: Force TLS 1.2 on server for TLS 1.2 specific tests
Force TLS 1.2 on OpenSSL/GnuTLS server for TLS 1.2 specific tests. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
634d865d80
commit
cbd7bfd30e
1 changed files with 25 additions and 25 deletions
|
@ -2877,7 +2877,7 @@ run_test "Session resume using tickets: session copy" \
|
|||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Session resume using tickets: openssl server" \
|
||||
"$O_SRV" \
|
||||
"$O_SRV -tls1_2" \
|
||||
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
|
||||
0 \
|
||||
-c "client hello, adding session ticket extension" \
|
||||
|
@ -3318,7 +3318,7 @@ run_test "Session resume using cache: openssl client" \
|
|||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Session resume using cache: openssl server" \
|
||||
"$O_SRV" \
|
||||
"$O_SRV -tls1_2" \
|
||||
"$P_CLI debug_level=3 tickets=0 reconnect=1" \
|
||||
0 \
|
||||
-C "found session_ticket extension" \
|
||||
|
@ -3752,7 +3752,7 @@ requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
|||
requires_gnutls
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Max fragment length: gnutls server" \
|
||||
"$G_SRV" \
|
||||
"$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \
|
||||
"$P_CLI debug_level=3 max_frag_len=4096" \
|
||||
0 \
|
||||
-c "Maximum incoming record payload length is 4096" \
|
||||
|
@ -4151,7 +4151,7 @@ run_test "Renegotiation: nbio, server-initiated" \
|
|||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Renegotiation: openssl server, client-initiated" \
|
||||
"$O_SRV -www" \
|
||||
"$O_SRV -www -tls1_2" \
|
||||
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
|
||||
0 \
|
||||
-c "client hello, adding renegotiation extension" \
|
||||
|
@ -4165,7 +4165,7 @@ requires_gnutls
|
|||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Renegotiation: gnutls server strict, client-initiated" \
|
||||
"$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
|
||||
"$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \
|
||||
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
|
||||
0 \
|
||||
-c "client hello, adding renegotiation extension" \
|
||||
|
@ -4179,7 +4179,7 @@ requires_gnutls
|
|||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Renegotiation: gnutls server unsafe, client-initiated default" \
|
||||
"$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
|
||||
"$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
|
||||
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
|
||||
1 \
|
||||
-c "client hello, adding renegotiation extension" \
|
||||
|
@ -4193,7 +4193,7 @@ requires_gnutls
|
|||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \
|
||||
"$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
|
||||
"$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
|
||||
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
|
||||
allow_legacy=0" \
|
||||
1 \
|
||||
|
@ -4208,7 +4208,7 @@ requires_gnutls
|
|||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \
|
||||
"$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
|
||||
"$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
|
||||
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
|
||||
allow_legacy=1" \
|
||||
0 \
|
||||
|
@ -4284,7 +4284,7 @@ run_test "Renegotiation: DTLS, gnutls server, client-initiated" \
|
|||
requires_gnutls
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Renego ext: gnutls server strict, client default" \
|
||||
"$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
|
||||
"$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \
|
||||
"$P_CLI debug_level=3" \
|
||||
0 \
|
||||
-c "found renegotiation extension" \
|
||||
|
@ -4294,7 +4294,7 @@ run_test "Renego ext: gnutls server strict, client default" \
|
|||
requires_gnutls
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Renego ext: gnutls server unsafe, client default" \
|
||||
"$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
|
||||
"$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
|
||||
"$P_CLI debug_level=3" \
|
||||
0 \
|
||||
-C "found renegotiation extension" \
|
||||
|
@ -4304,7 +4304,7 @@ run_test "Renego ext: gnutls server unsafe, client default" \
|
|||
requires_gnutls
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Renego ext: gnutls server unsafe, client break legacy" \
|
||||
"$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
|
||||
"$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
|
||||
"$P_CLI debug_level=3 allow_legacy=-1" \
|
||||
1 \
|
||||
-C "found renegotiation extension" \
|
||||
|
@ -4650,7 +4650,7 @@ run_test "Authentication: openssl client no cert, server optional" \
|
|||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Authentication: client no cert, openssl server optional" \
|
||||
"$O_SRV -verify 10" \
|
||||
"$O_SRV -verify 10 -tls1_2" \
|
||||
"$P_CLI debug_level=3 crt_file=none key_file=none" \
|
||||
0 \
|
||||
-C "skip parse certificate request" \
|
||||
|
@ -4661,7 +4661,7 @@ run_test "Authentication: client no cert, openssl server optional" \
|
|||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Authentication: client no cert, openssl server required" \
|
||||
"$O_SRV -Verify 10" \
|
||||
"$O_SRV -Verify 10 -tls1_2" \
|
||||
"$P_CLI debug_level=3 crt_file=none key_file=none" \
|
||||
1 \
|
||||
-C "skip parse certificate request" \
|
||||
|
@ -5723,7 +5723,7 @@ run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \
|
|||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \
|
||||
"$O_SRV -key data_files/server2.key \
|
||||
"$O_SRV -tls1_2 -key data_files/server2.key \
|
||||
-cert data_files/server2.ku-ds_ke.crt" \
|
||||
"$P_CLI debug_level=1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
||||
|
@ -5734,7 +5734,7 @@ run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \
|
|||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
|
||||
"$O_SRV -key data_files/server2.key \
|
||||
"$O_SRV -tls1_2 -key data_files/server2.key \
|
||||
-cert data_files/server2.ku-ds_ke.crt" \
|
||||
"$P_CLI debug_level=1 \
|
||||
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
|
||||
|
@ -5745,7 +5745,7 @@ run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
|
|||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "keyUsage cli: KeyEncipherment, RSA: OK" \
|
||||
"$O_SRV -key data_files/server2.key \
|
||||
"$O_SRV -tls1_2 -key data_files/server2.key \
|
||||
-cert data_files/server2.ku-ke.crt" \
|
||||
"$P_CLI debug_level=1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
||||
|
@ -5756,7 +5756,7 @@ run_test "keyUsage cli: KeyEncipherment, RSA: OK" \
|
|||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \
|
||||
"$O_SRV -key data_files/server2.key \
|
||||
"$O_SRV -tls1_2 -key data_files/server2.key \
|
||||
-cert data_files/server2.ku-ke.crt" \
|
||||
"$P_CLI debug_level=1 \
|
||||
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
|
||||
|
@ -5767,7 +5767,7 @@ run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \
|
|||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \
|
||||
"$O_SRV -key data_files/server2.key \
|
||||
"$O_SRV -tls1_2 -key data_files/server2.key \
|
||||
-cert data_files/server2.ku-ke.crt" \
|
||||
"$P_CLI debug_level=1 auth_mode=optional \
|
||||
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
|
||||
|
@ -5779,7 +5779,7 @@ run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \
|
|||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
|
||||
"$O_SRV -key data_files/server2.key \
|
||||
"$O_SRV -tls1_2 -key data_files/server2.key \
|
||||
-cert data_files/server2.ku-ds.crt" \
|
||||
"$P_CLI debug_level=1 \
|
||||
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
|
||||
|
@ -5790,7 +5790,7 @@ run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
|
|||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "keyUsage cli: DigitalSignature, RSA: fail" \
|
||||
"$O_SRV -key data_files/server2.key \
|
||||
"$O_SRV -tls1_2 -key data_files/server2.key \
|
||||
-cert data_files/server2.ku-ds.crt" \
|
||||
"$P_CLI debug_level=1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
||||
|
@ -5801,7 +5801,7 @@ run_test "keyUsage cli: DigitalSignature, RSA: fail" \
|
|||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \
|
||||
"$O_SRV -key data_files/server2.key \
|
||||
"$O_SRV -tls1_2 -key data_files/server2.key \
|
||||
-cert data_files/server2.ku-ds.crt" \
|
||||
"$P_CLI debug_level=1 auth_mode=optional \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
||||
|
@ -5893,7 +5893,7 @@ run_test "extKeyUsage srv: codeSign -> fail" \
|
|||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "extKeyUsage cli: serverAuth -> OK" \
|
||||
"$O_SRV -key data_files/server5.key \
|
||||
"$O_SRV -tls1_2 -key data_files/server5.key \
|
||||
-cert data_files/server5.eku-srv.crt" \
|
||||
"$P_CLI debug_level=1" \
|
||||
0 \
|
||||
|
@ -5903,7 +5903,7 @@ run_test "extKeyUsage cli: serverAuth -> OK" \
|
|||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \
|
||||
"$O_SRV -key data_files/server5.key \
|
||||
"$O_SRV -tls1_2 -key data_files/server5.key \
|
||||
-cert data_files/server5.eku-srv_cli.crt" \
|
||||
"$P_CLI debug_level=1" \
|
||||
0 \
|
||||
|
@ -5913,7 +5913,7 @@ run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \
|
|||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \
|
||||
"$O_SRV -key data_files/server5.key \
|
||||
"$O_SRV -tls1_2 -key data_files/server5.key \
|
||||
-cert data_files/server5.eku-cs_any.crt" \
|
||||
"$P_CLI debug_level=1" \
|
||||
0 \
|
||||
|
@ -5923,7 +5923,7 @@ run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \
|
|||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "extKeyUsage cli: codeSign -> fail" \
|
||||
"$O_SRV -key data_files/server5.key \
|
||||
"$O_SRV -tls1_2 -key data_files/server5.key \
|
||||
-cert data_files/server5.eku-cs.crt" \
|
||||
"$P_CLI debug_level=1" \
|
||||
1 \
|
||||
|
|
Loading…
Reference in a new issue