[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Wed Nov 2 13:10:42 UTC 2016


The branch master has been updated
       via  2abacef13ab19b842a9217d6c464b4001980c0f6 (commit)
       via  84a68336581b7d25fefe693bf92b5b3751f4b5f6 (commit)
       via  0ced42e050e602dc9d5fea36250ab8335f8ab156 (commit)
       via  582a17d662d123eafbb70c9eaaa140a2559b7cdb (commit)
      from  ffd3d0ef34aac46c06379cc50d38c5c0324c3d4c (commit)


- Log -----------------------------------------------------------------
commit 2abacef13ab19b842a9217d6c464b4001980c0f6
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Oct 31 10:00:45 2016 +0000

    Convert a big "if" into a "switch"
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit 84a68336581b7d25fefe693bf92b5b3751f4b5f6
Author: Matt Caswell <matt at openssl.org>
Date:   Sun Oct 30 08:38:52 2016 +0000

    Update Configure to know about tls1_3
    
    Also we disable TLS1.3 by default (use enable-tls1_3 to re-enable). This is
    because this is a WIP and will not be interoperable with any other TLS1.3
    implementation.
    
    Finally, we fix some tests that started failing when TLS1.3 was disabled by
    default.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit 0ced42e050e602dc9d5fea36250ab8335f8ab156
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Nov 2 11:52:22 2016 +0000

    Use ciphersuite id when matching if we've got one
    
    When matching a ciphersuite if we are given an id, make sure we use it
    otherwise we will match another ciphersuite which is identical except for
    the TLS version.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit 582a17d662d123eafbb70c9eaaa140a2559b7cdb
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Oct 21 17:39:33 2016 +0100

    Add the SSL_METHOD for TLSv1.3 and all other base changes required
    
    Includes addition of the various options to s_server/s_client. Also adds
    one of the new TLS1.3 ciphersuites.
    
    This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol
    and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not
    a "real" TLS1.3 ciphersuite).
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 Configure                                  |     6 +-
 INSTALL                                    |     6 +
 apps/apps.h                                |     6 +-
 apps/ciphers.c                             |     8 +
 apps/s_cb.c                                |     2 +
 apps/s_client.c                            |    11 +-
 apps/s_server.c                            |    11 +-
 doc/man1/ciphers.pod                       |     6 +
 doc/man1/s_client.pod                      |     4 +-
 doc/man1/s_server.pod                      |     6 +-
 doc/man3/SSL_CONF_cmd.pod                  |    11 +-
 doc/man3/SSL_CTX_new.pod                   |    12 +-
 doc/man3/SSL_CTX_set_min_proto_version.pod |     4 +-
 doc/man3/SSL_CTX_set_options.pod           |     4 +-
 include/openssl/ssl.h                      |     3 +-
 include/openssl/tls1.h                     |    13 +-
 ssl/methods.c                              |    18 +
 ssl/s3_lib.c                               |    15 +
 ssl/ssl_ciph.c                             |     2 +
 ssl/ssl_conf.c                             |     4 +
 ssl/ssl_lib.c                              |    31 +-
 ssl/ssl_locl.h                             |     4 +
 ssl/ssl_sess.c                             |     3 +
 ssl/statem/statem_lib.c                    |     9 +-
 ssl/t1_lib.c                               |    20 +
 ssl/t1_trce.c                              |     2 +
 test/cipherlist_test.c                     |     6 +-
 test/recipes/80-test_ssl_new.t             |     3 +-
 test/recipes/80-test_ssl_old.t             |    30 +-
 test/ssl-tests/02-protocol-version.conf    | 11143 ++++++++++++++++++++++++---
 test/ssl-tests/13-fragmentation.conf       |     6 +
 test/ssl-tests/13-fragmentation.conf.in    |     6 +
 test/ssl-tests/14-curves.conf              |    29 +
 test/ssl-tests/14-curves.conf.in           |     4 +-
 test/ssl-tests/protocol_version.pm         |    27 +-
 test/ssl_test_ctx.c                        |     1 +
 test/ssltest_old.c                         |    24 +-
 util/TLSProxy/Proxy.pm                     |     4 +-
 38 files changed, 10238 insertions(+), 1266 deletions(-)

diff --git a/Configure b/Configure
index 2da2a1a..958ac5c 100755
--- a/Configure
+++ b/Configure
@@ -318,7 +318,7 @@ $config{sdirs} = [
     ];
 
 # Known TLS and DTLS protocols
-my @tls = qw(ssl3 tls1 tls1_1 tls1_2);
+my @tls = qw(ssl3 tls1 tls1_1 tls1_2 tls1_3);
 my @dtls = qw(dtls1 dtls1_2);
 
 # Explicitly known options that are possible to disable.  They can
@@ -440,6 +440,8 @@ our %disabled = ( # "what"         => "comment"
 		  "ssl3"                => "default",
 		  "ssl3-method"         => "default",
                   "ubsan"		=> "default",
+          #TODO(TLS1.3): Temporarily disabled while this is a WIP
+		  "tls1_3"              => "default",
 		  "unit-test"           => "default",
 		  "weak-ssl-ciphers"    => "default",
 		  "zlib"                => "default",
@@ -476,7 +478,7 @@ my @disable_cascades = (
     sub { $disabled{rsa}
 	  && ($disabled{dsa} || $disabled{dh})
 	  && ($disabled{ecdsa} || $disabled{ecdh}); }
-			=> [ "tls1", "tls1_1", "tls1_2",
+			=> [ "tls1", "tls1_1", "tls1_2", "tls1_3",
 			     "dtls1", "dtls1_2" ],
 
     "tls"		=> [ @tls ],
diff --git a/INSTALL b/INSTALL
index 44b3a1c..a393225 100644
--- a/INSTALL
+++ b/INSTALL
@@ -457,6 +457,12 @@
                    specific configuration, e.g. "-m32" to build x86 code on
                    an x64 system.
 
+  enable-tls1_3
+                   TODO(TLS1.3): Make this enabled by default
+                   Build support for TLS1.3. Note: This is a WIP feature and
+                   does not currently interoperate with other TLS1.3
+                   implementations! Use with caution!!
+
   no-<prot>
                    Don't build support for negotiating the specified SSL/TLS
                    protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, dtls,
diff --git a/apps/apps.h b/apps/apps.h
index 9dc4737..d9f7c08 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -210,7 +210,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
 # define OPT_S_ENUM \
         OPT_S__FIRST=3000, \
         OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
-        OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
+        OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
         OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
         OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \
         OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \
@@ -222,6 +222,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
         {"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \
         {"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \
         {"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \
+        {"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \
         {"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \
         {"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
         {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
@@ -259,6 +260,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
         case OPT_S_NOTLS1: \
         case OPT_S_NOTLS1_1: \
         case OPT_S_NOTLS1_2: \
+        case OPT_S_NOTLS1_3: \
         case OPT_S_BUGS: \
         case OPT_S_NO_COMP: \
         case OPT_S_COMP: \
@@ -279,7 +281,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
 
 #define IS_NO_PROT_FLAG(o) \
  (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
-  || o == OPT_S_NOTLS1_2)
+  || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)
 
 /*
  * Option parsing.
diff --git a/apps/ciphers.c b/apps/ciphers.c
index 7b99757..531bf8d 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -21,6 +21,7 @@ typedef enum OPTION_choice {
     OPT_TLS1,
     OPT_TLS1_1,
     OPT_TLS1_2,
+    OPT_TLS1_3,
     OPT_PSK,
     OPT_SRP,
     OPT_V, OPT_UPPER_V, OPT_S
@@ -43,6 +44,9 @@ const OPTIONS ciphers_options[] = {
 #ifndef OPENSSL_NO_TLS1_2
     {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
 #endif
+#ifndef OPENSSL_NO_TLS1_3
+    {"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"},
+#endif
 #ifndef OPENSSL_NO_SSL_TRACE
     {"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
 #endif
@@ -135,6 +139,10 @@ int ciphers_main(int argc, char **argv)
             min_version = TLS1_2_VERSION;
             max_version = TLS1_2_VERSION;
             break;
+        case OPT_TLS1_3:
+            min_version = TLS1_3_VERSION;
+            max_version = TLS1_3_VERSION;
+            break;
         case OPT_PSK:
 #ifndef OPENSSL_NO_PSK
             psk = 1;
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 9535f12..c37b9a1 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -453,6 +453,7 @@ static STRINT_PAIR ssl_versions[] = {
     {"TLS 1.0", TLS1_VERSION},
     {"TLS 1.1", TLS1_1_VERSION},
     {"TLS 1.2", TLS1_2_VERSION},
+    {"TLS 1.3", TLS1_3_VERSION},
     {"DTLS 1.0", DTLS1_VERSION},
     {"DTLS 1.0 (bad)", DTLS1_BAD_VER},
     {NULL}
@@ -522,6 +523,7 @@ void msg_cb(int write_p, int version, int content_type, const void *buf,
         version == TLS1_VERSION ||
         version == TLS1_1_VERSION ||
         version == TLS1_2_VERSION ||
+        version == TLS1_3_VERSION ||
         version == DTLS1_VERSION || version == DTLS1_BAD_VER) {
         switch (content_type) {
         case 20:
diff --git a/apps/s_client.c b/apps/s_client.c
index 55803e9..a407303 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -539,7 +539,7 @@ typedef enum OPTION_choice {
     OPT_SRP_MOREGROUPS,
 #endif
     OPT_SSL3, OPT_SSL_CONFIG,
-    OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
+    OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
     OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS,
     OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH,
         OPT_VERIFYCAPATH,
@@ -680,6 +680,9 @@ const OPTIONS s_client_options[] = {
 #ifndef OPENSSL_NO_TLS1_2
     {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"},
 #endif
+#ifndef OPENSSL_NO_TLS1_3
+    {"tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3"},
+#endif
 #ifndef OPENSSL_NO_DTLS
     {"dtls", OPT_DTLS, '-', "Use any version of DTLS"},
     {"timeout", OPT_TIMEOUT, '-',
@@ -762,7 +765,7 @@ static const OPT_PAIR services[] = {
 
 #define IS_PROT_FLAG(o) \
  (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
-  || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
+  || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
 
 /* Free |*dest| and optionally set it to a copy of |source|. */
 static void freeandcopy(char **dest, const char *source)
@@ -1156,6 +1159,10 @@ int s_client_main(int argc, char **argv)
             min_version = SSL3_VERSION;
             max_version = SSL3_VERSION;
             break;
+        case OPT_TLS1_3:
+            min_version = TLS1_3_VERSION;
+            max_version = TLS1_3_VERSION;
+            break;
         case OPT_TLS1_2:
             min_version = TLS1_2_VERSION;
             max_version = TLS1_2_VERSION;
diff --git a/apps/s_server.c b/apps/s_server.c
index d32b9df..24841c5 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -669,7 +669,7 @@ typedef enum OPTION_choice {
     OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE,
     OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC,
     OPT_SSL_CONFIG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF,
-    OPT_SSL3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
+    OPT_SSL3, OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
     OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN,
     OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
     OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
@@ -834,6 +834,9 @@ const OPTIONS s_server_options[] = {
 #ifndef OPENSSL_NO_TLS1_2
     {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"},
 #endif
+#ifndef OPENSSL_NO_TLS1_3
+    {"tls1_3", OPT_TLS1_3, '-', "just talk TLSv1.3"},
+#endif
 #ifndef OPENSSL_NO_DTLS
     {"dtls", OPT_DTLS, '-', "Use any DTLS version"},
     {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
@@ -868,7 +871,7 @@ const OPTIONS s_server_options[] = {
 
 #define IS_PROT_FLAG(o) \
  (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
-  || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
+  || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
 
 int s_server_main(int argc, char *argv[])
 {
@@ -1321,6 +1324,10 @@ int s_server_main(int argc, char *argv[])
             min_version = SSL3_VERSION;
             max_version = SSL3_VERSION;
             break;
+        case OPT_TLS1_3:
+            min_version = TLS1_3_VERSION;
+            max_version = TLS1_3_VERSION;
+            break;
         case OPT_TLS1_2:
             min_version = TLS1_2_VERSION;
             max_version = TLS1_2_VERSION;
diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod
index c392077..30f5721 100644
--- a/doc/man1/ciphers.pod
+++ b/doc/man1/ciphers.pod
@@ -15,6 +15,7 @@ B<openssl> B<ciphers>
 [B<-tls1>]
 [B<-tls1_1>]
 [B<-tls1_2>]
+[B<-tls1_3>]
 [B<-s>]
 [B<-psk>]
 [B<-srp>]
@@ -69,6 +70,11 @@ L<SSL_CIPHER_description(3)>.
 
 Like B<-v>, but include the official cipher suite values in hex.
 
+=item B<-tls1_3>
+
+In combination with the B<-s> option, list the ciphers which would be used if
+TLSv1.3 were negotiated.
+
 =item B<-tls1_2>
 
 In combination with the B<-s> option, list the ciphers which would be used if
diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod
index 4a2a280..4f21ea4 100644
--- a/doc/man1/s_client.pod
+++ b/doc/man1/s_client.pod
@@ -68,10 +68,12 @@ B<openssl> B<s_client>
 [B<-tls1>]
 [B<-tls1_1>]
 [B<-tls1_2>]
+[B<-tls1_3>]
 [B<-no_ssl3>]
 [B<-no_tls1>]
 [B<-no_tls1_1>]
 [B<-no_tls1_2>]
+[B<-no_tls1_3>]
 [B<-dtls>]
 [B<-dtls1>]
 [B<-dtls1_2>]
@@ -336,7 +338,7 @@ Use the PSK key B<key> when using a PSK cipher suite. The key is
 given as a hexadecimal number without leading 0x, for example -psk
 1a2b3c4d.
 
-=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
 
 These options require or disable the use of the specified SSL or TLS protocols.
 By default B<s_client> will negotiate the highest mutually supported protocol
diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod
index b0d7888..b6c5659 100644
--- a/doc/man1/s_server.pod
+++ b/doc/man1/s_server.pod
@@ -69,6 +69,9 @@ B<openssl> B<s_server>
 [B<-quiet>]
 [B<-ssl3>]
 [B<-tls1>]
+[B<-tls1_1>]
+[B<-tls1_2>]
+[B<-tls1_3>]
 [B<-dtls>]
 [B<-dtls1>]
 [B<-dtls1_2>]
@@ -81,6 +84,7 @@ B<openssl> B<s_server>
 [B<-no_tls1>]
 [B<-no_tls1_1>]
 [B<-no_tls1_2>]
+[B<-no_tls1_3>]
 [B<-no_dhe>]
 [B<-bugs>]
 [B<-comp>]
@@ -295,7 +299,7 @@ Use the PSK key B<key> when using a PSK cipher suite. The key is
 given as a hexadecimal number without leading 0x, for example -psk
 1a2b3c4d.
 
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
 
 These options require or disable the use of the specified SSL or TLS protocols.
 By default B<s_server> will negotiate the highest mutually supported protocol
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index d8c0e9b..60b80d3 100644
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -121,12 +121,13 @@ if specified.
 To restrict the supported protocol versions use these commands rather
 than the deprecated alternative commands below.
 
-=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
 
-Disables protocol support for SSLv3, TLSv1.0, TLSv1.1 or TLSv1.2 by setting the
-corresponding options B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>, B<SSL_OP_NO_TLSv1_1>
-and B<SSL_OP_NO_TLSv1_2> respectively.
-These options are deprecated, instead use B<-min_protocol> and B<-max_protocol>.
+Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by
+setting the corresponding options B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>,
+B<SSL_OP_NO_TLSv1_1>, B<SSL_OP_NO_TLSv1_2> and B<SSL_OP_NO_TLSv1_3>
+respectively. These options are deprecated, instead use B<-min_protocol> and
+B<-max_protocol>.
 
 =item B<-bugs>
 
diff --git a/doc/man3/SSL_CTX_new.pod b/doc/man3/SSL_CTX_new.pod
index 29387d3..512fca8 100644
--- a/doc/man3/SSL_CTX_new.pod
+++ b/doc/man3/SSL_CTX_new.pod
@@ -156,12 +156,12 @@ and be able to negotiate with all possible clients, but to only
 allow newer protocols like TLS 1.0, TLS 1.1 or TLS 1.2.
 
 The list of protocols available can also be limited using the
-B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>, B<SSL_OP_NO_TLSv1_1> and
-B<SSL_OP_NO_TLSv1_2> options of the L<SSL_CTX_set_options(3)> or
-L<SSL_set_options(3)> functions, but this approach is not recommended.
-Clients should avoid creating "holes" in the set of protocols they support.
-When disabling a protocol, make sure that you also disable either all previous
-or all subsequent protocol versions.
+B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>, B<SSL_OP_NO_TLSv1_1>,
+B<SSL_OP_NO_TLSv1_3> and B<SSL_OP_NO_TLSv1_2> options of the
+L<SSL_CTX_set_options(3)> or L<SSL_set_options(3)> functions, but this approach
+is not recommended. Clients should avoid creating "holes" in the set of
+protocols they support. When disabling a protocol, make sure that you also
+disable either all previous or all subsequent protocol versions.
 In clients, when a protocol version is disabled without disabling I<all>
 previous protocol versions, the effect is to also disable all subsequent
 protocol versions.
diff --git a/doc/man3/SSL_CTX_set_min_proto_version.pod b/doc/man3/SSL_CTX_set_min_proto_version.pod
index 3e9fe80..5996d48 100644
--- a/doc/man3/SSL_CTX_set_min_proto_version.pod
+++ b/doc/man3/SSL_CTX_set_min_proto_version.pod
@@ -29,8 +29,8 @@ versions down to the lowest version, or up to the highest version
 supported by the library, respectively.
 
 Currently supported versions are B<SSL3_VERSION>, B<TLS1_VERSION>,
-B<TLS1_1_VERSION>, B<TLS1_2_VERSION> for TLS and B<DTLS1_VERSION>,
-B<DTLS1_2_VERSION> for DTLS.
+B<TLS1_1_VERSION>, B<TLS1_2_VERSION>, B<TLS1_3_VERSION> for TLS and
+B<DTLS1_VERSION>, B<DTLS1_2_VERSION> for DTLS.
 
 =head1 RETURN VALUES
 
diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod
index 63609f3..921c812 100644
--- a/doc/man3/SSL_CTX_set_options.pod
+++ b/doc/man3/SSL_CTX_set_options.pod
@@ -155,9 +155,9 @@ own preferences.
 
 
 =item SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1,
-SSL_OP_NO_TLSv1_2, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2
+SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2
 
-These options turn off the SSLv3, TLSv1, TLSv1.1 or TLSv1.2 protocol
+These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol
 versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS,
 respectively.
 As of OpenSSL 1.1.0, these options are deprecated, use
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 20013db..f0aa306 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -343,12 +343,13 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
 # define SSL_OP_NO_TLSv1                                 0x04000000U
 # define SSL_OP_NO_TLSv1_2                               0x08000000U
 # define SSL_OP_NO_TLSv1_1                               0x10000000U
+# define SSL_OP_NO_TLSv1_3                               0x20000000U
 
 # define SSL_OP_NO_DTLSv1                                0x04000000U
 # define SSL_OP_NO_DTLSv1_2                              0x08000000U
 
 # define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\
-        SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2)
+        SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3)
 # define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2)
 
 
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 23e382c..3f7e749 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -65,7 +65,8 @@ extern "C" {
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
 # define TLS1_2_VERSION                  0x0303
-# define TLS_MAX_VERSION                 TLS1_2_VERSION
+# define TLS1_3_VERSION                  0x0304
+# define TLS_MAX_VERSION                 TLS1_3_VERSION
 
 /* Special value for method supporting multiple versions */
 # define TLS_ANY_VERSION                 0x10000
@@ -599,6 +600,9 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305           0x0300CCAD
 # define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305           0x0300CCAE
 
+/* TLS v1.3 ciphersuites */
+# define TLS1_3_CK_AES_128_GCM_SHA256                     0x03000D01
+
 /*
  * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
  * ciphers names with "EDH" instead of "DHE".  Going forward, we should be
@@ -868,6 +872,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305           "DHE-PSK-CHACHA20-POLY1305"
 # define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305           "RSA-PSK-CHACHA20-POLY1305"
 
+/* TLSv1.3 ciphersuites */
+/*
+ * TODO(TLS1.3): Review the naming scheme for TLSv1.3 ciphers and also the
+ * cipherstring selection process for these ciphers
+ */
+# define TLS1_3_TXT_AES_128_GCM_SHA256                     "TLS13-AES-128-GCM-SHA256"
+
 # define TLS_CT_RSA_SIGN                 1
 # define TLS_CT_DSS_SIGN                 2
 # define TLS_CT_RSA_FIXED_DH             3
diff --git a/ssl/methods.c b/ssl/methods.c
index c846143..f0926b7 100644
--- a/ssl/methods.c
+++ b/ssl/methods.c
@@ -19,6 +19,12 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
                         TLS_method,
                         ossl_statem_accept,
                         ossl_statem_connect, TLSv1_2_enc_data)
+#ifndef OPENSSL_NO_TLS1_3_METHOD
+IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3,
+                        tlsv1_3_method,
+                        ossl_statem_accept,
+                        ossl_statem_connect, TLSv1_3_enc_data)
+#endif
 #ifndef OPENSSL_NO_TLS1_2_METHOD
 IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
                         tlsv1_2_method,
@@ -46,6 +52,12 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
                         TLS_server_method,
                         ossl_statem_accept,
                         ssl_undefined_function, TLSv1_2_enc_data)
+#ifndef OPENSSL_NO_TLS1_3_METHOD
+IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3,
+                        tlsv1_3_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_3_enc_data)
+#endif
 #ifndef OPENSSL_NO_TLS1_2_METHOD
 IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
                         tlsv1_2_server_method,
@@ -75,6 +87,12 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
                         TLS_client_method,
                         ssl_undefined_function,
                         ossl_statem_connect, TLSv1_2_enc_data)
+#ifndef OPENSSL_NO_TLS1_3_METHOD
+IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3,
+                        tlsv1_3_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_3_enc_data)
+#endif
 #ifndef OPENSSL_NO_TLS1_2_METHOD
 IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
                         tlsv1_2_client_method,
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index d19b97a..ffdb454 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -834,6 +834,21 @@ static SSL_CIPHER ssl3_ciphers[] = {
      256,
      256,
      },
+    {
+     1,
+     TLS1_3_TXT_AES_128_GCM_SHA256,
+     TLS1_3_CK_AES_128_GCM_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_3_VERSION, TLS1_3_VERSION,
+     0, 0,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
 
 #ifndef OPENSSL_NO_EC
     {
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 0d46509..adccbfc 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -859,6 +859,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
                     cp->algorithm_enc, cp->algorithm_mac, cp->min_tls,
                     cp->algo_strength);
 #endif
+            if (cipher_id != 0 && (cipher_id != cp->id))
+                continue;
             if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
                 continue;
             if (alg_auth && !(alg_auth & cp->algorithm_auth))
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 3957946..63687b5 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -257,6 +257,7 @@ static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value)
         SSL_FLAG_TBL_INV("TLSv1", SSL_OP_NO_TLSv1),
         SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1),
         SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2),
+        SSL_FLAG_TBL_INV("TLSv1.3", SSL_OP_NO_TLSv1_3),
         SSL_FLAG_TBL_INV("DTLSv1", SSL_OP_NO_DTLSv1),
         SSL_FLAG_TBL_INV("DTLSv1.2", SSL_OP_NO_DTLSv1_2)
     };
@@ -282,6 +283,7 @@ static int protocol_from_string(const char *value)
         {"TLSv1", TLS1_VERSION},
         {"TLSv1.1", TLS1_1_VERSION},
         {"TLSv1.2", TLS1_2_VERSION},
+        {"TLSv1.3", TLS1_3_VERSION},
         {"DTLSv1", DTLS1_VERSION},
         {"DTLSv1.2", DTLS1_2_VERSION}
     };
@@ -526,6 +528,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
     SSL_CONF_CMD_SWITCH("no_tls1", 0),
     SSL_CONF_CMD_SWITCH("no_tls1_1", 0),
     SSL_CONF_CMD_SWITCH("no_tls1_2", 0),
+    SSL_CONF_CMD_SWITCH("no_tls1_3", 0),
     SSL_CONF_CMD_SWITCH("bugs", 0),
     SSL_CONF_CMD_SWITCH("no_comp", 0),
     SSL_CONF_CMD_SWITCH("comp", 0),
@@ -583,6 +586,7 @@ static const ssl_switch_tbl ssl_cmd_switches[] = {
     {SSL_OP_NO_TLSv1, 0},       /* no_tls1 */
     {SSL_OP_NO_TLSv1_1, 0},     /* no_tls1_1 */
     {SSL_OP_NO_TLSv1_2, 0},     /* no_tls1_2 */
+    {SSL_OP_NO_TLSv1_3, 0},     /* no_tls1_3 */
     {SSL_OP_ALL, 0},            /* bugs */
     {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */
     {SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 8bf872b..67eee74 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3072,22 +3072,35 @@ const SSL_METHOD *ssl_bad_method(int ver)
 
 const char *ssl_protocol_to_string(int version)
 {
-    if (version == TLS1_2_VERSION)
+    switch(version)
+    {
+    case TLS1_3_VERSION:
+        return "TLSv1.3";
+
+    case TLS1_2_VERSION:
         return "TLSv1.2";
-    else if (version == TLS1_1_VERSION)
+
+    case TLS1_1_VERSION:
         return "TLSv1.1";
-    else if (version == TLS1_VERSION)
+
+    case TLS1_VERSION:
         return "TLSv1";
-    else if (version == SSL3_VERSION)
+
+    case SSL3_VERSION:
         return "SSLv3";
-    else if (version == DTLS1_BAD_VER)
+
+    case DTLS1_BAD_VER:
         return "DTLSv0.9";
-    else if (version == DTLS1_VERSION)
+
+    case DTLS1_VERSION:
         return "DTLSv1";
-    else if (version == DTLS1_2_VERSION)
+
+    case DTLS1_2_VERSION:
         return "DTLSv1.2";
-    else
-        return ("unknown");
+
+    default:
+        return "unknown";
+    }
 }
 
 const char *SSL_get_version(const SSL *s)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 8a7e1a9..d5a6fe2 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1641,6 +1641,9 @@ __owur const SSL_METHOD *tlsv1_1_client_method(void);
 __owur const SSL_METHOD *tlsv1_2_method(void);
 __owur const SSL_METHOD *tlsv1_2_server_method(void);
 __owur const SSL_METHOD *tlsv1_2_client_method(void);
+__owur const SSL_METHOD *tlsv1_3_method(void);
+__owur const SSL_METHOD *tlsv1_3_server_method(void);
+__owur const SSL_METHOD *tlsv1_3_client_method(void);
 __owur const SSL_METHOD *dtlsv1_method(void);
 __owur const SSL_METHOD *dtlsv1_server_method(void);
 __owur const SSL_METHOD *dtlsv1_client_method(void);
@@ -1652,6 +1655,7 @@ __owur const SSL_METHOD *dtlsv1_2_client_method(void);
 extern const SSL3_ENC_METHOD TLSv1_enc_data;
 extern const SSL3_ENC_METHOD TLSv1_1_enc_data;
 extern const SSL3_ENC_METHOD TLSv1_2_enc_data;
+extern const SSL3_ENC_METHOD TLSv1_3_enc_data;
 extern const SSL3_ENC_METHOD SSLv3_enc_data;
 extern const SSL3_ENC_METHOD DTLSv1_enc_data;
 extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index eee1ca1..e0ec918 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -320,6 +320,9 @@ int ssl_get_new_session(SSL *s, int session)
         } else if (s->version == TLS1_2_VERSION) {
             ss->ssl_version = TLS1_2_VERSION;
             ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+        } else if (s->version == TLS1_3_VERSION) {
+            ss->ssl_version = TLS1_3_VERSION;
+            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
         } else if (s->version == DTLS1_BAD_VER) {
             ss->ssl_version = DTLS1_BAD_VER;
             ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index c185d7c..a3d8d1e 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -647,11 +647,16 @@ typedef struct {
     const SSL_METHOD *(*smeth) (void);
 } version_info;
 
-#if TLS_MAX_VERSION != TLS1_2_VERSION
-# error Code needs update for TLS_method() support beyond TLS1_2_VERSION.
+#if TLS_MAX_VERSION != TLS1_3_VERSION
+# error Code needs update for TLS_method() support beyond TLS1_3_VERSION.
 #endif
 
 static const version_info tls_version_table[] = {
+#ifndef OPENSSL_NO_TLS1_3
+    {TLS1_3_VERSION, tlsv1_3_client_method, tlsv1_3_server_method},
+#else
+    {TLS1_3_VERSION, NULL, NULL},
+#endif
 #ifndef OPENSSL_NO_TLS1_2
     {TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method},
 #else
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 87ebbf3..e19f93d 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -84,6 +84,26 @@ SSL3_ENC_METHOD const TLSv1_2_enc_data = {
     ssl3_handshake_write
 };
 
+SSL3_ENC_METHOD const TLSv1_3_enc_data = {
+    tls1_enc,
+    tls1_mac,
+    tls1_setup_key_block,
+    tls1_generate_master_secret,
+    tls1_change_cipher_state,
+    tls1_final_finish_mac,
+    TLS1_FINISH_MAC_LENGTH,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls1_alert_code,
+    tls1_export_keying_material,
+    SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF
+        | SSL_ENC_FLAG_TLS1_2_CIPHERS,
+    SSL3_HM_HEADER_LENGTH,
+    ssl3_set_handshake_header,
+    tls_close_construct_packet,
+    ssl3_handshake_write
+};
+
 long tls1_default_timeout(void)
 {
     /*
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 4577f03..ab5d2da 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -61,6 +61,7 @@ static ssl_trace_tbl ssl_version_tbl[] = {
     {TLS1_VERSION, "TLS 1.0"},
     {TLS1_1_VERSION, "TLS 1.1"},
     {TLS1_2_VERSION, "TLS 1.2"},
+    {TLS1_3_VERSION, "TLS 1.3"},
     {DTLS1_VERSION, "DTLS 1.0"},
     {DTLS1_2_VERSION, "DTLS 1.2"},
     {DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
@@ -422,6 +423,7 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = {
     {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305"},
     {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305"},
     {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305"},
+    {0x0D01, "TLS_AES_128_GCM_SHA256"},
     {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
     {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
 };
diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c
index d6556e0..70ebd83 100644
--- a/test/cipherlist_test.c
+++ b/test/cipherlist_test.c
@@ -107,10 +107,14 @@ static const uint32_t default_ciphers_in_order[] = {
 #ifndef OPENSSL_NO_TLS1_2
     TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
     TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+    TLS1_3_CK_AES_128_GCM_SHA256,
+#endif
+#ifndef OPENSSL_NO_TLS1_2
     TLS1_CK_RSA_WITH_AES_256_SHA256,
     TLS1_CK_RSA_WITH_AES_128_SHA256,
 #endif
-
     TLS1_CK_RSA_WITH_AES_256_SHA,
     TLS1_CK_RSA_WITH_AES_128_SHA,
 };
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index 54e32bb..1e92907 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -34,7 +34,8 @@ plan tests => 18;  # = scalar @conf_srcs
 # Some test results depend on the configuration of enabled protocols. We only
 # verify generated sources in the default configuration.
 my $is_default_tls = (disabled("ssl3") && !disabled("tls1") &&
-                      !disabled("tls1_1") && !disabled("tls1_2"));
+                      !disabled("tls1_1") && !disabled("tls1_2") &&
+                      disabled("tls1_3"));
 
 my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2"));
 
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index ff1a50a..d413de3 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -21,10 +21,10 @@ setup("test_ssl");
 $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
 
 my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_srp, $no_psk,
-    $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2,
+    $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3,
     $no_dtls, $no_dtls1, $no_dtls1_2, $no_ct) =
     anydisabled qw/rsa dsa dh ec srp psk
-                   ssl3 tls1 tls1_1 tls1_2
+                   ssl3 tls1 tls1_1 tls1_2 tls1_3
                    dtls dtls1 dtls1_2 ct/;
 my $no_anytls = alldisabled(available_protocols("tls"));
 my $no_anydtls = alldisabled(available_protocols("dtls"));
@@ -446,6 +446,7 @@ sub testssl {
 
 	my @protocols = ();
 	# FIXME: I feel unsure about the following line, is that really just TLSv1.2, or is it all of the SSLv3/TLS protocols?
+        push(@protocols, "TLSv1.3") unless $no_tls1_3;
         push(@protocols, "TLSv1.2") unless $no_tls1_2;
         push(@protocols, "SSLv3") unless $no_ssl3;
 	my $protocolciphersuitcount = 0;
@@ -463,22 +464,27 @@ sub testssl {
 
         # The count of protocols is because in addition to the ciphersuits
         # we got above, we're running a weak DH test for each protocol
-	plan tests => $protocolciphersuitcount + scalar(@protocols);
-
-	foreach my $protocol (@protocols) {
-	    note "Testing ciphersuites for $protocol";
-	    foreach my $cipher (@{$ciphersuites{$protocol}}) {
-		ok(run(test([@ssltest, @exkeys, "-cipher", $cipher,
-			     $protocol eq "SSLv3" ? ("-ssl3") : ()])),
-		   "Testing $cipher");
-	    }
+        plan tests => $protocolciphersuitcount + scalar(@protocols);
+
+        foreach my $protocol (@protocols) {
+            note "Testing ciphersuites for $protocol";
+            my $flag = "";
+            if ($protocol eq "SSLv3") {
+                $flag = "-ssl3";
+            } elsif ($protocol eq "TLSv1.2") {
+                $flag = "-tls1_2";
+            }
+            foreach my $cipher (@{$ciphersuites{$protocol}}) {
+                ok(run(test([@ssltest, @exkeys, "-cipher", $cipher, $flag])),
+                "Testing $cipher");
+            }
             is(run(test([@ssltest,
                          "-s_cipher", "EDH",
                          "-c_cipher", 'EDH:@SECLEVEL=1',
                          "-dhe512",
                          $protocol eq "SSLv3" ? ("-ssl3") : ()])), 0,
                "testing connection with weak DH, expecting failure");
-	}
+        }
     };
 
     subtest 'RSA/(EC)DHE/PSK tests' => sub {
diff --git a/test/ssl-tests/02-protocol-version.conf b/test/ssl-tests/02-protocol-version.conf
index cb89dbc..d5e0779 100644
--- a/test/ssl-tests/02-protocol-version.conf
+++ b/test/ssl-tests/02-protocol-version.conf
@@ -1,6 +1,6 @@
 # Generated with generate_ssl_tests.pl
 
-num_tests = 361
+num_tests = 676
 
 test-0 = 0-version-negotiation
 test-1 = 1-version-negotiation
@@ -363,6 +363,321 @@ test-357 = 357-version-negotiation
 test-358 = 358-version-negotiation
 test-359 = 359-version-negotiation
 test-360 = 360-version-negotiation
+test-361 = 361-version-negotiation
+test-362 = 362-version-negotiation
+test-363 = 363-version-negotiation
+test-364 = 364-version-negotiation
+test-365 = 365-version-negotiation
+test-366 = 366-version-negotiation
+test-367 = 367-version-negotiation
+test-368 = 368-version-negotiation
+test-369 = 369-version-negotiation
+test-370 = 370-version-negotiation
+test-371 = 371-version-negotiation
+test-372 = 372-version-negotiation
+test-373 = 373-version-negotiation
+test-374 = 374-version-negotiation
+test-375 = 375-version-negotiation
+test-376 = 376-version-negotiation
+test-377 = 377-version-negotiation
+test-378 = 378-version-negotiation
+test-379 = 379-version-negotiation
+test-380 = 380-version-negotiation
+test-381 = 381-version-negotiation
+test-382 = 382-version-negotiation
+test-383 = 383-version-negotiation
+test-384 = 384-version-negotiation
+test-385 = 385-version-negotiation
+test-386 = 386-version-negotiation
+test-387 = 387-version-negotiation
+test-388 = 388-version-negotiation
+test-389 = 389-version-negotiation
+test-390 = 390-version-negotiation
+test-391 = 391-version-negotiation
+test-392 = 392-version-negotiation
+test-393 = 393-version-negotiation
+test-394 = 394-version-negotiation
+test-395 = 395-version-negotiation
+test-396 = 396-version-negotiation
+test-397 = 397-version-negotiation
+test-398 = 398-version-negotiation
+test-399 = 399-version-negotiation
+test-400 = 400-version-negotiation
+test-401 = 401-version-negotiation
+test-402 = 402-version-negotiation
+test-403 = 403-version-negotiation
+test-404 = 404-version-negotiation
+test-405 = 405-version-negotiation
+test-406 = 406-version-negotiation
+test-407 = 407-version-negotiation
+test-408 = 408-version-negotiation
+test-409 = 409-version-negotiation
+test-410 = 410-version-negotiation
+test-411 = 411-version-negotiation
+test-412 = 412-version-negotiation
+test-413 = 413-version-negotiation
+test-414 = 414-version-negotiation
+test-415 = 415-version-negotiation
+test-416 = 416-version-negotiation
+test-417 = 417-version-negotiation
+test-418 = 418-version-negotiation
+test-419 = 419-version-negotiation
+test-420 = 420-version-negotiation
+test-421 = 421-version-negotiation
+test-422 = 422-version-negotiation
+test-423 = 423-version-negotiation
+test-424 = 424-version-negotiation
+test-425 = 425-version-negotiation
+test-426 = 426-version-negotiation
+test-427 = 427-version-negotiation
+test-428 = 428-version-negotiation
+test-429 = 429-version-negotiation
+test-430 = 430-version-negotiation
+test-431 = 431-version-negotiation
+test-432 = 432-version-negotiation
+test-433 = 433-version-negotiation
+test-434 = 434-version-negotiation
+test-435 = 435-version-negotiation
+test-436 = 436-version-negotiation
+test-437 = 437-version-negotiation
+test-438 = 438-version-negotiation
+test-439 = 439-version-negotiation
+test-440 = 440-version-negotiation
+test-441 = 441-version-negotiation
+test-442 = 442-version-negotiation
+test-443 = 443-version-negotiation
+test-444 = 444-version-negotiation
+test-445 = 445-version-negotiation
+test-446 = 446-version-negotiation
+test-447 = 447-version-negotiation
+test-448 = 448-version-negotiation
+test-449 = 449-version-negotiation
+test-450 = 450-version-negotiation
+test-451 = 451-version-negotiation
+test-452 = 452-version-negotiation
+test-453 = 453-version-negotiation
+test-454 = 454-version-negotiation
+test-455 = 455-version-negotiation
+test-456 = 456-version-negotiation
+test-457 = 457-version-negotiation
+test-458 = 458-version-negotiation
+test-459 = 459-version-negotiation
+test-460 = 460-version-negotiation
+test-461 = 461-version-negotiation
+test-462 = 462-version-negotiation
+test-463 = 463-version-negotiation
+test-464 = 464-version-negotiation
+test-465 = 465-version-negotiation
+test-466 = 466-version-negotiation
+test-467 = 467-version-negotiation
+test-468 = 468-version-negotiation
+test-469 = 469-version-negotiation
+test-470 = 470-version-negotiation
+test-471 = 471-version-negotiation
+test-472 = 472-version-negotiation
+test-473 = 473-version-negotiation
+test-474 = 474-version-negotiation
+test-475 = 475-version-negotiation
+test-476 = 476-version-negotiation
+test-477 = 477-version-negotiation
+test-478 = 478-version-negotiation
+test-479 = 479-version-negotiation
+test-480 = 480-version-negotiation
+test-481 = 481-version-negotiation
+test-482 = 482-version-negotiation
+test-483 = 483-version-negotiation
+test-484 = 484-version-negotiation
+test-485 = 485-version-negotiation
+test-486 = 486-version-negotiation
+test-487 = 487-version-negotiation
+test-488 = 488-version-negotiation
+test-489 = 489-version-negotiation
+test-490 = 490-version-negotiation
+test-491 = 491-version-negotiation
+test-492 = 492-version-negotiation
+test-493 = 493-version-negotiation
+test-494 = 494-version-negotiation
+test-495 = 495-version-negotiation
+test-496 = 496-version-negotiation
+test-497 = 497-version-negotiation
+test-498 = 498-version-negotiation
+test-499 = 499-version-negotiation
+test-500 = 500-version-negotiation
+test-501 = 501-version-negotiation
+test-502 = 502-version-negotiation
+test-503 = 503-version-negotiation
+test-504 = 504-version-negotiation
+test-505 = 505-version-negotiation
+test-506 = 506-version-negotiation
+test-507 = 507-version-negotiation
+test-508 = 508-version-negotiation
+test-509 = 509-version-negotiation
+test-510 = 510-version-negotiation
+test-511 = 511-version-negotiation
+test-512 = 512-version-negotiation
+test-513 = 513-version-negotiation
+test-514 = 514-version-negotiation
+test-515 = 515-version-negotiation
+test-516 = 516-version-negotiation
+test-517 = 517-version-negotiation
+test-518 = 518-version-negotiation
+test-519 = 519-version-negotiation
+test-520 = 520-version-negotiation
+test-521 = 521-version-negotiation
+test-522 = 522-version-negotiation
+test-523 = 523-version-negotiation
+test-524 = 524-version-negotiation
+test-525 = 525-version-negotiation
+test-526 = 526-version-negotiation
+test-527 = 527-version-negotiation
+test-528 = 528-version-negotiation
+test-529 = 529-version-negotiation
+test-530 = 530-version-negotiation
+test-531 = 531-version-negotiation
+test-532 = 532-version-negotiation
+test-533 = 533-version-negotiation
+test-534 = 534-version-negotiation
+test-535 = 535-version-negotiation
+test-536 = 536-version-negotiation
+test-537 = 537-version-negotiation
+test-538 = 538-version-negotiation
+test-539 = 539-version-negotiation
+test-540 = 540-version-negotiation
+test-541 = 541-version-negotiation
+test-542 = 542-version-negotiation
+test-543 = 543-version-negotiation
+test-544 = 544-version-negotiation
+test-545 = 545-version-negotiation
+test-546 = 546-version-negotiation
+test-547 = 547-version-negotiation
+test-548 = 548-version-negotiation
+test-549 = 549-version-negotiation
+test-550 = 550-version-negotiation
+test-551 = 551-version-negotiation
+test-552 = 552-version-negotiation
+test-553 = 553-version-negotiation
+test-554 = 554-version-negotiation
+test-555 = 555-version-negotiation
+test-556 = 556-version-negotiation
+test-557 = 557-version-negotiation
+test-558 = 558-version-negotiation
+test-559 = 559-version-negotiation
+test-560 = 560-version-negotiation
+test-561 = 561-version-negotiation
+test-562 = 562-version-negotiation
+test-563 = 563-version-negotiation
+test-564 = 564-version-negotiation
+test-565 = 565-version-negotiation
+test-566 = 566-version-negotiation
+test-567 = 567-version-negotiation
+test-568 = 568-version-negotiation
+test-569 = 569-version-negotiation
+test-570 = 570-version-negotiation
+test-571 = 571-version-negotiation
+test-572 = 572-version-negotiation
+test-573 = 573-version-negotiation
+test-574 = 574-version-negotiation
+test-575 = 575-version-negotiation
+test-576 = 576-version-negotiation
+test-577 = 577-version-negotiation
+test-578 = 578-version-negotiation
+test-579 = 579-version-negotiation
+test-580 = 580-version-negotiation
+test-581 = 581-version-negotiation
+test-582 = 582-version-negotiation
+test-583 = 583-version-negotiation
+test-584 = 584-version-negotiation
+test-585 = 585-version-negotiation
+test-586 = 586-version-negotiation
+test-587 = 587-version-negotiation
+test-588 = 588-version-negotiation
+test-589 = 589-version-negotiation
+test-590 = 590-version-negotiation
+test-591 = 591-version-negotiation
+test-592 = 592-version-negotiation
+test-593 = 593-version-negotiation
+test-594 = 594-version-negotiation
+test-595 = 595-version-negotiation
+test-596 = 596-version-negotiation
+test-597 = 597-version-negotiation
+test-598 = 598-version-negotiation
+test-599 = 599-version-negotiation
+test-600 = 600-version-negotiation
+test-601 = 601-version-negotiation
+test-602 = 602-version-negotiation
+test-603 = 603-version-negotiation
+test-604 = 604-version-negotiation
+test-605 = 605-version-negotiation
+test-606 = 606-version-negotiation
+test-607 = 607-version-negotiation
+test-608 = 608-version-negotiation
+test-609 = 609-version-negotiation
+test-610 = 610-version-negotiation
+test-611 = 611-version-negotiation
+test-612 = 612-version-negotiation
+test-613 = 613-version-negotiation
+test-614 = 614-version-negotiation
+test-615 = 615-version-negotiation
+test-616 = 616-version-negotiation
+test-617 = 617-version-negotiation
+test-618 = 618-version-negotiation
+test-619 = 619-version-negotiation
+test-620 = 620-version-negotiation
+test-621 = 621-version-negotiation
+test-622 = 622-version-negotiation
+test-623 = 623-version-negotiation
+test-624 = 624-version-negotiation
+test-625 = 625-version-negotiation
+test-626 = 626-version-negotiation
+test-627 = 627-version-negotiation
+test-628 = 628-version-negotiation
+test-629 = 629-version-negotiation
+test-630 = 630-version-negotiation
+test-631 = 631-version-negotiation
+test-632 = 632-version-negotiation
+test-633 = 633-version-negotiation
+test-634 = 634-version-negotiation
+test-635 = 635-version-negotiation
+test-636 = 636-version-negotiation
+test-637 = 637-version-negotiation
+test-638 = 638-version-negotiation
+test-639 = 639-version-negotiation
+test-640 = 640-version-negotiation
+test-641 = 641-version-negotiation
+test-642 = 642-version-negotiation
+test-643 = 643-version-negotiation
+test-644 = 644-version-negotiation
+test-645 = 645-version-negotiation
+test-646 = 646-version-negotiation
+test-647 = 647-version-negotiation
+test-648 = 648-version-negotiation
+test-649 = 649-version-negotiation
+test-650 = 650-version-negotiation
+test-651 = 651-version-negotiation
+test-652 = 652-version-negotiation
+test-653 = 653-version-negotiation
+test-654 = 654-version-negotiation
+test-655 = 655-version-negotiation
+test-656 = 656-version-negotiation
+test-657 = 657-version-negotiation
+test-658 = 658-version-negotiation
+test-659 = 659-version-negotiation
+test-660 = 660-version-negotiation
+test-661 = 661-version-negotiation
+test-662 = 662-version-negotiation
+test-663 = 663-version-negotiation
+test-664 = 664-version-negotiation
+test-665 = 665-version-negotiation
+test-666 = 666-version-negotiation
+test-667 = 667-version-negotiation
+test-668 = 668-version-negotiation
+test-669 = 669-version-negotiation
+test-670 = 670-version-negotiation
+test-671 = 671-version-negotiation
+test-672 = 672-version-negotiation
+test-673 = 673-version-negotiation
+test-674 = 674-version-negotiation
+test-675 = 675-version-negotiation
 # ===========================================================
 
 [0-version-negotiation]
@@ -475,6 +790,7 @@ client = 4-version-negotiation-client
 [4-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [4-version-negotiation-client]
@@ -499,8 +815,6 @@ client = 5-version-negotiation-client
 [5-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [5-version-negotiation-client]
@@ -525,7 +839,7 @@ client = 6-version-negotiation-client
 [6-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
@@ -551,7 +865,7 @@ client = 7-version-negotiation-client
 [7-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
@@ -577,7 +891,7 @@ client = 8-version-negotiation-client
 [8-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
@@ -603,6 +917,7 @@ client = 9-version-negotiation-client
 [9-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
@@ -628,8 +943,8 @@ client = 10-version-negotiation-client
 [10-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [10-version-negotiation-client]
@@ -654,8 +969,7 @@ client = 11-version-negotiation-client
 [11-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [11-version-negotiation-client]
@@ -680,7 +994,7 @@ client = 12-version-negotiation-client
 [12-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
@@ -706,6 +1020,7 @@ client = 13-version-negotiation-client
 [13-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
@@ -731,8 +1046,8 @@ client = 14-version-negotiation-client
 [14-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [14-version-negotiation-client]
@@ -757,8 +1072,8 @@ client = 15-version-negotiation-client
 [15-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [15-version-negotiation-client]
@@ -783,7 +1098,7 @@ client = 16-version-negotiation-client
 [16-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [16-version-negotiation-client]
@@ -808,8 +1123,8 @@ client = 17-version-negotiation-client
 [17-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [17-version-negotiation-client]
@@ -834,7 +1149,8 @@ client = 18-version-negotiation-client
 [18-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [18-version-negotiation-client]
@@ -859,17 +1175,18 @@ client = 19-version-negotiation-client
 [19-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [19-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-19]
-ExpectedResult = ServerFail
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -884,18 +1201,17 @@ client = 20-version-negotiation-client
 [20-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [20-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-20]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -910,18 +1226,18 @@ client = 21-version-negotiation-client
 [21-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [21-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-21]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -936,18 +1252,18 @@ client = 22-version-negotiation-client
 [22-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [22-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-22]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -962,17 +1278,17 @@ client = 23-version-negotiation-client
 [23-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [23-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-23]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -987,18 +1303,18 @@ client = 24-version-negotiation-client
 [24-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [24-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-24]
-ExpectedResult = ServerFail
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -1013,19 +1329,17 @@ client = 25-version-negotiation-client
 [25-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [25-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-25]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -1040,8 +1354,7 @@ client = 26-version-negotiation-client
 [26-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [26-version-negotiation-client]
@@ -1051,8 +1364,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-26]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1067,8 +1379,7 @@ client = 27-version-negotiation-client
 [27-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [27-version-negotiation-client]
@@ -1094,7 +1405,7 @@ client = 28-version-negotiation-client
 [28-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [28-version-negotiation-client]
@@ -1120,8 +1431,7 @@ client = 29-version-negotiation-client
 [29-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [29-version-negotiation-client]
@@ -1147,8 +1457,7 @@ client = 30-version-negotiation-client
 [30-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [30-version-negotiation-client]
@@ -1174,8 +1483,6 @@ client = 31-version-negotiation-client
 [31-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [31-version-negotiation-client]
@@ -1201,7 +1508,8 @@ client = 32-version-negotiation-client
 [32-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [32-version-negotiation-client]
@@ -1211,8 +1519,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-32]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1227,8 +1534,8 @@ client = 33-version-negotiation-client
 [33-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [33-version-negotiation-client]
@@ -1238,7 +1545,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-33]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -1253,8 +1561,8 @@ client = 34-version-negotiation-client
 [34-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [34-version-negotiation-client]
@@ -1264,7 +1572,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-34]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -1279,7 +1588,8 @@ client = 35-version-negotiation-client
 [35-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [35-version-negotiation-client]
@@ -1289,7 +1599,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-35]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -1304,8 +1615,8 @@ client = 36-version-negotiation-client
 [36-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [36-version-negotiation-client]
@@ -1315,7 +1626,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-36]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -1330,7 +1642,7 @@ client = 37-version-negotiation-client
 [37-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [37-version-negotiation-client]
@@ -1340,7 +1652,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-37]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -1355,17 +1668,19 @@ client = 38-version-negotiation-client
 [38-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [38-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-38]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -1380,12 +1695,13 @@ client = 39-version-negotiation-client
 [39-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [39-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -1406,17 +1722,18 @@ client = 40-version-negotiation-client
 [40-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [40-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-40]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -1432,17 +1749,18 @@ client = 41-version-negotiation-client
 [41-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [41-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-41]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -1458,16 +1776,17 @@ client = 42-version-negotiation-client
 [42-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [42-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-42]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -1483,13 +1802,13 @@ client = 43-version-negotiation-client
 [43-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [43-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -1509,19 +1828,18 @@ client = 44-version-negotiation-client
 [44-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [44-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-44]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1536,19 +1854,18 @@ client = 45-version-negotiation-client
 [45-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [45-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-45]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1563,19 +1880,17 @@ client = 46-version-negotiation-client
 [46-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [46-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-46]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1590,18 +1905,18 @@ client = 47-version-negotiation-client
 [47-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [47-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-47]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1616,19 +1931,18 @@ client = 48-version-negotiation-client
 [48-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [48-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-48]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1643,19 +1957,17 @@ client = 49-version-negotiation-client
 [49-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [49-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-49]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1670,19 +1982,18 @@ client = 50-version-negotiation-client
 [50-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [50-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-50]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1697,18 +2008,17 @@ client = 51-version-negotiation-client
 [51-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [51-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-51]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1723,8 +2033,7 @@ client = 52-version-negotiation-client
 [52-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [52-version-negotiation-client]
@@ -1734,8 +2043,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-52]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1750,8 +2058,7 @@ client = 53-version-negotiation-client
 [53-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [53-version-negotiation-client]
@@ -1761,7 +2068,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-53]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -1777,7 +2084,7 @@ client = 54-version-negotiation-client
 [54-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [54-version-negotiation-client]
@@ -1804,7 +2111,6 @@ client = 55-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [55-version-negotiation-client]
@@ -1814,7 +2120,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-55]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -1829,7 +2136,7 @@ client = 56-version-negotiation-client
 [56-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [56-version-negotiation-client]
@@ -1839,7 +2146,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-56]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -1854,17 +2162,17 @@ client = 57-version-negotiation-client
 [57-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [57-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-57]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -1879,18 +2187,18 @@ client = 58-version-negotiation-client
 [58-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [58-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-58]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1905,17 +2213,18 @@ client = 59-version-negotiation-client
 [59-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [59-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-59]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -1931,17 +2240,18 @@ client = 60-version-negotiation-client
 [60-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [60-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-60]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -1957,16 +2267,18 @@ client = 61-version-negotiation-client
 [61-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [61-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-61]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -1982,18 +2294,19 @@ client = 62-version-negotiation-client
 [62-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.3
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [62-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-62]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -2008,18 +2321,17 @@ client = 63-version-negotiation-client
 [63-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [63-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-63]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2035,18 +2347,18 @@ client = 64-version-negotiation-client
 [64-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [64-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-64]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -2062,18 +2374,18 @@ client = 65-version-negotiation-client
 [65-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [65-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-65]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2089,17 +2401,18 @@ client = 66-version-negotiation-client
 [66-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [66-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-66]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2115,18 +2428,18 @@ client = 67-version-negotiation-client
 [67-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [67-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-67]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2142,13 +2455,12 @@ client = 68-version-negotiation-client
 [68-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [68-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -2169,18 +2481,18 @@ client = 69-version-negotiation-client
 [69-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [69-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-69]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2196,17 +2508,18 @@ client = 70-version-negotiation-client
 [70-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [70-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-70]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2222,13 +2535,13 @@ client = 71-version-negotiation-client
 [71-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
 MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [71-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -2249,18 +2562,17 @@ client = 72-version-negotiation-client
 [72-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
 MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [72-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-72]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2276,18 +2588,18 @@ client = 73-version-negotiation-client
 [73-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [73-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-73]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -2302,19 +2614,18 @@ client = 74-version-negotiation-client
 [74-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
 MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [74-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-74]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -2334,13 +2645,12 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [75-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-75]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -2355,11 +2665,13 @@ client = 76-version-negotiation-client
 [76-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [76-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -2379,17 +2691,17 @@ client = 77-version-negotiation-client
 [77-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [77-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-77]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -2404,17 +2716,17 @@ client = 78-version-negotiation-client
 [78-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [78-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-78]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -2429,16 +2741,17 @@ client = 79-version-negotiation-client
 [79-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [79-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-79]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -2454,15 +2767,17 @@ client = 80-version-negotiation-client
 [80-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [80-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-80]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2478,17 +2793,18 @@ client = 81-version-negotiation-client
 [81-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [81-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-81]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -2503,17 +2819,17 @@ client = 82-version-negotiation-client
 [82-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [82-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-82]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -2529,17 +2845,16 @@ client = 83-version-negotiation-client
 [83-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [83-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-83]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -2555,18 +2870,18 @@ client = 84-version-negotiation-client
 [84-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [84-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-84]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -2581,16 +2896,18 @@ client = 85-version-negotiation-client
 [85-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [85-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-85]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -2606,17 +2923,18 @@ client = 86-version-negotiation-client
 [86-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [86-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-86]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2632,17 +2950,18 @@ client = 87-version-negotiation-client
 [87-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [87-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-87]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -2658,12 +2977,13 @@ client = 88-version-negotiation-client
 [88-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [88-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -2684,11 +3004,12 @@ client = 89-version-negotiation-client
 [89-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [89-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -2709,17 +3030,18 @@ client = 90-version-negotiation-client
 [90-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [90-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-90]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -2735,17 +3057,18 @@ client = 91-version-negotiation-client
 [91-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [91-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-91]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2761,11 +3084,13 @@ client = 92-version-negotiation-client
 [92-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [92-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -2786,12 +3111,13 @@ client = 93-version-negotiation-client
 [93-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [93-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -2812,11 +3138,12 @@ client = 94-version-negotiation-client
 [94-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [94-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -2837,18 +3164,19 @@ client = 95-version-negotiation-client
 [95-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [95-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-95]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -2863,18 +3191,19 @@ client = 96-version-negotiation-client
 [96-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [96-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-96]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -2889,18 +3218,19 @@ client = 97-version-negotiation-client
 [97-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [97-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-97]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -2915,18 +3245,18 @@ client = 98-version-negotiation-client
 [98-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [98-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-98]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -2941,17 +3271,19 @@ client = 99-version-negotiation-client
 [99-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [99-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-99]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -2966,19 +3298,19 @@ client = 100-version-negotiation-client
 [100-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [100-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-100]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -2993,19 +3325,18 @@ client = 101-version-negotiation-client
 [101-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [101-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-101]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3020,19 +3351,18 @@ client = 102-version-negotiation-client
 [102-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [102-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-102]
-ExpectedResult = InternalError
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -3047,19 +3377,17 @@ client = 103-version-negotiation-client
 [103-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [103-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-103]
-ExpectedResult = InternalError
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -3074,18 +3402,17 @@ client = 104-version-negotiation-client
 [104-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [104-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-104]
-ExpectedResult = InternalError
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -3101,18 +3428,17 @@ client = 105-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [105-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-105]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3128,18 +3454,17 @@ client = 106-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [106-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-106]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3155,18 +3480,17 @@ client = 107-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [107-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-107]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3181,18 +3505,18 @@ client = 108-version-negotiation-client
 [108-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [108-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-108]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3207,19 +3531,17 @@ client = 109-version-negotiation-client
 [109-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [109-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-109]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3234,19 +3556,18 @@ client = 110-version-negotiation-client
 [110-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [110-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-110]
-ExpectedResult = InternalError
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -3261,18 +3582,19 @@ client = 111-version-negotiation-client
 [111-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [111-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-111]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3287,19 +3609,19 @@ client = 112-version-negotiation-client
 [112-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [112-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-112]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3314,18 +3636,19 @@ client = 113-version-negotiation-client
 [113-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [113-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-113]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3340,18 +3663,19 @@ client = 114-version-negotiation-client
 [114-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [114-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-114]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3366,18 +3690,17 @@ client = 115-version-negotiation-client
 [115-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [115-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-115]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -3393,13 +3716,13 @@ client = 116-version-negotiation-client
 [116-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [116-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -3420,18 +3743,18 @@ client = 117-version-negotiation-client
 [117-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [117-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-117]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -3447,17 +3770,18 @@ client = 118-version-negotiation-client
 [118-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [118-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-118]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -3473,19 +3797,19 @@ client = 119-version-negotiation-client
 [119-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [119-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-119]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3500,19 +3824,17 @@ client = 120-version-negotiation-client
 [120-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [120-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-120]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -3529,18 +3851,17 @@ client = 121-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [121-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-121]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -3557,18 +3878,17 @@ client = 122-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [122-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-122]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -3584,18 +3904,18 @@ client = 123-version-negotiation-client
 [123-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [123-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-123]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -3611,19 +3931,17 @@ client = 124-version-negotiation-client
 [124-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [124-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-124]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -3639,19 +3957,18 @@ client = 125-version-negotiation-client
 [125-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [125-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-125]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -3667,19 +3984,18 @@ client = 126-version-negotiation-client
 [126-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [126-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-126]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -3695,18 +4011,17 @@ client = 127-version-negotiation-client
 [127-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [127-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-127]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -3722,14 +4037,13 @@ client = 128-version-negotiation-client
 [128-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [128-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -3749,14 +4063,12 @@ client = 129-version-negotiation-client
 [129-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [129-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -3776,13 +4088,11 @@ client = 130-version-negotiation-client
 [130-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [130-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -3802,19 +4112,17 @@ client = 131-version-negotiation-client
 [131-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [131-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-131]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3829,18 +4137,17 @@ client = 132-version-negotiation-client
 [132-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [132-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-132]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3855,18 +4162,17 @@ client = 133-version-negotiation-client
 [133-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [133-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-133]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3881,18 +4187,16 @@ client = 134-version-negotiation-client
 [134-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [134-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-134]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -3908,18 +4212,15 @@ client = 135-version-negotiation-client
 [135-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [135-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-135]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -3935,19 +4236,17 @@ client = 136-version-negotiation-client
 [136-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [136-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-136]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -3962,17 +4261,17 @@ client = 137-version-negotiation-client
 [137-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [137-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-137]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -3988,19 +4287,18 @@ client = 138-version-negotiation-client
 [138-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.1
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [138-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-138]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -4015,19 +4313,17 @@ client = 139-version-negotiation-client
 [139-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [139-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-139]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -4043,19 +4339,17 @@ client = 140-version-negotiation-client
 [140-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [140-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-140]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -4071,19 +4365,16 @@ client = 141-version-negotiation-client
 [141-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [141-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-141]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -4099,18 +4390,17 @@ client = 142-version-negotiation-client
 [142-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [142-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-142]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -4126,19 +4416,17 @@ client = 143-version-negotiation-client
 [143-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [143-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-143]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -4154,19 +4442,17 @@ client = 144-version-negotiation-client
 [144-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [144-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-144]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -4182,19 +4468,17 @@ client = 145-version-negotiation-client
 [145-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [145-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-145]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -4215,13 +4499,11 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [146-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-146]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -4243,8 +4525,6 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [147-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -4271,13 +4551,11 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [148-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-148]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -4293,18 +4571,17 @@ client = 149-version-negotiation-client
 [149-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
 MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [149-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-149]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -4320,19 +4597,17 @@ client = 150-version-negotiation-client
 [150-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [150-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-150]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -4347,18 +4622,18 @@ client = 151-version-negotiation-client
 [151-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [151-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-151]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -4373,18 +4648,18 @@ client = 152-version-negotiation-client
 [152-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [152-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-152]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -4399,18 +4674,16 @@ client = 153-version-negotiation-client
 [153-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [153-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-153]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -4426,19 +4699,17 @@ client = 154-version-negotiation-client
 [154-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [154-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-154]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -4453,19 +4724,16 @@ client = 155-version-negotiation-client
 [155-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [155-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-155]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -4480,18 +4748,18 @@ client = 156-version-negotiation-client
 [156-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [156-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-156]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4506,19 +4774,18 @@ client = 157-version-negotiation-client
 [157-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [157-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-157]
-ExpectedResult = ServerFail
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4533,20 +4800,18 @@ client = 158-version-negotiation-client
 [158-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [158-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-158]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4561,20 +4826,18 @@ client = 159-version-negotiation-client
 [159-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [159-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-159]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4589,20 +4852,18 @@ client = 160-version-negotiation-client
 [160-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [160-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-160]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4617,19 +4878,17 @@ client = 161-version-negotiation-client
 [161-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [161-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-161]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4644,20 +4903,19 @@ client = 162-version-negotiation-client
 [162-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [162-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-162]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4672,20 +4930,19 @@ client = 163-version-negotiation-client
 [163-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [163-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-163]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4700,20 +4957,19 @@ client = 164-version-negotiation-client
 [164-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [164-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-164]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4728,19 +4984,19 @@ client = 165-version-negotiation-client
 [165-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [165-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-165]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4755,20 +5011,19 @@ client = 166-version-negotiation-client
 [166-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [166-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-166]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4783,20 +5038,18 @@ client = 167-version-negotiation-client
 [167-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [167-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-167]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4811,19 +5064,19 @@ client = 168-version-negotiation-client
 [168-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [168-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-168]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4838,20 +5091,19 @@ client = 169-version-negotiation-client
 [169-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [169-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-169]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4866,19 +5118,19 @@ client = 170-version-negotiation-client
 [170-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [170-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-170]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4893,17 +5145,19 @@ client = 171-version-negotiation-client
 [171-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [171-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-171]
-ExpectedResult = ServerFail
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4918,18 +5172,18 @@ client = 172-version-negotiation-client
 [172-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [172-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-172]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4945,17 +5199,18 @@ client = 173-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [173-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-173]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4971,17 +5226,18 @@ client = 174-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [174-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-174]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4996,17 +5252,19 @@ client = 175-version-negotiation-client
 [175-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [175-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-175]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -5021,18 +5279,18 @@ client = 176-version-negotiation-client
 [176-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [176-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-176]
-ExpectedResult = ServerFail
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -5047,19 +5305,19 @@ client = 177-version-negotiation-client
 [177-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [177-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-177]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -5074,19 +5332,19 @@ client = 178-version-negotiation-client
 [178-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [178-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-178]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -5101,19 +5359,18 @@ client = 179-version-negotiation-client
 [179-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [179-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-179]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -5128,18 +5385,19 @@ client = 180-version-negotiation-client
 [180-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [180-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-180]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -5154,19 +5412,18 @@ client = 181-version-negotiation-client
 [181-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [181-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-181]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -5181,19 +5438,18 @@ client = 182-version-negotiation-client
 [182-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [182-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-182]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -5208,18 +5464,18 @@ client = 183-version-negotiation-client
 [183-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [183-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-183]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -5235,17 +5491,18 @@ client = 184-version-negotiation-client
 [184-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [184-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-184]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -5261,18 +5518,18 @@ client = 185-version-negotiation-client
 [185-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [185-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-185]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -5288,18 +5545,18 @@ client = 186-version-negotiation-client
 [186-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [186-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-186]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -5315,17 +5572,17 @@ client = 187-version-negotiation-client
 [187-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [187-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-187]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -5341,19 +5598,19 @@ client = 188-version-negotiation-client
 [188-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [188-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-188]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -5368,17 +5625,19 @@ client = 189-version-negotiation-client
 [189-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [189-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-189]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -5394,18 +5653,20 @@ client = 190-version-negotiation-client
 [190-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [190-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-190]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -5420,13 +5681,14 @@ client = 191-version-negotiation-client
 [191-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [191-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5447,13 +5709,14 @@ client = 192-version-negotiation-client
 [192-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [192-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5474,13 +5737,13 @@ client = 193-version-negotiation-client
 [193-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [193-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5501,12 +5764,14 @@ client = 194-version-negotiation-client
 [194-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [194-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5527,19 +5792,20 @@ client = 195-version-negotiation-client
 [195-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [195-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-195]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -5554,14 +5820,14 @@ client = 196-version-negotiation-client
 [196-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [196-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5582,14 +5848,14 @@ client = 197-version-negotiation-client
 [197-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [197-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5610,14 +5876,13 @@ client = 198-version-negotiation-client
 [198-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [198-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5638,19 +5903,19 @@ client = 199-version-negotiation-client
 [199-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [199-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-199]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -5665,20 +5930,19 @@ client = 200-version-negotiation-client
 [200-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [200-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-200]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -5693,20 +5957,19 @@ client = 201-version-negotiation-client
 [201-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [201-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-201]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -5721,20 +5984,18 @@ client = 202-version-negotiation-client
 [202-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [202-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-202]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -5749,19 +6010,19 @@ client = 203-version-negotiation-client
 [203-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [203-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-203]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -5776,14 +6037,14 @@ client = 204-version-negotiation-client
 [204-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [204-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5803,14 +6064,13 @@ client = 205-version-negotiation-client
 [205-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [205-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5830,13 +6090,14 @@ client = 206-version-negotiation-client
 [206-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [206-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5856,14 +6117,13 @@ client = 207-version-negotiation-client
 [207-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [207-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5883,13 +6143,13 @@ client = 208-version-negotiation-client
 [208-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [208-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5909,18 +6169,19 @@ client = 209-version-negotiation-client
 [209-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [209-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-209]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -5935,18 +6196,18 @@ client = 210-version-negotiation-client
 [210-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [210-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-210]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -5962,13 +6223,13 @@ client = 211-version-negotiation-client
 [211-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [211-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5989,13 +6250,13 @@ client = 212-version-negotiation-client
 [212-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [212-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6021,7 +6282,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 [213-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6049,7 +6310,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 [214-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6076,7 +6337,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 [215-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6104,7 +6365,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 [216-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6132,7 +6393,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 [217-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6153,13 +6414,14 @@ client = 218-version-negotiation-client
 [218-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [218-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6180,19 +6442,18 @@ client = 219-version-negotiation-client
 [219-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [219-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-219]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -6208,19 +6469,19 @@ client = 220-version-negotiation-client
 [220-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [220-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-220]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -6236,14 +6497,14 @@ client = 221-version-negotiation-client
 [221-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [221-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6264,13 +6525,14 @@ client = 222-version-negotiation-client
 [222-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [222-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6291,14 +6553,14 @@ client = 223-version-negotiation-client
 [223-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [223-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6319,14 +6581,13 @@ client = 224-version-negotiation-client
 [224-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [224-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6347,13 +6608,14 @@ client = 225-version-negotiation-client
 [225-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
 MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [225-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6375,18 +6637,19 @@ client = 226-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [226-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-226]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -6401,18 +6664,20 @@ client = 227-version-negotiation-client
 [227-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [227-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-227]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -6427,18 +6692,19 @@ client = 228-version-negotiation-client
 [228-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [228-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-228]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -6453,19 +6719,19 @@ client = 229-version-negotiation-client
 [229-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [229-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-229]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -6480,19 +6746,19 @@ client = 230-version-negotiation-client
 [230-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [230-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-230]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -6507,19 +6773,18 @@ client = 231-version-negotiation-client
 [231-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [231-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-231]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -6534,18 +6799,19 @@ client = 232-version-negotiation-client
 [232-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [232-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-232]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -6560,14 +6826,13 @@ client = 233-version-negotiation-client
 [233-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [233-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6587,20 +6852,18 @@ client = 234-version-negotiation-client
 [234-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [234-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-234]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -6615,19 +6878,18 @@ client = 235-version-negotiation-client
 [235-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [235-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-235]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -6643,19 +6905,18 @@ client = 236-version-negotiation-client
 [236-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [236-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-236]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -6671,13 +6932,13 @@ client = 237-version-negotiation-client
 [237-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [237-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6698,19 +6959,18 @@ client = 238-version-negotiation-client
 [238-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [238-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-238]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -6726,19 +6986,17 @@ client = 239-version-negotiation-client
 [239-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [239-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-239]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -6754,20 +7012,19 @@ client = 240-version-negotiation-client
 [240-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [240-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-240]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -6782,18 +7039,19 @@ client = 241-version-negotiation-client
 [241-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [241-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-241]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -6810,13 +7068,13 @@ client = 242-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [242-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6838,13 +7096,13 @@ client = 243-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [243-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6865,13 +7123,14 @@ client = 244-version-negotiation-client
 [244-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [244-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6892,14 +7151,13 @@ client = 245-version-negotiation-client
 [245-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [245-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6920,18 +7178,19 @@ client = 246-version-negotiation-client
 [246-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [246-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-246]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -6947,17 +7206,20 @@ client = 247-version-negotiation-client
 [247-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [247-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-247]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -6972,17 +7234,19 @@ client = 248-version-negotiation-client
 [248-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [248-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-248]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -6998,17 +7262,19 @@ client = 249-version-negotiation-client
 [249-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [249-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-249]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7024,12 +7290,13 @@ client = 250-version-negotiation-client
 [250-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [250-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7050,16 +7317,19 @@ client = 251-version-negotiation-client
 [251-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [251-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-251]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -7075,18 +7345,20 @@ client = 252-version-negotiation-client
 [252-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [252-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-252]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -7101,18 +7373,19 @@ client = 253-version-negotiation-client
 [253-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [253-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-253]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7128,18 +7401,18 @@ client = 254-version-negotiation-client
 [254-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [254-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-254]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7156,12 +7429,13 @@ client = 255-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [255-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7182,12 +7456,14 @@ client = 256-version-negotiation-client
 [256-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [256-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7208,18 +7484,18 @@ client = 257-version-negotiation-client
 [257-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [257-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-257]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7235,19 +7511,19 @@ client = 258-version-negotiation-client
 [258-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [258-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-258]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -7262,19 +7538,18 @@ client = 259-version-negotiation-client
 [259-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [259-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-259]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -7289,18 +7564,18 @@ client = 260-version-negotiation-client
 [260-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [260-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-260]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -7315,18 +7590,18 @@ client = 261-version-negotiation-client
 [261-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [261-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-261]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -7342,18 +7617,18 @@ client = 262-version-negotiation-client
 [262-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [262-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-262]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -7369,12 +7644,13 @@ client = 263-version-negotiation-client
 [263-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [263-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7395,13 +7671,13 @@ client = 264-version-negotiation-client
 [264-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [264-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7422,12 +7698,12 @@ client = 265-version-negotiation-client
 [265-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [265-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7449,12 +7725,13 @@ client = 266-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [266-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7475,17 +7752,19 @@ client = 267-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [267-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-267]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -7501,12 +7780,13 @@ client = 268-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [268-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7528,17 +7808,18 @@ client = 269-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [269-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-269]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7554,17 +7835,19 @@ client = 270-version-negotiation-client
 [270-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [270-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-270]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7580,19 +7863,19 @@ client = 271-version-negotiation-client
 [271-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [271-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-271]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -7608,18 +7891,19 @@ client = 272-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [272-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-272]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -7635,13 +7919,13 @@ client = 273-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [273-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7663,18 +7947,18 @@ client = 274-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [274-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-274]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7690,18 +7974,19 @@ client = 275-version-negotiation-client
 [275-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [275-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-275]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7717,19 +8002,19 @@ client = 276-version-negotiation-client
 [276-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [276-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-276]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -7745,13 +8030,13 @@ client = 277-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [277-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7773,18 +8058,18 @@ client = 278-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [278-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-278]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7800,18 +8085,19 @@ client = 279-version-negotiation-client
 [279-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [279-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-279]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7827,19 +8113,18 @@ client = 280-version-negotiation-client
 [280-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
 MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [280-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-280]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7856,18 +8141,18 @@ client = 281-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [281-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-281]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7883,18 +8168,19 @@ client = 282-version-negotiation-client
 [282-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [282-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-282]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7910,19 +8196,19 @@ client = 283-version-negotiation-client
 [283-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
 MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [283-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-283]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -7937,13 +8223,14 @@ client = 284-version-negotiation-client
 [284-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [284-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7963,13 +8250,13 @@ client = 285-version-negotiation-client
 [285-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [285-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7989,18 +8276,17 @@ client = 286-version-negotiation-client
 [286-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [286-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-286]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -8015,18 +8301,17 @@ client = 287-version-negotiation-client
 [287-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [287-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-287]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8042,18 +8327,17 @@ client = 288-version-negotiation-client
 [288-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [288-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-288]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -8069,12 +8353,12 @@ client = 289-version-negotiation-client
 [289-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [289-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -8095,19 +8379,18 @@ client = 290-version-negotiation-client
 [290-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [290-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-290]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -8122,19 +8405,17 @@ client = 291-version-negotiation-client
 [291-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [291-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-291]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -8149,20 +8430,18 @@ client = 292-version-negotiation-client
 [292-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [292-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-292]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -8177,19 +8456,18 @@ client = 293-version-negotiation-client
 [293-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [293-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-293]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8205,18 +8483,18 @@ client = 294-version-negotiation-client
 [294-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [294-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-294]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -8232,19 +8510,19 @@ client = 295-version-negotiation-client
 [295-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [295-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-295]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -8259,19 +8537,18 @@ client = 296-version-negotiation-client
 [296-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [296-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-296]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -8287,14 +8564,12 @@ client = 297-version-negotiation-client
 [297-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [297-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -8315,18 +8590,18 @@ client = 298-version-negotiation-client
 [298-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [298-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-298]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8343,13 +8618,12 @@ client = 299-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [299-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -8371,13 +8645,12 @@ client = 300-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [300-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -8398,13 +8671,13 @@ client = 301-version-negotiation-client
 [301-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [301-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -8425,14 +8698,12 @@ client = 302-version-negotiation-client
 [302-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [302-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -8453,18 +8724,18 @@ client = 303-version-negotiation-client
 [303-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [303-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-303]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -8480,18 +8751,20 @@ client = 304-version-negotiation-client
 [304-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [304-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-304]
-ExpectedResult = ServerFail
-
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
 
 # ===========================================================
 
@@ -8505,17 +8778,19 @@ client = 305-version-negotiation-client
 [305-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [305-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-305]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -8530,17 +8805,17 @@ client = 306-version-negotiation-client
 [306-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [306-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-306]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -8557,11 +8832,12 @@ client = 307-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [307-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -8582,11 +8858,13 @@ client = 308-version-negotiation-client
 [308-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [308-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -8607,18 +8885,18 @@ client = 309-version-negotiation-client
 [309-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [309-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-309]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -8633,18 +8911,18 @@ client = 310-version-negotiation-client
 [310-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [310-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-310]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -8659,19 +8937,17 @@ client = 311-version-negotiation-client
 [311-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [311-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-311]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -8686,19 +8962,18 @@ client = 312-version-negotiation-client
 [312-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [312-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-312]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -8713,17 +8988,18 @@ client = 313-version-negotiation-client
 [313-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [313-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-313]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8739,18 +9015,19 @@ client = 314-version-negotiation-client
 [314-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [314-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-314]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -8765,18 +9042,18 @@ client = 315-version-negotiation-client
 [315-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [315-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-315]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8792,18 +9069,18 @@ client = 316-version-negotiation-client
 [316-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [316-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-316]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8819,17 +9096,17 @@ client = 317-version-negotiation-client
 [317-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [317-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-317]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8845,19 +9122,19 @@ client = 318-version-negotiation-client
 [318-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [318-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-318]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -8872,18 +9149,19 @@ client = 319-version-negotiation-client
 [319-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [319-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-319]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8899,17 +9177,19 @@ client = 320-version-negotiation-client
 [320-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [320-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-320]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8926,17 +9206,18 @@ client = 321-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [321-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-321]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8952,17 +9233,19 @@ client = 322-version-negotiation-client
 [322-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [322-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-322]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8978,18 +9261,19 @@ client = 323-version-negotiation-client
 [323-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [323-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-323]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9005,17 +9289,19 @@ client = 324-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [324-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-324]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9031,17 +9317,19 @@ client = 325-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [325-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-325]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9057,17 +9345,18 @@ client = 326-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [326-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-326]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -9083,17 +9372,19 @@ client = 327-version-negotiation-client
 [327-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [327-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-327]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -9109,19 +9400,19 @@ client = 328-version-negotiation-client
 [328-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [328-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-328]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9136,19 +9427,19 @@ client = 329-version-negotiation-client
 [329-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [329-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-329]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9163,19 +9454,19 @@ client = 330-version-negotiation-client
 [330-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [330-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-330]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9190,20 +9481,19 @@ client = 331-version-negotiation-client
 [331-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [331-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-331]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9218,19 +9508,18 @@ client = 332-version-negotiation-client
 [332-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [332-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-332]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9245,19 +9534,19 @@ client = 333-version-negotiation-client
 [333-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [333-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-333]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9272,19 +9561,19 @@ client = 334-version-negotiation-client
 [334-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [334-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-334]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9299,20 +9588,18 @@ client = 335-version-negotiation-client
 [335-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [335-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-335]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9327,19 +9614,19 @@ client = 336-version-negotiation-client
 [336-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [336-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-336]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9354,19 +9641,18 @@ client = 337-version-negotiation-client
 [337-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [337-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-337]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9381,20 +9667,18 @@ client = 338-version-negotiation-client
 [338-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [338-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-338]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9409,18 +9693,18 @@ client = 339-version-negotiation-client
 [339-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [339-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-339]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -9436,19 +9720,18 @@ client = 340-version-negotiation-client
 [340-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [340-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-340]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -9464,18 +9747,18 @@ client = 341-version-negotiation-client
 [341-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [341-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-341]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -9491,17 +9774,19 @@ client = 342-version-negotiation-client
 [342-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [342-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-342]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9516,17 +9801,18 @@ client = 343-version-negotiation-client
 [343-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [343-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-343]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9541,17 +9827,19 @@ client = 344-version-negotiation-client
 [344-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [344-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-344]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9566,17 +9854,19 @@ client = 345-version-negotiation-client
 [345-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [345-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-345]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -9592,16 +9882,19 @@ client = 346-version-negotiation-client
 [346-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [346-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-346]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -9617,18 +9910,20 @@ client = 347-version-negotiation-client
 [347-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.2
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [347-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-347]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9643,18 +9938,20 @@ client = 348-version-negotiation-client
 [348-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [348-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-348]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9669,18 +9966,19 @@ client = 349-version-negotiation-client
 [349-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [349-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-349]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9695,18 +9993,19 @@ client = 350-version-negotiation-client
 [350-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [350-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-350]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -9722,17 +10021,19 @@ client = 351-version-negotiation-client
 [351-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [351-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-351]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -9748,18 +10049,20 @@ client = 352-version-negotiation-client
 [352-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [352-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-352]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9774,18 +10077,20 @@ client = 353-version-negotiation-client
 [353-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [353-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-353]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9800,18 +10105,18 @@ client = 354-version-negotiation-client
 [354-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [354-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-354]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -9827,17 +10132,19 @@ client = 355-version-negotiation-client
 [355-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [355-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-355]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -9853,18 +10160,20 @@ client = 356-version-negotiation-client
 [356-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
 MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [356-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-356]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9879,18 +10188,19 @@ client = 357-version-negotiation-client
 [357-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
 MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [357-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-357]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -9911,12 +10221,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [358-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-358]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -9938,13 +10249,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [359-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-359]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9959,17 +10270,8457 @@ client = 360-version-negotiation-client
 [360-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
 MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [360-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-360]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[361-version-negotiation]
+ssl_conf = 361-version-negotiation-ssl
+
+[361-version-negotiation-ssl]
+server = 361-version-negotiation-server
+client = 361-version-negotiation-client
+
+[361-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[361-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-361]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[362-version-negotiation]
+ssl_conf = 362-version-negotiation-ssl
+
+[362-version-negotiation-ssl]
+server = 362-version-negotiation-server
+client = 362-version-negotiation-client
+
+[362-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[362-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-362]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[363-version-negotiation]
+ssl_conf = 363-version-negotiation-ssl
+
+[363-version-negotiation-ssl]
+server = 363-version-negotiation-server
+client = 363-version-negotiation-client
+
+[363-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[363-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-363]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[364-version-negotiation]
+ssl_conf = 364-version-negotiation-ssl
+
+[364-version-negotiation-ssl]
+server = 364-version-negotiation-server
+client = 364-version-negotiation-client
+
+[364-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[364-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-364]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[365-version-negotiation]
+ssl_conf = 365-version-negotiation-ssl
+
+[365-version-negotiation-ssl]
+server = 365-version-negotiation-server
+client = 365-version-negotiation-client
+
+[365-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[365-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-365]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[366-version-negotiation]
+ssl_conf = 366-version-negotiation-ssl
+
+[366-version-negotiation-ssl]
+server = 366-version-negotiation-server
+client = 366-version-negotiation-client
+
+[366-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[366-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-366]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[367-version-negotiation]
+ssl_conf = 367-version-negotiation-ssl
+
+[367-version-negotiation-ssl]
+server = 367-version-negotiation-server
+client = 367-version-negotiation-client
+
+[367-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[367-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-367]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[368-version-negotiation]
+ssl_conf = 368-version-negotiation-ssl
+
+[368-version-negotiation-ssl]
+server = 368-version-negotiation-server
+client = 368-version-negotiation-client
+
+[368-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[368-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-368]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[369-version-negotiation]
+ssl_conf = 369-version-negotiation-ssl
+
+[369-version-negotiation-ssl]
+server = 369-version-negotiation-server
+client = 369-version-negotiation-client
+
+[369-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[369-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-369]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[370-version-negotiation]
+ssl_conf = 370-version-negotiation-ssl
+
+[370-version-negotiation-ssl]
+server = 370-version-negotiation-server
+client = 370-version-negotiation-client
+
+[370-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[370-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-370]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[371-version-negotiation]
+ssl_conf = 371-version-negotiation-ssl
+
+[371-version-negotiation-ssl]
+server = 371-version-negotiation-server
+client = 371-version-negotiation-client
+
+[371-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[371-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-371]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[372-version-negotiation]
+ssl_conf = 372-version-negotiation-ssl
+
+[372-version-negotiation-ssl]
+server = 372-version-negotiation-server
+client = 372-version-negotiation-client
+
+[372-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[372-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-372]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[373-version-negotiation]
+ssl_conf = 373-version-negotiation-ssl
+
+[373-version-negotiation-ssl]
+server = 373-version-negotiation-server
+client = 373-version-negotiation-client
+
+[373-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[373-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-373]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[374-version-negotiation]
+ssl_conf = 374-version-negotiation-ssl
+
+[374-version-negotiation-ssl]
+server = 374-version-negotiation-server
+client = 374-version-negotiation-client
+
+[374-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[374-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-374]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[375-version-negotiation]
+ssl_conf = 375-version-negotiation-ssl
+
+[375-version-negotiation-ssl]
+server = 375-version-negotiation-server
+client = 375-version-negotiation-client
+
+[375-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[375-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-375]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[376-version-negotiation]
+ssl_conf = 376-version-negotiation-ssl
+
+[376-version-negotiation-ssl]
+server = 376-version-negotiation-server
+client = 376-version-negotiation-client
+
+[376-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[376-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-376]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[377-version-negotiation]
+ssl_conf = 377-version-negotiation-ssl
+
+[377-version-negotiation-ssl]
+server = 377-version-negotiation-server
+client = 377-version-negotiation-client
+
+[377-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[377-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-377]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[378-version-negotiation]
+ssl_conf = 378-version-negotiation-ssl
+
+[378-version-negotiation-ssl]
+server = 378-version-negotiation-server
+client = 378-version-negotiation-client
+
+[378-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[378-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-378]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[379-version-negotiation]
+ssl_conf = 379-version-negotiation-ssl
+
+[379-version-negotiation-ssl]
+server = 379-version-negotiation-server
+client = 379-version-negotiation-client
+
+[379-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[379-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-379]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[380-version-negotiation]
+ssl_conf = 380-version-negotiation-ssl
+
+[380-version-negotiation-ssl]
+server = 380-version-negotiation-server
+client = 380-version-negotiation-client
+
+[380-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[380-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-380]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[381-version-negotiation]
+ssl_conf = 381-version-negotiation-ssl
+
+[381-version-negotiation-ssl]
+server = 381-version-negotiation-server
+client = 381-version-negotiation-client
+
+[381-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[381-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-381]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[382-version-negotiation]
+ssl_conf = 382-version-negotiation-ssl
+
+[382-version-negotiation-ssl]
+server = 382-version-negotiation-server
+client = 382-version-negotiation-client
+
+[382-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[382-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-382]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[383-version-negotiation]
+ssl_conf = 383-version-negotiation-ssl
+
+[383-version-negotiation-ssl]
+server = 383-version-negotiation-server
+client = 383-version-negotiation-client
+
+[383-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[383-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-383]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[384-version-negotiation]
+ssl_conf = 384-version-negotiation-ssl
+
+[384-version-negotiation-ssl]
+server = 384-version-negotiation-server
+client = 384-version-negotiation-client
+
+[384-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[384-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-384]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[385-version-negotiation]
+ssl_conf = 385-version-negotiation-ssl
+
+[385-version-negotiation-ssl]
+server = 385-version-negotiation-server
+client = 385-version-negotiation-client
+
+[385-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[385-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-385]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[386-version-negotiation]
+ssl_conf = 386-version-negotiation-ssl
+
+[386-version-negotiation-ssl]
+server = 386-version-negotiation-server
+client = 386-version-negotiation-client
+
+[386-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[386-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-386]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[387-version-negotiation]
+ssl_conf = 387-version-negotiation-ssl
+
+[387-version-negotiation-ssl]
+server = 387-version-negotiation-server
+client = 387-version-negotiation-client
+
+[387-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[387-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-387]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[388-version-negotiation]
+ssl_conf = 388-version-negotiation-ssl
+
+[388-version-negotiation-ssl]
+server = 388-version-negotiation-server
+client = 388-version-negotiation-client
+
+[388-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[388-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-388]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[389-version-negotiation]
+ssl_conf = 389-version-negotiation-ssl
+
+[389-version-negotiation-ssl]
+server = 389-version-negotiation-server
+client = 389-version-negotiation-client
+
+[389-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[389-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-389]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[390-version-negotiation]
+ssl_conf = 390-version-negotiation-ssl
+
+[390-version-negotiation-ssl]
+server = 390-version-negotiation-server
+client = 390-version-negotiation-client
+
+[390-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[390-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-390]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[391-version-negotiation]
+ssl_conf = 391-version-negotiation-ssl
+
+[391-version-negotiation-ssl]
+server = 391-version-negotiation-server
+client = 391-version-negotiation-client
+
+[391-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[391-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-391]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[392-version-negotiation]
+ssl_conf = 392-version-negotiation-ssl
+
+[392-version-negotiation-ssl]
+server = 392-version-negotiation-server
+client = 392-version-negotiation-client
+
+[392-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[392-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-392]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[393-version-negotiation]
+ssl_conf = 393-version-negotiation-ssl
+
+[393-version-negotiation-ssl]
+server = 393-version-negotiation-server
+client = 393-version-negotiation-client
+
+[393-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[393-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-393]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[394-version-negotiation]
+ssl_conf = 394-version-negotiation-ssl
+
+[394-version-negotiation-ssl]
+server = 394-version-negotiation-server
+client = 394-version-negotiation-client
+
+[394-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[394-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-394]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[395-version-negotiation]
+ssl_conf = 395-version-negotiation-ssl
+
+[395-version-negotiation-ssl]
+server = 395-version-negotiation-server
+client = 395-version-negotiation-client
+
+[395-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[395-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-395]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[396-version-negotiation]
+ssl_conf = 396-version-negotiation-ssl
+
+[396-version-negotiation-ssl]
+server = 396-version-negotiation-server
+client = 396-version-negotiation-client
+
+[396-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[396-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-396]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[397-version-negotiation]
+ssl_conf = 397-version-negotiation-ssl
+
+[397-version-negotiation-ssl]
+server = 397-version-negotiation-server
+client = 397-version-negotiation-client
+
+[397-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[397-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-397]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[398-version-negotiation]
+ssl_conf = 398-version-negotiation-ssl
+
+[398-version-negotiation-ssl]
+server = 398-version-negotiation-server
+client = 398-version-negotiation-client
+
+[398-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[398-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-398]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[399-version-negotiation]
+ssl_conf = 399-version-negotiation-ssl
+
+[399-version-negotiation-ssl]
+server = 399-version-negotiation-server
+client = 399-version-negotiation-client
+
+[399-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[399-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-399]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[400-version-negotiation]
+ssl_conf = 400-version-negotiation-ssl
+
+[400-version-negotiation-ssl]
+server = 400-version-negotiation-server
+client = 400-version-negotiation-client
+
+[400-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[400-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-400]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[401-version-negotiation]
+ssl_conf = 401-version-negotiation-ssl
+
+[401-version-negotiation-ssl]
+server = 401-version-negotiation-server
+client = 401-version-negotiation-client
+
+[401-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[401-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-401]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[402-version-negotiation]
+ssl_conf = 402-version-negotiation-ssl
+
+[402-version-negotiation-ssl]
+server = 402-version-negotiation-server
+client = 402-version-negotiation-client
+
+[402-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[402-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-402]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[403-version-negotiation]
+ssl_conf = 403-version-negotiation-ssl
+
+[403-version-negotiation-ssl]
+server = 403-version-negotiation-server
+client = 403-version-negotiation-client
+
+[403-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[403-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-403]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[404-version-negotiation]
+ssl_conf = 404-version-negotiation-ssl
+
+[404-version-negotiation-ssl]
+server = 404-version-negotiation-server
+client = 404-version-negotiation-client
+
+[404-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[404-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-404]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[405-version-negotiation]
+ssl_conf = 405-version-negotiation-ssl
+
+[405-version-negotiation-ssl]
+server = 405-version-negotiation-server
+client = 405-version-negotiation-client
+
+[405-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[405-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-405]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[406-version-negotiation]
+ssl_conf = 406-version-negotiation-ssl
+
+[406-version-negotiation-ssl]
+server = 406-version-negotiation-server
+client = 406-version-negotiation-client
+
+[406-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[406-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-406]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[407-version-negotiation]
+ssl_conf = 407-version-negotiation-ssl
+
+[407-version-negotiation-ssl]
+server = 407-version-negotiation-server
+client = 407-version-negotiation-client
+
+[407-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[407-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-407]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[408-version-negotiation]
+ssl_conf = 408-version-negotiation-ssl
+
+[408-version-negotiation-ssl]
+server = 408-version-negotiation-server
+client = 408-version-negotiation-client
+
+[408-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[408-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-408]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[409-version-negotiation]
+ssl_conf = 409-version-negotiation-ssl
+
+[409-version-negotiation-ssl]
+server = 409-version-negotiation-server
+client = 409-version-negotiation-client
+
+[409-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[409-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-409]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[410-version-negotiation]
+ssl_conf = 410-version-negotiation-ssl
+
+[410-version-negotiation-ssl]
+server = 410-version-negotiation-server
+client = 410-version-negotiation-client
+
+[410-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[410-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-410]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[411-version-negotiation]
+ssl_conf = 411-version-negotiation-ssl
+
+[411-version-negotiation-ssl]
+server = 411-version-negotiation-server
+client = 411-version-negotiation-client
+
+[411-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[411-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-411]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[412-version-negotiation]
+ssl_conf = 412-version-negotiation-ssl
+
+[412-version-negotiation-ssl]
+server = 412-version-negotiation-server
+client = 412-version-negotiation-client
+
+[412-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[412-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-412]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[413-version-negotiation]
+ssl_conf = 413-version-negotiation-ssl
+
+[413-version-negotiation-ssl]
+server = 413-version-negotiation-server
+client = 413-version-negotiation-client
+
+[413-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[413-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-413]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[414-version-negotiation]
+ssl_conf = 414-version-negotiation-ssl
+
+[414-version-negotiation-ssl]
+server = 414-version-negotiation-server
+client = 414-version-negotiation-client
+
+[414-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[414-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-414]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[415-version-negotiation]
+ssl_conf = 415-version-negotiation-ssl
+
+[415-version-negotiation-ssl]
+server = 415-version-negotiation-server
+client = 415-version-negotiation-client
+
+[415-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[415-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-415]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[416-version-negotiation]
+ssl_conf = 416-version-negotiation-ssl
+
+[416-version-negotiation-ssl]
+server = 416-version-negotiation-server
+client = 416-version-negotiation-client
+
+[416-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[416-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-416]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[417-version-negotiation]
+ssl_conf = 417-version-negotiation-ssl
+
+[417-version-negotiation-ssl]
+server = 417-version-negotiation-server
+client = 417-version-negotiation-client
+
+[417-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[417-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-417]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[418-version-negotiation]
+ssl_conf = 418-version-negotiation-ssl
+
+[418-version-negotiation-ssl]
+server = 418-version-negotiation-server
+client = 418-version-negotiation-client
+
+[418-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[418-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-418]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[419-version-negotiation]
+ssl_conf = 419-version-negotiation-ssl
+
+[419-version-negotiation-ssl]
+server = 419-version-negotiation-server
+client = 419-version-negotiation-client
+
+[419-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[419-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-419]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[420-version-negotiation]
+ssl_conf = 420-version-negotiation-ssl
+
+[420-version-negotiation-ssl]
+server = 420-version-negotiation-server
+client = 420-version-negotiation-client
+
+[420-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[420-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-420]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[421-version-negotiation]
+ssl_conf = 421-version-negotiation-ssl
+
+[421-version-negotiation-ssl]
+server = 421-version-negotiation-server
+client = 421-version-negotiation-client
+
+[421-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[421-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-421]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[422-version-negotiation]
+ssl_conf = 422-version-negotiation-ssl
+
+[422-version-negotiation-ssl]
+server = 422-version-negotiation-server
+client = 422-version-negotiation-client
+
+[422-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[422-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-422]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[423-version-negotiation]
+ssl_conf = 423-version-negotiation-ssl
+
+[423-version-negotiation-ssl]
+server = 423-version-negotiation-server
+client = 423-version-negotiation-client
+
+[423-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[423-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-423]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[424-version-negotiation]
+ssl_conf = 424-version-negotiation-ssl
+
+[424-version-negotiation-ssl]
+server = 424-version-negotiation-server
+client = 424-version-negotiation-client
+
+[424-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[424-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-424]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[425-version-negotiation]
+ssl_conf = 425-version-negotiation-ssl
+
+[425-version-negotiation-ssl]
+server = 425-version-negotiation-server
+client = 425-version-negotiation-client
+
+[425-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[425-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-425]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[426-version-negotiation]
+ssl_conf = 426-version-negotiation-ssl
+
+[426-version-negotiation-ssl]
+server = 426-version-negotiation-server
+client = 426-version-negotiation-client
+
+[426-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[426-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-426]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[427-version-negotiation]
+ssl_conf = 427-version-negotiation-ssl
+
+[427-version-negotiation-ssl]
+server = 427-version-negotiation-server
+client = 427-version-negotiation-client
+
+[427-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[427-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-427]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[428-version-negotiation]
+ssl_conf = 428-version-negotiation-ssl
+
+[428-version-negotiation-ssl]
+server = 428-version-negotiation-server
+client = 428-version-negotiation-client
+
+[428-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[428-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-428]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[429-version-negotiation]
+ssl_conf = 429-version-negotiation-ssl
+
+[429-version-negotiation-ssl]
+server = 429-version-negotiation-server
+client = 429-version-negotiation-client
+
+[429-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[429-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-429]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[430-version-negotiation]
+ssl_conf = 430-version-negotiation-ssl
+
+[430-version-negotiation-ssl]
+server = 430-version-negotiation-server
+client = 430-version-negotiation-client
+
+[430-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[430-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-430]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[431-version-negotiation]
+ssl_conf = 431-version-negotiation-ssl
+
+[431-version-negotiation-ssl]
+server = 431-version-negotiation-server
+client = 431-version-negotiation-client
+
+[431-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[431-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-431]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[432-version-negotiation]
+ssl_conf = 432-version-negotiation-ssl
+
+[432-version-negotiation-ssl]
+server = 432-version-negotiation-server
+client = 432-version-negotiation-client
+
+[432-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[432-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-432]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[433-version-negotiation]
+ssl_conf = 433-version-negotiation-ssl
+
+[433-version-negotiation-ssl]
+server = 433-version-negotiation-server
+client = 433-version-negotiation-client
+
+[433-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[433-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-433]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[434-version-negotiation]
+ssl_conf = 434-version-negotiation-ssl
+
+[434-version-negotiation-ssl]
+server = 434-version-negotiation-server
+client = 434-version-negotiation-client
+
+[434-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[434-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-434]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[435-version-negotiation]
+ssl_conf = 435-version-negotiation-ssl
+
+[435-version-negotiation-ssl]
+server = 435-version-negotiation-server
+client = 435-version-negotiation-client
+
+[435-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[435-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-435]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[436-version-negotiation]
+ssl_conf = 436-version-negotiation-ssl
+
+[436-version-negotiation-ssl]
+server = 436-version-negotiation-server
+client = 436-version-negotiation-client
+
+[436-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[436-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-436]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[437-version-negotiation]
+ssl_conf = 437-version-negotiation-ssl
+
+[437-version-negotiation-ssl]
+server = 437-version-negotiation-server
+client = 437-version-negotiation-client
+
+[437-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[437-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-437]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[438-version-negotiation]
+ssl_conf = 438-version-negotiation-ssl
+
+[438-version-negotiation-ssl]
+server = 438-version-negotiation-server
+client = 438-version-negotiation-client
+
+[438-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[438-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-438]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[439-version-negotiation]
+ssl_conf = 439-version-negotiation-ssl
+
+[439-version-negotiation-ssl]
+server = 439-version-negotiation-server
+client = 439-version-negotiation-client
+
+[439-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[439-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-439]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[440-version-negotiation]
+ssl_conf = 440-version-negotiation-ssl
+
+[440-version-negotiation-ssl]
+server = 440-version-negotiation-server
+client = 440-version-negotiation-client
+
+[440-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[440-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-440]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[441-version-negotiation]
+ssl_conf = 441-version-negotiation-ssl
+
+[441-version-negotiation-ssl]
+server = 441-version-negotiation-server
+client = 441-version-negotiation-client
+
+[441-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[441-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-441]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[442-version-negotiation]
+ssl_conf = 442-version-negotiation-ssl
+
+[442-version-negotiation-ssl]
+server = 442-version-negotiation-server
+client = 442-version-negotiation-client
+
+[442-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[442-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-442]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[443-version-negotiation]
+ssl_conf = 443-version-negotiation-ssl
+
+[443-version-negotiation-ssl]
+server = 443-version-negotiation-server
+client = 443-version-negotiation-client
+
+[443-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[443-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-443]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[444-version-negotiation]
+ssl_conf = 444-version-negotiation-ssl
+
+[444-version-negotiation-ssl]
+server = 444-version-negotiation-server
+client = 444-version-negotiation-client
+
+[444-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[444-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-444]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[445-version-negotiation]
+ssl_conf = 445-version-negotiation-ssl
+
+[445-version-negotiation-ssl]
+server = 445-version-negotiation-server
+client = 445-version-negotiation-client
+
+[445-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[445-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-445]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[446-version-negotiation]
+ssl_conf = 446-version-negotiation-ssl
+
+[446-version-negotiation-ssl]
+server = 446-version-negotiation-server
+client = 446-version-negotiation-client
+
+[446-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[446-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-446]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[447-version-negotiation]
+ssl_conf = 447-version-negotiation-ssl
+
+[447-version-negotiation-ssl]
+server = 447-version-negotiation-server
+client = 447-version-negotiation-client
+
+[447-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[447-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-447]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[448-version-negotiation]
+ssl_conf = 448-version-negotiation-ssl
+
+[448-version-negotiation-ssl]
+server = 448-version-negotiation-server
+client = 448-version-negotiation-client
+
+[448-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[448-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-448]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[449-version-negotiation]
+ssl_conf = 449-version-negotiation-ssl
+
+[449-version-negotiation-ssl]
+server = 449-version-negotiation-server
+client = 449-version-negotiation-client
+
+[449-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[449-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-449]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[450-version-negotiation]
+ssl_conf = 450-version-negotiation-ssl
+
+[450-version-negotiation-ssl]
+server = 450-version-negotiation-server
+client = 450-version-negotiation-client
+
+[450-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[450-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-450]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[451-version-negotiation]
+ssl_conf = 451-version-negotiation-ssl
+
+[451-version-negotiation-ssl]
+server = 451-version-negotiation-server
+client = 451-version-negotiation-client
+
+[451-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[451-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-451]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[452-version-negotiation]
+ssl_conf = 452-version-negotiation-ssl
+
+[452-version-negotiation-ssl]
+server = 452-version-negotiation-server
+client = 452-version-negotiation-client
+
+[452-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[452-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-452]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[453-version-negotiation]
+ssl_conf = 453-version-negotiation-ssl
+
+[453-version-negotiation-ssl]
+server = 453-version-negotiation-server
+client = 453-version-negotiation-client
+
+[453-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[453-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-453]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[454-version-negotiation]
+ssl_conf = 454-version-negotiation-ssl
+
+[454-version-negotiation-ssl]
+server = 454-version-negotiation-server
+client = 454-version-negotiation-client
+
+[454-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[454-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-454]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[455-version-negotiation]
+ssl_conf = 455-version-negotiation-ssl
+
+[455-version-negotiation-ssl]
+server = 455-version-negotiation-server
+client = 455-version-negotiation-client
+
+[455-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[455-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-455]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[456-version-negotiation]
+ssl_conf = 456-version-negotiation-ssl
+
+[456-version-negotiation-ssl]
+server = 456-version-negotiation-server
+client = 456-version-negotiation-client
+
+[456-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[456-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-456]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[457-version-negotiation]
+ssl_conf = 457-version-negotiation-ssl
+
+[457-version-negotiation-ssl]
+server = 457-version-negotiation-server
+client = 457-version-negotiation-client
+
+[457-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[457-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-457]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[458-version-negotiation]
+ssl_conf = 458-version-negotiation-ssl
+
+[458-version-negotiation-ssl]
+server = 458-version-negotiation-server
+client = 458-version-negotiation-client
+
+[458-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[458-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-458]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[459-version-negotiation]
+ssl_conf = 459-version-negotiation-ssl
+
+[459-version-negotiation-ssl]
+server = 459-version-negotiation-server
+client = 459-version-negotiation-client
+
+[459-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[459-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-459]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[460-version-negotiation]
+ssl_conf = 460-version-negotiation-ssl
+
+[460-version-negotiation-ssl]
+server = 460-version-negotiation-server
+client = 460-version-negotiation-client
+
+[460-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[460-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-460]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[461-version-negotiation]
+ssl_conf = 461-version-negotiation-ssl
+
+[461-version-negotiation-ssl]
+server = 461-version-negotiation-server
+client = 461-version-negotiation-client
+
+[461-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[461-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-461]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[462-version-negotiation]
+ssl_conf = 462-version-negotiation-ssl
+
+[462-version-negotiation-ssl]
+server = 462-version-negotiation-server
+client = 462-version-negotiation-client
+
+[462-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[462-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-462]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[463-version-negotiation]
+ssl_conf = 463-version-negotiation-ssl
+
+[463-version-negotiation-ssl]
+server = 463-version-negotiation-server
+client = 463-version-negotiation-client
+
+[463-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[463-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-463]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[464-version-negotiation]
+ssl_conf = 464-version-negotiation-ssl
+
+[464-version-negotiation-ssl]
+server = 464-version-negotiation-server
+client = 464-version-negotiation-client
+
+[464-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[464-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-464]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[465-version-negotiation]
+ssl_conf = 465-version-negotiation-ssl
+
+[465-version-negotiation-ssl]
+server = 465-version-negotiation-server
+client = 465-version-negotiation-client
+
+[465-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[465-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-465]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[466-version-negotiation]
+ssl_conf = 466-version-negotiation-ssl
+
+[466-version-negotiation-ssl]
+server = 466-version-negotiation-server
+client = 466-version-negotiation-client
+
+[466-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[466-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-466]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[467-version-negotiation]
+ssl_conf = 467-version-negotiation-ssl
+
+[467-version-negotiation-ssl]
+server = 467-version-negotiation-server
+client = 467-version-negotiation-client
+
+[467-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[467-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-467]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[468-version-negotiation]
+ssl_conf = 468-version-negotiation-ssl
+
+[468-version-negotiation-ssl]
+server = 468-version-negotiation-server
+client = 468-version-negotiation-client
+
+[468-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[468-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-468]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[469-version-negotiation]
+ssl_conf = 469-version-negotiation-ssl
+
+[469-version-negotiation-ssl]
+server = 469-version-negotiation-server
+client = 469-version-negotiation-client
+
+[469-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[469-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-469]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[470-version-negotiation]
+ssl_conf = 470-version-negotiation-ssl
+
+[470-version-negotiation-ssl]
+server = 470-version-negotiation-server
+client = 470-version-negotiation-client
+
+[470-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[470-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-470]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[471-version-negotiation]
+ssl_conf = 471-version-negotiation-ssl
+
+[471-version-negotiation-ssl]
+server = 471-version-negotiation-server
+client = 471-version-negotiation-client
+
+[471-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[471-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-471]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[472-version-negotiation]
+ssl_conf = 472-version-negotiation-ssl
+
+[472-version-negotiation-ssl]
+server = 472-version-negotiation-server
+client = 472-version-negotiation-client
+
+[472-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[472-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-472]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[473-version-negotiation]
+ssl_conf = 473-version-negotiation-ssl
+
+[473-version-negotiation-ssl]
+server = 473-version-negotiation-server
+client = 473-version-negotiation-client
+
+[473-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[473-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-473]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[474-version-negotiation]
+ssl_conf = 474-version-negotiation-ssl
+
+[474-version-negotiation-ssl]
+server = 474-version-negotiation-server
+client = 474-version-negotiation-client
+
+[474-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[474-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-474]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[475-version-negotiation]
+ssl_conf = 475-version-negotiation-ssl
+
+[475-version-negotiation-ssl]
+server = 475-version-negotiation-server
+client = 475-version-negotiation-client
+
+[475-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[475-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-475]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[476-version-negotiation]
+ssl_conf = 476-version-negotiation-ssl
+
+[476-version-negotiation-ssl]
+server = 476-version-negotiation-server
+client = 476-version-negotiation-client
+
+[476-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[476-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-476]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[477-version-negotiation]
+ssl_conf = 477-version-negotiation-ssl
+
+[477-version-negotiation-ssl]
+server = 477-version-negotiation-server
+client = 477-version-negotiation-client
+
+[477-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[477-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-477]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[478-version-negotiation]
+ssl_conf = 478-version-negotiation-ssl
+
+[478-version-negotiation-ssl]
+server = 478-version-negotiation-server
+client = 478-version-negotiation-client
+
+[478-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[478-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-478]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[479-version-negotiation]
+ssl_conf = 479-version-negotiation-ssl
+
+[479-version-negotiation-ssl]
+server = 479-version-negotiation-server
+client = 479-version-negotiation-client
+
+[479-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[479-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-479]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[480-version-negotiation]
+ssl_conf = 480-version-negotiation-ssl
+
+[480-version-negotiation-ssl]
+server = 480-version-negotiation-server
+client = 480-version-negotiation-client
+
+[480-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[480-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-480]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[481-version-negotiation]
+ssl_conf = 481-version-negotiation-ssl
+
+[481-version-negotiation-ssl]
+server = 481-version-negotiation-server
+client = 481-version-negotiation-client
+
+[481-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[481-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-481]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[482-version-negotiation]
+ssl_conf = 482-version-negotiation-ssl
+
+[482-version-negotiation-ssl]
+server = 482-version-negotiation-server
+client = 482-version-negotiation-client
+
+[482-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[482-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-482]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[483-version-negotiation]
+ssl_conf = 483-version-negotiation-ssl
+
+[483-version-negotiation-ssl]
+server = 483-version-negotiation-server
+client = 483-version-negotiation-client
+
+[483-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[483-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-483]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[484-version-negotiation]
+ssl_conf = 484-version-negotiation-ssl
+
+[484-version-negotiation-ssl]
+server = 484-version-negotiation-server
+client = 484-version-negotiation-client
+
+[484-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[484-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-484]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[485-version-negotiation]
+ssl_conf = 485-version-negotiation-ssl
+
+[485-version-negotiation-ssl]
+server = 485-version-negotiation-server
+client = 485-version-negotiation-client
+
+[485-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[485-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-485]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[486-version-negotiation]
+ssl_conf = 486-version-negotiation-ssl
+
+[486-version-negotiation-ssl]
+server = 486-version-negotiation-server
+client = 486-version-negotiation-client
+
+[486-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[486-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-486]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[487-version-negotiation]
+ssl_conf = 487-version-negotiation-ssl
+
+[487-version-negotiation-ssl]
+server = 487-version-negotiation-server
+client = 487-version-negotiation-client
+
+[487-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[487-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-487]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[488-version-negotiation]
+ssl_conf = 488-version-negotiation-ssl
+
+[488-version-negotiation-ssl]
+server = 488-version-negotiation-server
+client = 488-version-negotiation-client
+
+[488-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[488-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-488]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[489-version-negotiation]
+ssl_conf = 489-version-negotiation-ssl
+
+[489-version-negotiation-ssl]
+server = 489-version-negotiation-server
+client = 489-version-negotiation-client
+
+[489-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[489-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-489]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[490-version-negotiation]
+ssl_conf = 490-version-negotiation-ssl
+
+[490-version-negotiation-ssl]
+server = 490-version-negotiation-server
+client = 490-version-negotiation-client
+
+[490-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[490-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-490]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[491-version-negotiation]
+ssl_conf = 491-version-negotiation-ssl
+
+[491-version-negotiation-ssl]
+server = 491-version-negotiation-server
+client = 491-version-negotiation-client
+
+[491-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[491-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-491]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[492-version-negotiation]
+ssl_conf = 492-version-negotiation-ssl
+
+[492-version-negotiation-ssl]
+server = 492-version-negotiation-server
+client = 492-version-negotiation-client
+
+[492-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[492-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-492]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[493-version-negotiation]
+ssl_conf = 493-version-negotiation-ssl
+
+[493-version-negotiation-ssl]
+server = 493-version-negotiation-server
+client = 493-version-negotiation-client
+
+[493-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[493-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-493]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[494-version-negotiation]
+ssl_conf = 494-version-negotiation-ssl
+
+[494-version-negotiation-ssl]
+server = 494-version-negotiation-server
+client = 494-version-negotiation-client
+
+[494-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[494-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-494]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[495-version-negotiation]
+ssl_conf = 495-version-negotiation-ssl
+
+[495-version-negotiation-ssl]
+server = 495-version-negotiation-server
+client = 495-version-negotiation-client
+
+[495-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[495-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-495]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[496-version-negotiation]
+ssl_conf = 496-version-negotiation-ssl
+
+[496-version-negotiation-ssl]
+server = 496-version-negotiation-server
+client = 496-version-negotiation-client
+
+[496-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[496-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-496]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[497-version-negotiation]
+ssl_conf = 497-version-negotiation-ssl
+
+[497-version-negotiation-ssl]
+server = 497-version-negotiation-server
+client = 497-version-negotiation-client
+
+[497-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[497-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-497]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[498-version-negotiation]
+ssl_conf = 498-version-negotiation-ssl
+
+[498-version-negotiation-ssl]
+server = 498-version-negotiation-server
+client = 498-version-negotiation-client
+
+[498-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[498-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-498]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[499-version-negotiation]
+ssl_conf = 499-version-negotiation-ssl
+
+[499-version-negotiation-ssl]
+server = 499-version-negotiation-server
+client = 499-version-negotiation-client
+
+[499-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[499-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-499]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[500-version-negotiation]
+ssl_conf = 500-version-negotiation-ssl
+
+[500-version-negotiation-ssl]
+server = 500-version-negotiation-server
+client = 500-version-negotiation-client
+
+[500-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[500-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-500]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[501-version-negotiation]
+ssl_conf = 501-version-negotiation-ssl
+
+[501-version-negotiation-ssl]
+server = 501-version-negotiation-server
+client = 501-version-negotiation-client
+
+[501-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[501-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-501]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[502-version-negotiation]
+ssl_conf = 502-version-negotiation-ssl
+
+[502-version-negotiation-ssl]
+server = 502-version-negotiation-server
+client = 502-version-negotiation-client
+
+[502-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[502-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-502]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[503-version-negotiation]
+ssl_conf = 503-version-negotiation-ssl
+
+[503-version-negotiation-ssl]
+server = 503-version-negotiation-server
+client = 503-version-negotiation-client
+
+[503-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[503-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-503]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[504-version-negotiation]
+ssl_conf = 504-version-negotiation-ssl
+
+[504-version-negotiation-ssl]
+server = 504-version-negotiation-server
+client = 504-version-negotiation-client
+
+[504-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[504-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-504]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[505-version-negotiation]
+ssl_conf = 505-version-negotiation-ssl
+
+[505-version-negotiation-ssl]
+server = 505-version-negotiation-server
+client = 505-version-negotiation-client
+
+[505-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[505-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-505]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[506-version-negotiation]
+ssl_conf = 506-version-negotiation-ssl
+
+[506-version-negotiation-ssl]
+server = 506-version-negotiation-server
+client = 506-version-negotiation-client
+
+[506-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[506-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-506]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[507-version-negotiation]
+ssl_conf = 507-version-negotiation-ssl
+
+[507-version-negotiation-ssl]
+server = 507-version-negotiation-server
+client = 507-version-negotiation-client
+
+[507-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[507-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-507]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[508-version-negotiation]
+ssl_conf = 508-version-negotiation-ssl
+
+[508-version-negotiation-ssl]
+server = 508-version-negotiation-server
+client = 508-version-negotiation-client
+
+[508-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[508-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-508]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[509-version-negotiation]
+ssl_conf = 509-version-negotiation-ssl
+
+[509-version-negotiation-ssl]
+server = 509-version-negotiation-server
+client = 509-version-negotiation-client
+
+[509-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[509-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-509]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[510-version-negotiation]
+ssl_conf = 510-version-negotiation-ssl
+
+[510-version-negotiation-ssl]
+server = 510-version-negotiation-server
+client = 510-version-negotiation-client
+
+[510-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[510-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-510]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[511-version-negotiation]
+ssl_conf = 511-version-negotiation-ssl
+
+[511-version-negotiation-ssl]
+server = 511-version-negotiation-server
+client = 511-version-negotiation-client
+
+[511-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[511-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-511]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[512-version-negotiation]
+ssl_conf = 512-version-negotiation-ssl
+
+[512-version-negotiation-ssl]
+server = 512-version-negotiation-server
+client = 512-version-negotiation-client
+
+[512-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[512-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-512]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[513-version-negotiation]
+ssl_conf = 513-version-negotiation-ssl
+
+[513-version-negotiation-ssl]
+server = 513-version-negotiation-server
+client = 513-version-negotiation-client
+
+[513-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[513-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-513]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[514-version-negotiation]
+ssl_conf = 514-version-negotiation-ssl
+
+[514-version-negotiation-ssl]
+server = 514-version-negotiation-server
+client = 514-version-negotiation-client
+
+[514-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[514-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-514]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[515-version-negotiation]
+ssl_conf = 515-version-negotiation-ssl
+
+[515-version-negotiation-ssl]
+server = 515-version-negotiation-server
+client = 515-version-negotiation-client
+
+[515-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[515-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-515]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[516-version-negotiation]
+ssl_conf = 516-version-negotiation-ssl
+
+[516-version-negotiation-ssl]
+server = 516-version-negotiation-server
+client = 516-version-negotiation-client
+
+[516-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[516-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-516]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[517-version-negotiation]
+ssl_conf = 517-version-negotiation-ssl
+
+[517-version-negotiation-ssl]
+server = 517-version-negotiation-server
+client = 517-version-negotiation-client
+
+[517-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[517-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-517]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[518-version-negotiation]
+ssl_conf = 518-version-negotiation-ssl
+
+[518-version-negotiation-ssl]
+server = 518-version-negotiation-server
+client = 518-version-negotiation-client
+
+[518-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[518-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-518]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[519-version-negotiation]
+ssl_conf = 519-version-negotiation-ssl
+
+[519-version-negotiation-ssl]
+server = 519-version-negotiation-server
+client = 519-version-negotiation-client
+
+[519-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[519-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-519]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[520-version-negotiation]
+ssl_conf = 520-version-negotiation-ssl
+
+[520-version-negotiation-ssl]
+server = 520-version-negotiation-server
+client = 520-version-negotiation-client
+
+[520-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[520-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-520]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[521-version-negotiation]
+ssl_conf = 521-version-negotiation-ssl
+
+[521-version-negotiation-ssl]
+server = 521-version-negotiation-server
+client = 521-version-negotiation-client
+
+[521-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[521-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-521]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[522-version-negotiation]
+ssl_conf = 522-version-negotiation-ssl
+
+[522-version-negotiation-ssl]
+server = 522-version-negotiation-server
+client = 522-version-negotiation-client
+
+[522-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[522-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-522]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[523-version-negotiation]
+ssl_conf = 523-version-negotiation-ssl
+
+[523-version-negotiation-ssl]
+server = 523-version-negotiation-server
+client = 523-version-negotiation-client
+
+[523-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[523-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-523]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[524-version-negotiation]
+ssl_conf = 524-version-negotiation-ssl
+
+[524-version-negotiation-ssl]
+server = 524-version-negotiation-server
+client = 524-version-negotiation-client
+
+[524-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[524-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-524]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[525-version-negotiation]
+ssl_conf = 525-version-negotiation-ssl
+
+[525-version-negotiation-ssl]
+server = 525-version-negotiation-server
+client = 525-version-negotiation-client
+
+[525-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[525-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-525]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[526-version-negotiation]
+ssl_conf = 526-version-negotiation-ssl
+
+[526-version-negotiation-ssl]
+server = 526-version-negotiation-server
+client = 526-version-negotiation-client
+
+[526-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[526-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-526]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[527-version-negotiation]
+ssl_conf = 527-version-negotiation-ssl
+
+[527-version-negotiation-ssl]
+server = 527-version-negotiation-server
+client = 527-version-negotiation-client
+
+[527-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[527-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-527]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[528-version-negotiation]
+ssl_conf = 528-version-negotiation-ssl
+
+[528-version-negotiation-ssl]
+server = 528-version-negotiation-server
+client = 528-version-negotiation-client
+
+[528-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[528-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-528]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[529-version-negotiation]
+ssl_conf = 529-version-negotiation-ssl
+
+[529-version-negotiation-ssl]
+server = 529-version-negotiation-server
+client = 529-version-negotiation-client
+
+[529-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[529-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-529]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[530-version-negotiation]
+ssl_conf = 530-version-negotiation-ssl
+
+[530-version-negotiation-ssl]
+server = 530-version-negotiation-server
+client = 530-version-negotiation-client
+
+[530-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[530-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-530]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[531-version-negotiation]
+ssl_conf = 531-version-negotiation-ssl
+
+[531-version-negotiation-ssl]
+server = 531-version-negotiation-server
+client = 531-version-negotiation-client
+
+[531-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[531-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-531]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[532-version-negotiation]
+ssl_conf = 532-version-negotiation-ssl
+
+[532-version-negotiation-ssl]
+server = 532-version-negotiation-server
+client = 532-version-negotiation-client
+
+[532-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[532-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-532]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[533-version-negotiation]
+ssl_conf = 533-version-negotiation-ssl
+
+[533-version-negotiation-ssl]
+server = 533-version-negotiation-server
+client = 533-version-negotiation-client
+
+[533-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[533-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-533]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[534-version-negotiation]
+ssl_conf = 534-version-negotiation-ssl
+
+[534-version-negotiation-ssl]
+server = 534-version-negotiation-server
+client = 534-version-negotiation-client
+
+[534-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[534-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-534]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[535-version-negotiation]
+ssl_conf = 535-version-negotiation-ssl
+
+[535-version-negotiation-ssl]
+server = 535-version-negotiation-server
+client = 535-version-negotiation-client
+
+[535-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[535-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-535]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[536-version-negotiation]
+ssl_conf = 536-version-negotiation-ssl
+
+[536-version-negotiation-ssl]
+server = 536-version-negotiation-server
+client = 536-version-negotiation-client
+
+[536-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[536-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-536]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[537-version-negotiation]
+ssl_conf = 537-version-negotiation-ssl
+
+[537-version-negotiation-ssl]
+server = 537-version-negotiation-server
+client = 537-version-negotiation-client
+
+[537-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[537-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-537]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[538-version-negotiation]
+ssl_conf = 538-version-negotiation-ssl
+
+[538-version-negotiation-ssl]
+server = 538-version-negotiation-server
+client = 538-version-negotiation-client
+
+[538-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[538-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-538]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[539-version-negotiation]
+ssl_conf = 539-version-negotiation-ssl
+
+[539-version-negotiation-ssl]
+server = 539-version-negotiation-server
+client = 539-version-negotiation-client
+
+[539-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[539-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-539]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[540-version-negotiation]
+ssl_conf = 540-version-negotiation-ssl
+
+[540-version-negotiation-ssl]
+server = 540-version-negotiation-server
+client = 540-version-negotiation-client
+
+[540-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[540-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-540]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[541-version-negotiation]
+ssl_conf = 541-version-negotiation-ssl
+
+[541-version-negotiation-ssl]
+server = 541-version-negotiation-server
+client = 541-version-negotiation-client
+
+[541-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[541-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-541]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[542-version-negotiation]
+ssl_conf = 542-version-negotiation-ssl
+
+[542-version-negotiation-ssl]
+server = 542-version-negotiation-server
+client = 542-version-negotiation-client
+
+[542-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[542-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-542]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[543-version-negotiation]
+ssl_conf = 543-version-negotiation-ssl
+
+[543-version-negotiation-ssl]
+server = 543-version-negotiation-server
+client = 543-version-negotiation-client
+
+[543-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[543-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-543]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[544-version-negotiation]
+ssl_conf = 544-version-negotiation-ssl
+
+[544-version-negotiation-ssl]
+server = 544-version-negotiation-server
+client = 544-version-negotiation-client
+
+[544-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[544-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-544]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[545-version-negotiation]
+ssl_conf = 545-version-negotiation-ssl
+
+[545-version-negotiation-ssl]
+server = 545-version-negotiation-server
+client = 545-version-negotiation-client
+
+[545-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[545-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-545]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[546-version-negotiation]
+ssl_conf = 546-version-negotiation-ssl
+
+[546-version-negotiation-ssl]
+server = 546-version-negotiation-server
+client = 546-version-negotiation-client
+
+[546-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[546-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-546]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[547-version-negotiation]
+ssl_conf = 547-version-negotiation-ssl
+
+[547-version-negotiation-ssl]
+server = 547-version-negotiation-server
+client = 547-version-negotiation-client
+
+[547-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[547-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-547]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[548-version-negotiation]
+ssl_conf = 548-version-negotiation-ssl
+
+[548-version-negotiation-ssl]
+server = 548-version-negotiation-server
+client = 548-version-negotiation-client
+
+[548-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[548-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-548]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[549-version-negotiation]
+ssl_conf = 549-version-negotiation-ssl
+
+[549-version-negotiation-ssl]
+server = 549-version-negotiation-server
+client = 549-version-negotiation-client
+
+[549-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[549-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-549]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[550-version-negotiation]
+ssl_conf = 550-version-negotiation-ssl
+
+[550-version-negotiation-ssl]
+server = 550-version-negotiation-server
+client = 550-version-negotiation-client
+
+[550-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[550-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-550]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[551-version-negotiation]
+ssl_conf = 551-version-negotiation-ssl
+
+[551-version-negotiation-ssl]
+server = 551-version-negotiation-server
+client = 551-version-negotiation-client
+
+[551-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[551-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-551]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[552-version-negotiation]
+ssl_conf = 552-version-negotiation-ssl
+
+[552-version-negotiation-ssl]
+server = 552-version-negotiation-server
+client = 552-version-negotiation-client
+
+[552-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[552-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-552]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[553-version-negotiation]
+ssl_conf = 553-version-negotiation-ssl
+
+[553-version-negotiation-ssl]
+server = 553-version-negotiation-server
+client = 553-version-negotiation-client
+
+[553-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[553-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-553]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[554-version-negotiation]
+ssl_conf = 554-version-negotiation-ssl
+
+[554-version-negotiation-ssl]
+server = 554-version-negotiation-server
+client = 554-version-negotiation-client
+
+[554-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[554-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-554]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[555-version-negotiation]
+ssl_conf = 555-version-negotiation-ssl
+
+[555-version-negotiation-ssl]
+server = 555-version-negotiation-server
+client = 555-version-negotiation-client
+
+[555-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[555-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-555]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[556-version-negotiation]
+ssl_conf = 556-version-negotiation-ssl
+
+[556-version-negotiation-ssl]
+server = 556-version-negotiation-server
+client = 556-version-negotiation-client
+
+[556-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[556-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-556]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[557-version-negotiation]
+ssl_conf = 557-version-negotiation-ssl
+
+[557-version-negotiation-ssl]
+server = 557-version-negotiation-server
+client = 557-version-negotiation-client
+
+[557-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[557-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-557]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[558-version-negotiation]
+ssl_conf = 558-version-negotiation-ssl
+
+[558-version-negotiation-ssl]
+server = 558-version-negotiation-server
+client = 558-version-negotiation-client
+
+[558-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[558-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-558]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[559-version-negotiation]
+ssl_conf = 559-version-negotiation-ssl
+
+[559-version-negotiation-ssl]
+server = 559-version-negotiation-server
+client = 559-version-negotiation-client
+
+[559-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[559-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-559]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[560-version-negotiation]
+ssl_conf = 560-version-negotiation-ssl
+
+[560-version-negotiation-ssl]
+server = 560-version-negotiation-server
+client = 560-version-negotiation-client
+
+[560-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[560-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-560]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[561-version-negotiation]
+ssl_conf = 561-version-negotiation-ssl
+
+[561-version-negotiation-ssl]
+server = 561-version-negotiation-server
+client = 561-version-negotiation-client
+
+[561-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[561-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-561]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[562-version-negotiation]
+ssl_conf = 562-version-negotiation-ssl
+
+[562-version-negotiation-ssl]
+server = 562-version-negotiation-server
+client = 562-version-negotiation-client
+
+[562-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[562-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-562]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[563-version-negotiation]
+ssl_conf = 563-version-negotiation-ssl
+
+[563-version-negotiation-ssl]
+server = 563-version-negotiation-server
+client = 563-version-negotiation-client
+
+[563-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[563-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-563]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[564-version-negotiation]
+ssl_conf = 564-version-negotiation-ssl
+
+[564-version-negotiation-ssl]
+server = 564-version-negotiation-server
+client = 564-version-negotiation-client
+
+[564-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[564-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-564]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[565-version-negotiation]
+ssl_conf = 565-version-negotiation-ssl
+
+[565-version-negotiation-ssl]
+server = 565-version-negotiation-server
+client = 565-version-negotiation-client
+
+[565-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[565-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-565]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[566-version-negotiation]
+ssl_conf = 566-version-negotiation-ssl
+
+[566-version-negotiation-ssl]
+server = 566-version-negotiation-server
+client = 566-version-negotiation-client
+
+[566-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[566-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-566]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[567-version-negotiation]
+ssl_conf = 567-version-negotiation-ssl
+
+[567-version-negotiation-ssl]
+server = 567-version-negotiation-server
+client = 567-version-negotiation-client
+
+[567-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[567-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-567]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[568-version-negotiation]
+ssl_conf = 568-version-negotiation-ssl
+
+[568-version-negotiation-ssl]
+server = 568-version-negotiation-server
+client = 568-version-negotiation-client
+
+[568-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[568-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-568]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[569-version-negotiation]
+ssl_conf = 569-version-negotiation-ssl
+
+[569-version-negotiation-ssl]
+server = 569-version-negotiation-server
+client = 569-version-negotiation-client
+
+[569-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[569-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-569]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[570-version-negotiation]
+ssl_conf = 570-version-negotiation-ssl
+
+[570-version-negotiation-ssl]
+server = 570-version-negotiation-server
+client = 570-version-negotiation-client
+
+[570-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[570-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-570]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[571-version-negotiation]
+ssl_conf = 571-version-negotiation-ssl
+
+[571-version-negotiation-ssl]
+server = 571-version-negotiation-server
+client = 571-version-negotiation-client
+
+[571-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[571-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-571]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[572-version-negotiation]
+ssl_conf = 572-version-negotiation-ssl
+
+[572-version-negotiation-ssl]
+server = 572-version-negotiation-server
+client = 572-version-negotiation-client
+
+[572-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[572-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-572]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[573-version-negotiation]
+ssl_conf = 573-version-negotiation-ssl
+
+[573-version-negotiation-ssl]
+server = 573-version-negotiation-server
+client = 573-version-negotiation-client
+
+[573-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[573-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-573]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[574-version-negotiation]
+ssl_conf = 574-version-negotiation-ssl
+
+[574-version-negotiation-ssl]
+server = 574-version-negotiation-server
+client = 574-version-negotiation-client
+
+[574-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[574-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-574]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[575-version-negotiation]
+ssl_conf = 575-version-negotiation-ssl
+
+[575-version-negotiation-ssl]
+server = 575-version-negotiation-server
+client = 575-version-negotiation-client
+
+[575-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[575-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-575]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[576-version-negotiation]
+ssl_conf = 576-version-negotiation-ssl
+
+[576-version-negotiation-ssl]
+server = 576-version-negotiation-server
+client = 576-version-negotiation-client
+
+[576-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[576-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-576]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[577-version-negotiation]
+ssl_conf = 577-version-negotiation-ssl
+
+[577-version-negotiation-ssl]
+server = 577-version-negotiation-server
+client = 577-version-negotiation-client
+
+[577-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[577-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-577]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[578-version-negotiation]
+ssl_conf = 578-version-negotiation-ssl
+
+[578-version-negotiation-ssl]
+server = 578-version-negotiation-server
+client = 578-version-negotiation-client
+
+[578-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[578-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-578]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[579-version-negotiation]
+ssl_conf = 579-version-negotiation-ssl
+
+[579-version-negotiation-ssl]
+server = 579-version-negotiation-server
+client = 579-version-negotiation-client
+
+[579-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[579-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-579]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[580-version-negotiation]
+ssl_conf = 580-version-negotiation-ssl
+
+[580-version-negotiation-ssl]
+server = 580-version-negotiation-server
+client = 580-version-negotiation-client
+
+[580-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[580-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-580]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[581-version-negotiation]
+ssl_conf = 581-version-negotiation-ssl
+
+[581-version-negotiation-ssl]
+server = 581-version-negotiation-server
+client = 581-version-negotiation-client
+
+[581-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[581-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-581]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[582-version-negotiation]
+ssl_conf = 582-version-negotiation-ssl
+
+[582-version-negotiation-ssl]
+server = 582-version-negotiation-server
+client = 582-version-negotiation-client
+
+[582-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[582-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-582]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[583-version-negotiation]
+ssl_conf = 583-version-negotiation-ssl
+
+[583-version-negotiation-ssl]
+server = 583-version-negotiation-server
+client = 583-version-negotiation-client
+
+[583-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[583-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-583]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[584-version-negotiation]
+ssl_conf = 584-version-negotiation-ssl
+
+[584-version-negotiation-ssl]
+server = 584-version-negotiation-server
+client = 584-version-negotiation-client
+
+[584-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[584-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-584]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[585-version-negotiation]
+ssl_conf = 585-version-negotiation-ssl
+
+[585-version-negotiation-ssl]
+server = 585-version-negotiation-server
+client = 585-version-negotiation-client
+
+[585-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[585-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-585]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[586-version-negotiation]
+ssl_conf = 586-version-negotiation-ssl
+
+[586-version-negotiation-ssl]
+server = 586-version-negotiation-server
+client = 586-version-negotiation-client
+
+[586-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[586-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-586]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[587-version-negotiation]
+ssl_conf = 587-version-negotiation-ssl
+
+[587-version-negotiation-ssl]
+server = 587-version-negotiation-server
+client = 587-version-negotiation-client
+
+[587-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[587-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-587]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[588-version-negotiation]
+ssl_conf = 588-version-negotiation-ssl
+
+[588-version-negotiation-ssl]
+server = 588-version-negotiation-server
+client = 588-version-negotiation-client
+
+[588-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[588-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-588]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[589-version-negotiation]
+ssl_conf = 589-version-negotiation-ssl
+
+[589-version-negotiation-ssl]
+server = 589-version-negotiation-server
+client = 589-version-negotiation-client
+
+[589-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[589-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-589]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[590-version-negotiation]
+ssl_conf = 590-version-negotiation-ssl
+
+[590-version-negotiation-ssl]
+server = 590-version-negotiation-server
+client = 590-version-negotiation-client
+
+[590-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[590-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-590]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[591-version-negotiation]
+ssl_conf = 591-version-negotiation-ssl
+
+[591-version-negotiation-ssl]
+server = 591-version-negotiation-server
+client = 591-version-negotiation-client
+
+[591-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[591-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-591]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[592-version-negotiation]
+ssl_conf = 592-version-negotiation-ssl
+
+[592-version-negotiation-ssl]
+server = 592-version-negotiation-server
+client = 592-version-negotiation-client
+
+[592-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[592-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-592]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[593-version-negotiation]
+ssl_conf = 593-version-negotiation-ssl
+
+[593-version-negotiation-ssl]
+server = 593-version-negotiation-server
+client = 593-version-negotiation-client
+
+[593-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[593-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-593]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[594-version-negotiation]
+ssl_conf = 594-version-negotiation-ssl
+
+[594-version-negotiation-ssl]
+server = 594-version-negotiation-server
+client = 594-version-negotiation-client
+
+[594-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[594-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-594]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[595-version-negotiation]
+ssl_conf = 595-version-negotiation-ssl
+
+[595-version-negotiation-ssl]
+server = 595-version-negotiation-server
+client = 595-version-negotiation-client
+
+[595-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[595-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-595]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[596-version-negotiation]
+ssl_conf = 596-version-negotiation-ssl
+
+[596-version-negotiation-ssl]
+server = 596-version-negotiation-server
+client = 596-version-negotiation-client
+
+[596-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[596-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-596]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[597-version-negotiation]
+ssl_conf = 597-version-negotiation-ssl
+
+[597-version-negotiation-ssl]
+server = 597-version-negotiation-server
+client = 597-version-negotiation-client
+
+[597-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[597-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-597]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[598-version-negotiation]
+ssl_conf = 598-version-negotiation-ssl
+
+[598-version-negotiation-ssl]
+server = 598-version-negotiation-server
+client = 598-version-negotiation-client
+
+[598-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[598-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-598]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[599-version-negotiation]
+ssl_conf = 599-version-negotiation-ssl
+
+[599-version-negotiation-ssl]
+server = 599-version-negotiation-server
+client = 599-version-negotiation-client
+
+[599-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[599-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-599]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[600-version-negotiation]
+ssl_conf = 600-version-negotiation-ssl
+
+[600-version-negotiation-ssl]
+server = 600-version-negotiation-server
+client = 600-version-negotiation-client
+
+[600-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[600-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-600]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[601-version-negotiation]
+ssl_conf = 601-version-negotiation-ssl
+
+[601-version-negotiation-ssl]
+server = 601-version-negotiation-server
+client = 601-version-negotiation-client
+
+[601-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[601-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-601]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[602-version-negotiation]
+ssl_conf = 602-version-negotiation-ssl
+
+[602-version-negotiation-ssl]
+server = 602-version-negotiation-server
+client = 602-version-negotiation-client
+
+[602-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[602-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-602]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[603-version-negotiation]
+ssl_conf = 603-version-negotiation-ssl
+
+[603-version-negotiation-ssl]
+server = 603-version-negotiation-server
+client = 603-version-negotiation-client
+
+[603-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[603-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-603]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[604-version-negotiation]
+ssl_conf = 604-version-negotiation-ssl
+
+[604-version-negotiation-ssl]
+server = 604-version-negotiation-server
+client = 604-version-negotiation-client
+
+[604-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[604-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-604]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[605-version-negotiation]
+ssl_conf = 605-version-negotiation-ssl
+
+[605-version-negotiation-ssl]
+server = 605-version-negotiation-server
+client = 605-version-negotiation-client
+
+[605-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[605-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-605]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[606-version-negotiation]
+ssl_conf = 606-version-negotiation-ssl
+
+[606-version-negotiation-ssl]
+server = 606-version-negotiation-server
+client = 606-version-negotiation-client
+
+[606-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[606-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-606]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[607-version-negotiation]
+ssl_conf = 607-version-negotiation-ssl
+
+[607-version-negotiation-ssl]
+server = 607-version-negotiation-server
+client = 607-version-negotiation-client
+
+[607-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[607-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-607]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[608-version-negotiation]
+ssl_conf = 608-version-negotiation-ssl
+
+[608-version-negotiation-ssl]
+server = 608-version-negotiation-server
+client = 608-version-negotiation-client
+
+[608-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[608-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-608]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[609-version-negotiation]
+ssl_conf = 609-version-negotiation-ssl
+
+[609-version-negotiation-ssl]
+server = 609-version-negotiation-server
+client = 609-version-negotiation-client
+
+[609-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[609-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-609]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[610-version-negotiation]
+ssl_conf = 610-version-negotiation-ssl
+
+[610-version-negotiation-ssl]
+server = 610-version-negotiation-server
+client = 610-version-negotiation-client
+
+[610-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[610-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-610]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[611-version-negotiation]
+ssl_conf = 611-version-negotiation-ssl
+
+[611-version-negotiation-ssl]
+server = 611-version-negotiation-server
+client = 611-version-negotiation-client
+
+[611-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[611-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-611]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[612-version-negotiation]
+ssl_conf = 612-version-negotiation-ssl
+
+[612-version-negotiation-ssl]
+server = 612-version-negotiation-server
+client = 612-version-negotiation-client
+
+[612-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[612-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-612]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[613-version-negotiation]
+ssl_conf = 613-version-negotiation-ssl
+
+[613-version-negotiation-ssl]
+server = 613-version-negotiation-server
+client = 613-version-negotiation-client
+
+[613-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[613-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-613]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[614-version-negotiation]
+ssl_conf = 614-version-negotiation-ssl
+
+[614-version-negotiation-ssl]
+server = 614-version-negotiation-server
+client = 614-version-negotiation-client
+
+[614-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[614-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-614]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[615-version-negotiation]
+ssl_conf = 615-version-negotiation-ssl
+
+[615-version-negotiation-ssl]
+server = 615-version-negotiation-server
+client = 615-version-negotiation-client
+
+[615-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[615-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-615]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[616-version-negotiation]
+ssl_conf = 616-version-negotiation-ssl
+
+[616-version-negotiation-ssl]
+server = 616-version-negotiation-server
+client = 616-version-negotiation-client
+
+[616-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[616-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-616]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[617-version-negotiation]
+ssl_conf = 617-version-negotiation-ssl
+
+[617-version-negotiation-ssl]
+server = 617-version-negotiation-server
+client = 617-version-negotiation-client
+
+[617-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[617-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-617]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[618-version-negotiation]
+ssl_conf = 618-version-negotiation-ssl
+
+[618-version-negotiation-ssl]
+server = 618-version-negotiation-server
+client = 618-version-negotiation-client
+
+[618-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[618-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-618]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[619-version-negotiation]
+ssl_conf = 619-version-negotiation-ssl
+
+[619-version-negotiation-ssl]
+server = 619-version-negotiation-server
+client = 619-version-negotiation-client
+
+[619-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[619-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-619]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[620-version-negotiation]
+ssl_conf = 620-version-negotiation-ssl
+
+[620-version-negotiation-ssl]
+server = 620-version-negotiation-server
+client = 620-version-negotiation-client
+
+[620-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[620-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-620]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[621-version-negotiation]
+ssl_conf = 621-version-negotiation-ssl
+
+[621-version-negotiation-ssl]
+server = 621-version-negotiation-server
+client = 621-version-negotiation-client
+
+[621-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[621-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-621]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[622-version-negotiation]
+ssl_conf = 622-version-negotiation-ssl
+
+[622-version-negotiation-ssl]
+server = 622-version-negotiation-server
+client = 622-version-negotiation-client
+
+[622-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[622-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-622]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[623-version-negotiation]
+ssl_conf = 623-version-negotiation-ssl
+
+[623-version-negotiation-ssl]
+server = 623-version-negotiation-server
+client = 623-version-negotiation-client
+
+[623-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[623-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-623]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[624-version-negotiation]
+ssl_conf = 624-version-negotiation-ssl
+
+[624-version-negotiation-ssl]
+server = 624-version-negotiation-server
+client = 624-version-negotiation-client
+
+[624-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[624-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-624]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[625-version-negotiation]
+ssl_conf = 625-version-negotiation-ssl
+
+[625-version-negotiation-ssl]
+server = 625-version-negotiation-server
+client = 625-version-negotiation-client
+
+[625-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[625-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-625]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[626-version-negotiation]
+ssl_conf = 626-version-negotiation-ssl
+
+[626-version-negotiation-ssl]
+server = 626-version-negotiation-server
+client = 626-version-negotiation-client
+
+[626-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[626-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-626]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[627-version-negotiation]
+ssl_conf = 627-version-negotiation-ssl
+
+[627-version-negotiation-ssl]
+server = 627-version-negotiation-server
+client = 627-version-negotiation-client
+
+[627-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[627-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-627]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[628-version-negotiation]
+ssl_conf = 628-version-negotiation-ssl
+
+[628-version-negotiation-ssl]
+server = 628-version-negotiation-server
+client = 628-version-negotiation-client
+
+[628-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[628-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-628]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[629-version-negotiation]
+ssl_conf = 629-version-negotiation-ssl
+
+[629-version-negotiation-ssl]
+server = 629-version-negotiation-server
+client = 629-version-negotiation-client
+
+[629-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[629-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-629]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[630-version-negotiation]
+ssl_conf = 630-version-negotiation-ssl
+
+[630-version-negotiation-ssl]
+server = 630-version-negotiation-server
+client = 630-version-negotiation-client
+
+[630-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[630-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-630]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[631-version-negotiation]
+ssl_conf = 631-version-negotiation-ssl
+
+[631-version-negotiation-ssl]
+server = 631-version-negotiation-server
+client = 631-version-negotiation-client
+
+[631-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[631-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-631]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[632-version-negotiation]
+ssl_conf = 632-version-negotiation-ssl
+
+[632-version-negotiation-ssl]
+server = 632-version-negotiation-server
+client = 632-version-negotiation-client
+
+[632-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[632-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-632]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[633-version-negotiation]
+ssl_conf = 633-version-negotiation-ssl
+
+[633-version-negotiation-ssl]
+server = 633-version-negotiation-server
+client = 633-version-negotiation-client
+
+[633-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[633-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-633]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[634-version-negotiation]
+ssl_conf = 634-version-negotiation-ssl
+
+[634-version-negotiation-ssl]
+server = 634-version-negotiation-server
+client = 634-version-negotiation-client
+
+[634-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[634-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-634]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[635-version-negotiation]
+ssl_conf = 635-version-negotiation-ssl
+
+[635-version-negotiation-ssl]
+server = 635-version-negotiation-server
+client = 635-version-negotiation-client
+
+[635-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[635-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-635]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[636-version-negotiation]
+ssl_conf = 636-version-negotiation-ssl
+
+[636-version-negotiation-ssl]
+server = 636-version-negotiation-server
+client = 636-version-negotiation-client
+
+[636-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[636-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-636]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[637-version-negotiation]
+ssl_conf = 637-version-negotiation-ssl
+
+[637-version-negotiation-ssl]
+server = 637-version-negotiation-server
+client = 637-version-negotiation-client
+
+[637-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[637-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-637]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[638-version-negotiation]
+ssl_conf = 638-version-negotiation-ssl
+
+[638-version-negotiation-ssl]
+server = 638-version-negotiation-server
+client = 638-version-negotiation-client
+
+[638-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[638-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-638]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[639-version-negotiation]
+ssl_conf = 639-version-negotiation-ssl
+
+[639-version-negotiation-ssl]
+server = 639-version-negotiation-server
+client = 639-version-negotiation-client
+
+[639-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[639-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-639]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[640-version-negotiation]
+ssl_conf = 640-version-negotiation-ssl
+
+[640-version-negotiation-ssl]
+server = 640-version-negotiation-server
+client = 640-version-negotiation-client
+
+[640-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[640-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-640]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[641-version-negotiation]
+ssl_conf = 641-version-negotiation-ssl
+
+[641-version-negotiation-ssl]
+server = 641-version-negotiation-server
+client = 641-version-negotiation-client
+
+[641-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[641-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-641]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[642-version-negotiation]
+ssl_conf = 642-version-negotiation-ssl
+
+[642-version-negotiation-ssl]
+server = 642-version-negotiation-server
+client = 642-version-negotiation-client
+
+[642-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[642-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-642]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[643-version-negotiation]
+ssl_conf = 643-version-negotiation-ssl
+
+[643-version-negotiation-ssl]
+server = 643-version-negotiation-server
+client = 643-version-negotiation-client
+
+[643-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[643-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-643]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[644-version-negotiation]
+ssl_conf = 644-version-negotiation-ssl
+
+[644-version-negotiation-ssl]
+server = 644-version-negotiation-server
+client = 644-version-negotiation-client
+
+[644-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[644-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-644]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[645-version-negotiation]
+ssl_conf = 645-version-negotiation-ssl
+
+[645-version-negotiation-ssl]
+server = 645-version-negotiation-server
+client = 645-version-negotiation-client
+
+[645-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[645-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-645]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[646-version-negotiation]
+ssl_conf = 646-version-negotiation-ssl
+
+[646-version-negotiation-ssl]
+server = 646-version-negotiation-server
+client = 646-version-negotiation-client
+
+[646-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[646-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-646]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[647-version-negotiation]
+ssl_conf = 647-version-negotiation-ssl
+
+[647-version-negotiation-ssl]
+server = 647-version-negotiation-server
+client = 647-version-negotiation-client
+
+[647-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[647-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-647]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[648-version-negotiation]
+ssl_conf = 648-version-negotiation-ssl
+
+[648-version-negotiation-ssl]
+server = 648-version-negotiation-server
+client = 648-version-negotiation-client
+
+[648-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[648-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-648]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[649-version-negotiation]
+ssl_conf = 649-version-negotiation-ssl
+
+[649-version-negotiation-ssl]
+server = 649-version-negotiation-server
+client = 649-version-negotiation-client
+
+[649-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[649-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-649]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[650-version-negotiation]
+ssl_conf = 650-version-negotiation-ssl
+
+[650-version-negotiation-ssl]
+server = 650-version-negotiation-server
+client = 650-version-negotiation-client
+
+[650-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[650-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-650]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[651-version-negotiation]
+ssl_conf = 651-version-negotiation-ssl
+
+[651-version-negotiation-ssl]
+server = 651-version-negotiation-server
+client = 651-version-negotiation-client
+
+[651-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[651-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-651]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[652-version-negotiation]
+ssl_conf = 652-version-negotiation-ssl
+
+[652-version-negotiation-ssl]
+server = 652-version-negotiation-server
+client = 652-version-negotiation-client
+
+[652-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[652-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-652]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[653-version-negotiation]
+ssl_conf = 653-version-negotiation-ssl
+
+[653-version-negotiation-ssl]
+server = 653-version-negotiation-server
+client = 653-version-negotiation-client
+
+[653-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[653-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-653]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[654-version-negotiation]
+ssl_conf = 654-version-negotiation-ssl
+
+[654-version-negotiation-ssl]
+server = 654-version-negotiation-server
+client = 654-version-negotiation-client
+
+[654-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[654-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-654]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[655-version-negotiation]
+ssl_conf = 655-version-negotiation-ssl
+
+[655-version-negotiation-ssl]
+server = 655-version-negotiation-server
+client = 655-version-negotiation-client
+
+[655-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[655-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-655]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[656-version-negotiation]
+ssl_conf = 656-version-negotiation-ssl
+
+[656-version-negotiation-ssl]
+server = 656-version-negotiation-server
+client = 656-version-negotiation-client
+
+[656-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[656-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-656]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[657-version-negotiation]
+ssl_conf = 657-version-negotiation-ssl
+
+[657-version-negotiation-ssl]
+server = 657-version-negotiation-server
+client = 657-version-negotiation-client
+
+[657-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[657-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-657]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[658-version-negotiation]
+ssl_conf = 658-version-negotiation-ssl
+
+[658-version-negotiation-ssl]
+server = 658-version-negotiation-server
+client = 658-version-negotiation-client
+
+[658-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[658-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-658]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[659-version-negotiation]
+ssl_conf = 659-version-negotiation-ssl
+
+[659-version-negotiation-ssl]
+server = 659-version-negotiation-server
+client = 659-version-negotiation-client
+
+[659-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[659-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-659]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[660-version-negotiation]
+ssl_conf = 660-version-negotiation-ssl
+
+[660-version-negotiation-ssl]
+server = 660-version-negotiation-server
+client = 660-version-negotiation-client
+
+[660-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[660-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-660]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[661-version-negotiation]
+ssl_conf = 661-version-negotiation-ssl
+
+[661-version-negotiation-ssl]
+server = 661-version-negotiation-server
+client = 661-version-negotiation-client
+
+[661-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[661-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-661]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[662-version-negotiation]
+ssl_conf = 662-version-negotiation-ssl
+
+[662-version-negotiation-ssl]
+server = 662-version-negotiation-server
+client = 662-version-negotiation-client
+
+[662-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[662-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-662]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[663-version-negotiation]
+ssl_conf = 663-version-negotiation-ssl
+
+[663-version-negotiation-ssl]
+server = 663-version-negotiation-server
+client = 663-version-negotiation-client
+
+[663-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[663-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-663]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[664-version-negotiation]
+ssl_conf = 664-version-negotiation-ssl
+
+[664-version-negotiation-ssl]
+server = 664-version-negotiation-server
+client = 664-version-negotiation-client
+
+[664-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[664-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-664]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[665-version-negotiation]
+ssl_conf = 665-version-negotiation-ssl
+
+[665-version-negotiation-ssl]
+server = 665-version-negotiation-server
+client = 665-version-negotiation-client
+
+[665-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[665-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-665]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[666-version-negotiation]
+ssl_conf = 666-version-negotiation-ssl
+
+[666-version-negotiation-ssl]
+server = 666-version-negotiation-server
+client = 666-version-negotiation-client
+
+[666-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[666-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-666]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[667-version-negotiation]
+ssl_conf = 667-version-negotiation-ssl
+
+[667-version-negotiation-ssl]
+server = 667-version-negotiation-server
+client = 667-version-negotiation-client
+
+[667-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[667-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-667]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[668-version-negotiation]
+ssl_conf = 668-version-negotiation-ssl
+
+[668-version-negotiation-ssl]
+server = 668-version-negotiation-server
+client = 668-version-negotiation-client
+
+[668-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[668-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-668]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[669-version-negotiation]
+ssl_conf = 669-version-negotiation-ssl
+
+[669-version-negotiation-ssl]
+server = 669-version-negotiation-server
+client = 669-version-negotiation-client
+
+[669-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[669-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-669]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[670-version-negotiation]
+ssl_conf = 670-version-negotiation-ssl
+
+[670-version-negotiation-ssl]
+server = 670-version-negotiation-server
+client = 670-version-negotiation-client
+
+[670-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[670-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-670]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[671-version-negotiation]
+ssl_conf = 671-version-negotiation-ssl
+
+[671-version-negotiation-ssl]
+server = 671-version-negotiation-server
+client = 671-version-negotiation-client
+
+[671-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[671-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-671]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[672-version-negotiation]
+ssl_conf = 672-version-negotiation-ssl
+
+[672-version-negotiation-ssl]
+server = 672-version-negotiation-server
+client = 672-version-negotiation-client
+
+[672-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[672-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-672]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[673-version-negotiation]
+ssl_conf = 673-version-negotiation-ssl
+
+[673-version-negotiation-ssl]
+server = 673-version-negotiation-server
+client = 673-version-negotiation-client
+
+[673-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[673-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-673]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[674-version-negotiation]
+ssl_conf = 674-version-negotiation-ssl
+
+[674-version-negotiation-ssl]
+server = 674-version-negotiation-server
+client = 674-version-negotiation-client
+
+[674-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[674-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-674]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[675-version-negotiation]
+ssl_conf = 675-version-negotiation-ssl
+
+[675-version-negotiation-ssl]
+server = 675-version-negotiation-server
+client = 675-version-negotiation-client
+
+[675-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[675-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-675]
+ExpectedResult = InternalError
 
 
diff --git a/test/ssl-tests/13-fragmentation.conf b/test/ssl-tests/13-fragmentation.conf
index 4c1e9e2..14aec20 100644
--- a/test/ssl-tests/13-fragmentation.conf
+++ b/test/ssl-tests/13-fragmentation.conf
@@ -267,6 +267,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [10-large-app-data-aes-sha1-multibuffer-client]
 CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -291,6 +292,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [11-large-app-data-aes-sha2-multibuffer-client]
 CipherString = AES128-SHA256
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -315,6 +317,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [12-large-app-data-aes-sha1-multibuffer-odd-fragment-client]
 CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -339,6 +342,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [13-large-app-data-aes-sha2-multibuffer-odd-fragment-client]
 CipherString = AES128-SHA256
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -363,6 +367,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [14-small-app-data-aes-sha1-multibuffer-client]
 CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -387,6 +392,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [15-small-app-data-aes-sha2-multibuffer-client]
 CipherString = AES128-SHA256
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
diff --git a/test/ssl-tests/13-fragmentation.conf.in b/test/ssl-tests/13-fragmentation.conf.in
index 645163c..ae6446e 100644
--- a/test/ssl-tests/13-fragmentation.conf.in
+++ b/test/ssl-tests/13-fragmentation.conf.in
@@ -114,6 +114,7 @@ our @tests = (
         server => { },
         client => {
             CipherString => "AES128-SHA",
+            MaxProtocol => "TLSv1.2"
         },
         test => {
             ApplicationData => 1024 * 1024,
@@ -125,6 +126,7 @@ our @tests = (
         server => { },
         client => {
             CipherString => "AES128-SHA256",
+            MaxProtocol => "TLSv1.2"
         },
         test => {
             ApplicationData => 1024 * 1024,
@@ -136,6 +138,7 @@ our @tests = (
         server => { },
         client => {
             CipherString => "AES128-SHA",
+            MaxProtocol => "TLSv1.2"
         },
         test => {
             ApplicationData => 1024 * 1024 + 3,
@@ -147,6 +150,7 @@ our @tests = (
         server => { },
         client => {
             CipherString => "AES128-SHA256",
+            MaxProtocol => "TLSv1.2"
         },
         test => {
             ApplicationData => 1024 * 1024 - 3,
@@ -161,6 +165,7 @@ our @tests = (
         server => { },
         client => {
             CipherString => "AES128-SHA",
+            MaxProtocol => "TLSv1.2"
         },
         test => {
             ApplicationData => 4 * 1024,
@@ -172,6 +177,7 @@ our @tests = (
         server => { },
         client => {
             CipherString => "AES128-SHA256",
+            MaxProtocol => "TLSv1.2"
         },
         test => {
             ApplicationData => 4 * 1024,
diff --git a/test/ssl-tests/14-curves.conf b/test/ssl-tests/14-curves.conf
index d4c19c7..17d00b5 100644
--- a/test/ssl-tests/14-curves.conf
+++ b/test/ssl-tests/14-curves.conf
@@ -44,6 +44,7 @@ client = 0-curve-sect163k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect163k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [0-curve-sect163k1-client]
@@ -69,6 +70,7 @@ client = 1-curve-sect163r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect163r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [1-curve-sect163r1-client]
@@ -94,6 +96,7 @@ client = 2-curve-sect163r2-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect163r2
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [2-curve-sect163r2-client]
@@ -119,6 +122,7 @@ client = 3-curve-sect193r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect193r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [3-curve-sect193r1-client]
@@ -144,6 +148,7 @@ client = 4-curve-sect193r2-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect193r2
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [4-curve-sect193r2-client]
@@ -169,6 +174,7 @@ client = 5-curve-sect233k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect233k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [5-curve-sect233k1-client]
@@ -194,6 +200,7 @@ client = 6-curve-sect233r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect233r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [6-curve-sect233r1-client]
@@ -219,6 +226,7 @@ client = 7-curve-sect239k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect239k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [7-curve-sect239k1-client]
@@ -244,6 +252,7 @@ client = 8-curve-sect283k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect283k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [8-curve-sect283k1-client]
@@ -269,6 +278,7 @@ client = 9-curve-sect283r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect283r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [9-curve-sect283r1-client]
@@ -294,6 +304,7 @@ client = 10-curve-sect409k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect409k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [10-curve-sect409k1-client]
@@ -319,6 +330,7 @@ client = 11-curve-sect409r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect409r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [11-curve-sect409r1-client]
@@ -344,6 +356,7 @@ client = 12-curve-sect571k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect571k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [12-curve-sect571k1-client]
@@ -369,6 +382,7 @@ client = 13-curve-sect571r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect571r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [13-curve-sect571r1-client]
@@ -394,6 +408,7 @@ client = 14-curve-secp160k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = secp160k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [14-curve-secp160k1-client]
@@ -419,6 +434,7 @@ client = 15-curve-secp160r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = secp160r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [15-curve-secp160r1-client]
@@ -444,6 +460,7 @@ client = 16-curve-secp160r2-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = secp160r2
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [16-curve-secp160r2-client]
@@ -469,6 +486,7 @@ client = 17-curve-secp192k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = secp192k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [17-curve-secp192k1-client]
@@ -494,6 +512,7 @@ client = 18-curve-prime192v1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = prime192v1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [18-curve-prime192v1-client]
@@ -519,6 +538,7 @@ client = 19-curve-secp224k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = secp224k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [19-curve-secp224k1-client]
@@ -544,6 +564,7 @@ client = 20-curve-secp224r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = secp224r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [20-curve-secp224r1-client]
@@ -569,6 +590,7 @@ client = 21-curve-secp256k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = secp256k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [21-curve-secp256k1-client]
@@ -594,6 +616,7 @@ client = 22-curve-prime256v1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = prime256v1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [22-curve-prime256v1-client]
@@ -619,6 +642,7 @@ client = 23-curve-secp384r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = secp384r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [23-curve-secp384r1-client]
@@ -644,6 +668,7 @@ client = 24-curve-secp521r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = secp521r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [24-curve-secp521r1-client]
@@ -669,6 +694,7 @@ client = 25-curve-brainpoolP256r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = brainpoolP256r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [25-curve-brainpoolP256r1-client]
@@ -694,6 +720,7 @@ client = 26-curve-brainpoolP384r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = brainpoolP384r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [26-curve-brainpoolP384r1-client]
@@ -719,6 +746,7 @@ client = 27-curve-brainpoolP512r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = brainpoolP512r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [27-curve-brainpoolP512r1-client]
@@ -744,6 +772,7 @@ client = 28-curve-X25519-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = X25519
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [28-curve-X25519-client]
diff --git a/test/ssl-tests/14-curves.conf.in b/test/ssl-tests/14-curves.conf.in
index f39ff7d..dec2be2 100644
--- a/test/ssl-tests/14-curves.conf.in
+++ b/test/ssl-tests/14-curves.conf.in
@@ -27,7 +27,9 @@ sub generate_tests() {
         push @tests, {
 	    name => "curve-${curve}",
             server => {
-                "Curves" => $curve
+                "Curves" => $curve,
+                # TODO(TLS1.3): Can we get this to work for TLSv1.3?
+                "MaxProtocol" => "TLSv1.2"
             },
             client => {
 		"CipherString" => "ECDHE",
diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm
index c711362..9abcaae 100644
--- a/test/ssl-tests/protocol_version.pm
+++ b/test/ssl-tests/protocol_version.pm
@@ -20,12 +20,12 @@ use OpenSSL::Test;
 use OpenSSL::Test::Utils qw/anydisabled alldisabled/;
 setup("no_test_here");
 
-my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
+my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3");
 # undef stands for "no limit".
-my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
-my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", undef);
+my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3");
+my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3", undef);
 
-my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
+my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3");
 
 my $min_tls_enabled; my $max_tls_enabled;
 
@@ -74,7 +74,7 @@ foreach my $i (0..$#dtls_protocols) {
 sub no_tests {
     my ($dtls) = @_;
     return $dtls ? alldisabled("dtls1", "dtls1_2") :
-      alldisabled("ssl3", "tls1", "tls1_1", "tls1_2");
+      alldisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3");
 }
 
 sub generate_version_tests {
@@ -137,6 +137,7 @@ sub generate_resumption_tests {
 
     my @protocols = $dtls ? @dtls_protocols : @tls_protocols;
     my $min_enabled  = $dtls ? $min_dtls_enabled : $min_tls_enabled;
+    my $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled;
 
     if (no_tests($dtls)) {
         return;
@@ -146,10 +147,10 @@ sub generate_resumption_tests {
     my @client_tests = ();
 
     # Obtain the first session against a fixed-version server/client.
-    foreach my $original_protocol($min_enabled..$#protocols) {
+    foreach my $original_protocol($min_enabled..$max_enabled) {
         # Upgrade or downgrade the server/client max version support and test
         # that it upgrades, downgrades or resumes the session as well.
-        foreach my $resume_protocol($min_enabled..$#protocols) {
+        foreach my $resume_protocol($min_enabled..$max_enabled) {
             my $resumption_expected;
             # We should only resume on exact version match.
             if ($original_protocol eq $resume_protocol) {
@@ -234,9 +235,15 @@ sub expected_result {
         # Server doesn't support the client range.
         return ("ServerFail", undef);
     } elsif ($c_min > $s_max) {
-        # Server will try with a version that is lower than the lowest
-        # supported client version.
-        return ("ClientFail", undef);
+        my @prots = @$protocols;
+        if ($prots[$c_min] eq "TLSv1.3") {
+            # Client won't have sent any ciphersuite the server recognises
+                        return ("ServerFail", undef);
+        } else {
+            # Server will try with a version that is lower than the lowest
+            # supported client version.
+            return ("ClientFail", undef);
+        }
     } else {
         # Server and client ranges overlap.
         my $max_common = $s_max < $c_max ? $s_max : $c_max;
diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c
index 0a528d8..e8f2943 100644
--- a/test/ssl_test_ctx.c
+++ b/test/ssl_test_ctx.c
@@ -152,6 +152,7 @@ const char *ssl_alert_name(int alert)
 /********************/
 
 static const test_enum ssl_protocols[] = {
+     {"TLSv1.3", TLS1_3_VERSION},
      {"TLSv1.2", TLS1_2_VERSION},
      {"TLSv1.1", TLS1_1_VERSION},
      {"TLSv1", TLS1_VERSION},
diff --git a/test/ssltest_old.c b/test/ssltest_old.c
index 6a5cd70..356359d 100644
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -886,6 +886,7 @@ static int protocol_from_string(const char *value)
         {"tls1", TLS1_VERSION},
         {"tls1.1", TLS1_1_VERSION},
         {"tls1.2", TLS1_2_VERSION},
+        {"tls1.3", TLS1_3_VERSION},
         {"dtls1", DTLS1_VERSION},
         {"dtls1.2", DTLS1_2_VERSION}};
     size_t i;
@@ -958,7 +959,7 @@ int main(int argc, char *argv[])
     int badop = 0;
     enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM;
     int force = 0;
-    int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, ssl3 = 0, ret = 1;
+    int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0, ret = 1;
     int client_auth = 0;
     int server_auth = 0, i;
     struct app_verify_arg app_verify_arg =
@@ -1123,7 +1124,9 @@ int main(int argc, char *argv[])
             min_version = TLS1_VERSION;
         }
 #endif
-        else if (strcmp(*argv, "-tls1") == 0) {
+        else if (strcmp(*argv, "-tls1_2") == 0) {
+            tls1_2 = 1;
+        } else if (strcmp(*argv, "-tls1") == 0) {
             tls1 = 1;
         } else if (strcmp(*argv, "-ssl3") == 0) {
             ssl3 = 1;
@@ -1329,8 +1332,8 @@ int main(int argc, char *argv[])
         goto end;
     }
 
-    if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) {
-        fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should "
+    if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) {
+        fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should "
                 "be requested.\n");
         EXIT(1);
     }
@@ -1345,6 +1348,11 @@ int main(int argc, char *argv[])
         no_protocol = 1;
     else
 #endif
+#ifdef OPENSSL_NO_TLS1_2
+    if (tls1_2)
+        no_protocol = 1;
+    else
+#endif
 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
     if (dtls1)
         no_protocol = 1;
@@ -1369,10 +1377,11 @@ int main(int argc, char *argv[])
         goto end;
     }
 
-    if (!ssl3 && !tls1 && !dtls && !dtls1 && !dtls12 && number > 1 && !reuse && !force) {
+    if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1
+            && !reuse && !force) {
         fprintf(stderr, "This case cannot work.  Use -f to perform "
                 "the test anyway (and\n-d to see what happens), "
-                "or add one of -ssl3, -tls1, -dtls, -dtls1, -dtls12, -reuse\n"
+                "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n"
                 "to avoid protocol mismatch.\n");
         EXIT(1);
     }
@@ -1435,6 +1444,9 @@ int main(int argc, char *argv[])
     } else if (tls1) {
         min_version = TLS1_VERSION;
         max_version = TLS1_VERSION;
+    } else if (tls1_2) {
+        min_version = TLS1_2_VERSION;
+        max_version = TLS1_2_VERSION;
     }
 #endif
 #ifndef OPENSSL_NO_DTLS
diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm
index eeb83ed..c15019d 100644
--- a/util/TLSProxy/Proxy.pm
+++ b/util/TLSProxy/Proxy.pm
@@ -147,8 +147,10 @@ sub start
                 or die "Failed to redirect stdout: $!";
             open(STDERR, ">&STDOUT");
         }
+        # TODO(TLS1.3): Temporarily disabled for TLS1.3...no shared cipher
+        # because the TLS1.3 ciphersuites are not compatible with ossltest
         my $execcmd = $self->execute
-            ." s_server -no_comp -rev -engine ossltest -accept "
+            ." s_server -no_tls1_3 -no_comp -rev -engine ossltest -accept "
             .($self->server_port)
             ." -cert ".$self->cert." -naccept ".$self->serverconnects;
         if ($self->ciphers ne "") {


More information about the openssl-commits mailing list