[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Wed Feb 7 21:41:49 UTC 2018
The branch master has been updated
via 4af26979480a42e267ff686210bb63b1ebdd0eab (commit)
via 04e3bb045f9b407d1ec681cfbeab4da8e53d750a (commit)
via 0f41dc0e9e9e6a8c2a43fa6af5fdf5359283e2ba (commit)
via f518cef40c431188b4910ca9bd8ef3778f599bb5 (commit)
from c517ac4c3f6d48cf35b75f148515ce7f3677a03b (commit)
- Log -----------------------------------------------------------------
commit 4af26979480a42e267ff686210bb63b1ebdd0eab
Author: Matt Caswell <matt at openssl.org>
Date: Wed Feb 7 14:53:31 2018 +0000
Don't run tls13encryptiontest on a shared Windows build
tls13encryptiontest is an "internal" test. As with all the other internal
tests it should not be run on a shared native Windows build.
[extended tests]
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5266)
commit 04e3bb045f9b407d1ec681cfbeab4da8e53d750a
Author: Matt Caswell <matt at openssl.org>
Date: Wed Feb 7 14:20:31 2018 +0000
Fix some undefined behaviour in ossltest engine
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5266)
commit 0f41dc0e9e9e6a8c2a43fa6af5fdf5359283e2ba
Author: Matt Caswell <matt at openssl.org>
Date: Wed Feb 7 10:55:02 2018 +0000
Fix clienthellotest with TLSv1.3
If TLSv1.3 is enabled and combined with other options that extend the
size of the ClientHello, then the clienthello test can sometimes fail
because the ClientHello has grown too large. Part of the purpose of the
test is to check that the padding extension works properly. This requires
the ClientHello size to be kept within certain bounds.
By restricting the number of ciphersuites sent we can reduce the size of
the ClientHello.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5266)
commit f518cef40c431188b4910ca9bd8ef3778f599bb5
Author: Matt Caswell <matt at openssl.org>
Date: Tue Feb 6 17:27:25 2018 +0000
Enable TLSv1.3 by default
[extended tests]
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5266)
-----------------------------------------------------------------------
Summary of changes:
.travis.yml | 2 +-
CHANGES | 20 +
Configure | 2 -
INSTALL | 27 +-
NEWS | 1 +
engines/e_ossltest.c | 16 +-
test/clienthellotest.c | 9 +
test/recipes/80-test_ssl_new.t | 2 +-
test/recipes/90-test_tls13encryption.t | 3 +
test/ssl-tests/02-protocol-version.conf | 478 ++++++----
test/ssl-tests/10-resumption.conf | 1473 ++++++++++++++++++++++++++-----
test/ssl-tests/20-cert-select.conf | 543 +++++++++++-
test/ssl-tests/22-compression.conf | 178 +++-
13 files changed, 2290 insertions(+), 464 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index b361059..cfc11b6 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -43,7 +43,7 @@ matrix:
sources:
- ubuntu-toolchain-r-test
compiler: gcc-5
- env: CONFIG_OPTS="--strict-warnings enable-tls1_3" TESTS="-test_fuzz" COMMENT="Move to the BORINGTEST build when interoperable"
+ env: CONFIG_OPTS="--strict-warnings" TESTS="-test_fuzz" COMMENT="Move to the BORINGTEST build when interoperable"
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes"
diff --git a/CHANGES b/CHANGES
index f0807c6..178c6c4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,26 @@
Changes between 1.1.0f and 1.1.1 [xx XXX xxxx]
+ *) Support for TLSv1.3 added. Note that users upgrading from an earlier
+ version of OpenSSL should review their configuration settings to ensure
+ that they are still appropriate for TLSv1.3. In particular if no TLSv1.3
+ ciphersuites are enabled then OpenSSL will refuse to make a connection
+ unless (1) TLSv1.3 is explicitly disabled or (2) the ciphersuite
+ configuration is updated to include suitable ciphersuites. The DEFAULT
+ ciphersuite configuration does include TLSv1.3 ciphersuites. For further
+ information on this and other related issues please see:
+ https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/
+
+ NOTE: In this pre-release of OpenSSL a draft version of the
+ TLSv1.3 standard has been implemented. Implementations of different draft
+ versions of the standard do not inter-operate, and this version will not
+ inter-operate with an implementation of the final standard when it is
+ eventually published. Different pre-release versions may implement
+ different versions of the draft. The final version of OpenSSL 1.1.1 will
+ implement the final version of the standard.
+ TODO(TLS1.3): Remove the above note before final release
+ [Matt Caswell]
+
*) Changed Configure so it only says what it does and doesn't dump
so much data. Instead, ./configdata.pm should be used as a script
to display all sorts of configuration data.
diff --git a/Configure b/Configure
index a6f5a31..c90a66c 100755
--- a/Configure
+++ b/Configure
@@ -435,8 +435,6 @@ our %disabled = ( # "what" => "comment"
"ssl3" => "default",
"ssl3-method" => "default",
"ubsan" => "default",
- #TODO(TLS1.3): Temporarily disabled while this is a WIP
- "tls1_3" => "default",
"tls13downgrade" => "default",
"unit-test" => "default",
"weak-ssl-ciphers" => "default",
diff --git a/INSTALL b/INSTALL
index 48c25e6..9d1f90d 100644
--- a/INSTALL
+++ b/INSTALL
@@ -482,27 +482,24 @@
likely to complement configuration command line with
suitable compiler-specific option.
- enable-tls1_3
- TODO(TLS1.3): Make this enabled by default
- Build support for TLS1.3. Note: This is a WIP feature and
- only a single draft version is supported. Implementations
- of different draft versions will negotiate TLS 1.2 instead
- of (draft) TLS 1.3. Use with caution!!
-
no-<prot>
Don't build support for negotiating the specified SSL/TLS
- protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, dtls,
- dtls1 or dtls1_2). If "no-tls" is selected then all of tls1,
- tls1_1 and tls1_2 are disabled. Similarly "no-dtls" will
- disable dtls1 and dtls1_2. The "no-ssl" option is synonymous
- with "no-ssl3". Note this only affects version negotiation.
- OpenSSL will still provide the methods for applications to
- explicitly select the individual protocol versions.
+ protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2,
+ tls1_3, dtls, dtls1 or dtls1_2). If "no-tls" is selected then
+ all of tls1, tls1_1, tls1_2 and tls1_3 are disabled.
+ Similarly "no-dtls" will disable dtls1 and dtls1_2. The
+ "no-ssl" option is synonymous with "no-ssl3". Note this only
+ affects version negotiation. OpenSSL will still provide the
+ methods for applications to explicitly select the individual
+ protocol versions.
no-<prot>-method
As for no-<prot> but in addition do not build the methods for
applications to explicitly select individual protocol
- versions.
+ versions. Note that there is no "no-tls1_3-method" option
+ because there is no application method for TLSv1.3. Using
+ invidivial protocol methods directly is deprecated.
+ Applications should use TLS_method() instead.
enable-<alg>
Build with support for the specified algorithm, where <alg>
diff --git a/NEWS b/NEWS
index 0fb5314..425fbd5 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,7 @@
Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.1 [under development]
+ o Support for TLSv1.3 added
o Move the display of configuration data to configdata.pm.
o Allow GNU style "make variables" to be used with Configure.
o Add a STORE module (OSSL_STORE)
diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c
index d3d6998..8fc056a 100644
--- a/engines/e_ossltest.c
+++ b/engines/e_ossltest.c
@@ -593,17 +593,21 @@ int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
int ret;
tmpbuf = OPENSSL_malloc(inl);
- if (tmpbuf == NULL)
+
+ /* OPENSSL_malloc will return NULL if inl == 0 */
+ if (tmpbuf == NULL && inl > 0)
return -1;
/* Remember what we were asked to encrypt */
- memcpy(tmpbuf, in, inl);
+ if (tmpbuf != NULL)
+ memcpy(tmpbuf, in, inl);
/* Go through the motions of encrypting it */
ret = EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_cbc())(ctx, out, in, inl);
/* Throw it all away and just use the plaintext as the output */
- memcpy(out, tmpbuf, inl);
+ if (tmpbuf != NULL)
+ memcpy(out, tmpbuf, inl);
OPENSSL_free(tmpbuf);
return ret;
@@ -626,13 +630,15 @@ int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
return -1;
/* Remember what we were asked to encrypt */
- memcpy(tmpbuf, in, inl);
+ if (tmpbuf != NULL)
+ memcpy(tmpbuf, in, inl);
/* Go through the motions of encrypting it */
EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_gcm())(ctx, out, in, inl);
/* Throw it all away and just use the plaintext as the output */
- memcpy(out, tmpbuf, inl);
+ if (tmpbuf != NULL)
+ memcpy(out, tmpbuf, inl);
OPENSSL_free(tmpbuf);
return inl;
diff --git a/test/clienthellotest.c b/test/clienthellotest.c
index 88e0a1c..f3e9588 100644
--- a/test/clienthellotest.c
+++ b/test/clienthellotest.c
@@ -87,6 +87,15 @@ static int test_client_hello(int currtest)
break;
case TEST_ADD_PADDING_AND_PSK:
+ /*
+ * In this case we're doing TLSv1.3 and we're sending a PSK so the
+ * ClientHello is already going to be quite long. To avoid getting one
+ * that is too long for this test we use a restricted ciphersuite list
+ */
+ if (!TEST_true(SSL_CTX_set_cipher_list(ctx,
+ "TLS13-AES-128-GCM-SHA256")))
+ goto end;
+ /* Fall through */
case TEST_ADD_PADDING:
case TEST_PADDING_NOT_NEEDED:
SSL_CTX_set_options(ctx, SSL_OP_TLSEXT_PADDING);
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index be03388..26bcb39 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -34,7 +34,7 @@ plan tests => 26; # = scalar @conf_srcs
# verify generated sources in the default configuration.
my $is_default_tls = (disabled("ssl3") && !disabled("tls1") &&
!disabled("tls1_1") && !disabled("tls1_2") &&
- disabled("tls1_3"));
+ !disabled("tls1_3"));
my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2"));
diff --git a/test/recipes/90-test_tls13encryption.t b/test/recipes/90-test_tls13encryption.t
index 63e62db..3fb4810 100644
--- a/test/recipes/90-test_tls13encryption.t
+++ b/test/recipes/90-test_tls13encryption.t
@@ -15,6 +15,9 @@ setup($test_name);
plan skip_all => "$test_name is not supported in this build"
if disabled("tls1_3");
+plan skip_all => "This test is unsupported in a shared library build on Windows"
+ if $^O eq 'MSWin32' && !disabled("shared");
+
plan tests => 1;
ok(run(test(["tls13encryptiontest"])), "running tls13encryptiontest");
diff --git a/test/ssl-tests/02-protocol-version.conf b/test/ssl-tests/02-protocol-version.conf
index f18d6a3..d0a64cd 100644
--- a/test/ssl-tests/02-protocol-version.conf
+++ b/test/ssl-tests/02-protocol-version.conf
@@ -1,6 +1,6 @@
# Generated with generate_ssl_tests.pl
-num_tests = 676
+num_tests = 678
test-0 = 0-version-negotiation
test-1 = 1-version-negotiation
@@ -678,6 +678,8 @@ test-672 = 672-version-negotiation
test-673 = 673-version-negotiation
test-674 = 674-version-negotiation
test-675 = 675-version-negotiation
+test-676 = 676-ciphersuite-sanity-check-client
+test-677 = 677-ciphersuite-sanity-check-server
# ===========================================================
[0-version-negotiation]
@@ -3515,7 +3517,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-108]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -3540,7 +3542,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-109]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -3674,7 +3676,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-114]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -3700,7 +3702,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-115]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -3808,7 +3810,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-119]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -3834,7 +3836,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-120]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -3915,7 +3917,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-123]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -3941,7 +3943,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-124]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -3995,7 +3997,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-126]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -4021,7 +4023,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-127]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -4048,7 +4050,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-128]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -4073,7 +4076,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-129]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -4196,7 +4200,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-134]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -4220,7 +4224,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-135]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -4349,7 +4353,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-140]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -4374,7 +4378,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-141]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -4478,7 +4482,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-145]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -4503,7 +4507,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-146]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -4581,7 +4585,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-149]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -4606,7 +4610,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-150]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -4658,7 +4662,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-152]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -4683,7 +4687,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-153]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -4709,7 +4713,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-154]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -4733,7 +4738,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-155]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -7682,7 +7688,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-264]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -7708,7 +7714,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-265]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -7847,7 +7853,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-270]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -7874,7 +7880,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-271]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -7986,7 +7992,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-275]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8013,7 +8019,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-276]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8097,7 +8103,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-279]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8124,7 +8130,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-280]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8180,7 +8186,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-282]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8207,7 +8213,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-283]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8235,7 +8241,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-284]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -8261,7 +8268,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-285]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -8389,7 +8397,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-290]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8414,7 +8422,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-291]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8548,7 +8556,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-296]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8574,7 +8582,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-297]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8682,7 +8690,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-301]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8708,7 +8716,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-302]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8789,7 +8797,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-305]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8815,7 +8823,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-306]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8869,7 +8877,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-308]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8895,7 +8903,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-309]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8922,7 +8930,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-310]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -8947,7 +8956,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-311]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -11206,7 +11216,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-394]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -11232,7 +11242,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-395]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -11371,7 +11381,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-400]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -11398,7 +11408,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-401]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -11510,7 +11520,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-405]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -11537,7 +11547,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-406]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -11621,7 +11631,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-409]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -11648,7 +11658,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-410]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -11704,7 +11714,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-412]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -11731,7 +11741,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-413]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -11759,7 +11769,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-414]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -11785,7 +11796,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-415]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -11913,7 +11925,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-420]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -11938,7 +11950,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-421]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -12072,7 +12084,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-426]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -12098,7 +12110,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-427]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -12206,7 +12218,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-431]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -12232,7 +12244,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-432]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -12313,7 +12325,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-435]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -12339,7 +12351,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-436]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -12393,7 +12405,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-438]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -12419,7 +12431,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-439]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -12446,7 +12458,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-440]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -12471,7 +12484,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-441]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -13938,7 +13952,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-495]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -14018,7 +14032,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-498]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -14044,7 +14058,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-499]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -14099,7 +14113,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-501]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -14182,7 +14196,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-504]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -14209,7 +14223,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-505]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -14237,7 +14251,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-506]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -14320,7 +14334,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-509]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -14347,7 +14361,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-510]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -14431,7 +14445,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-513]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -14458,7 +14472,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-514]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -14514,7 +14528,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-516]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -14541,7 +14555,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-517]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -14569,7 +14583,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-518]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -14595,7 +14610,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-519]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -14645,7 +14661,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-521]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -14722,7 +14738,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-524]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -14747,7 +14763,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-525]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -14800,7 +14816,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-527]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -14880,7 +14896,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-530]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -14906,7 +14922,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-531]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -14933,7 +14949,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-532]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -15013,7 +15029,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-535]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -15039,7 +15055,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-536]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -15120,7 +15136,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-539]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -15146,7 +15162,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-540]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -15200,7 +15216,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-542]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -15226,7 +15242,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-543]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -15253,7 +15269,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-544]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -15278,7 +15295,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-545]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -16035,7 +16053,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-573]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -16061,7 +16079,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-574]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -16114,7 +16132,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-576]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -16140,7 +16158,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-577]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -16195,7 +16213,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-579]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -16222,7 +16240,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-580]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -16277,7 +16295,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-582]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -16304,7 +16322,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-583]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -16332,7 +16350,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-584]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -16359,7 +16377,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-585]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -16414,7 +16432,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-587]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -16441,7 +16459,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-588]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -16469,7 +16487,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-589]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -16524,7 +16542,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-591]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -16551,7 +16569,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-592]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -16607,7 +16625,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-594]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -16634,7 +16652,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-595]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -16662,7 +16680,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-596]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -16688,7 +16707,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-597]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -16738,7 +16758,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-599]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -16763,7 +16783,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-600]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -16814,7 +16834,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-602]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -16839,7 +16859,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-603]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -16892,7 +16912,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-605]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -16918,7 +16938,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-606]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -16971,7 +16991,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-608]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -16997,7 +17017,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-609]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -17024,7 +17044,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-610]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -17050,7 +17070,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-611]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -17103,7 +17123,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-613]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -17129,7 +17149,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-614]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -17156,7 +17176,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-615]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -17209,7 +17229,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-617]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -17235,7 +17255,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-618]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -17289,7 +17309,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-620]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -17315,7 +17335,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-621]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -17342,7 +17362,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-622]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -17367,7 +17388,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-623]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -17393,7 +17415,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-624]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -17419,7 +17441,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-625]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -17445,7 +17467,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-626]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -17471,7 +17493,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-627]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -17497,7 +17519,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-628]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -17522,7 +17545,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-629]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -17549,7 +17573,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-630]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -17576,7 +17600,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-631]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -17603,7 +17627,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-632]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -17630,7 +17654,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-633]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -17657,7 +17681,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-634]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -17683,7 +17708,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-635]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -17710,7 +17736,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-636]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -17737,7 +17763,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-637]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -17764,7 +17790,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-638]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -17791,7 +17817,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-639]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -17817,7 +17844,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-640]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -17844,7 +17872,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-641]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -17871,7 +17899,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-642]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -17898,7 +17926,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-643]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -17924,7 +17953,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-644]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -17951,7 +17981,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-645]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -17978,7 +18008,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-646]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -18004,7 +18035,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-647]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -18031,7 +18063,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-648]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -18057,7 +18090,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-649]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -18082,7 +18116,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-650]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -18107,7 +18141,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-651]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -18132,7 +18166,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-652]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -18157,7 +18191,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-653]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -18182,7 +18216,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-654]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -18206,7 +18241,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-655]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -18232,7 +18268,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-656]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -18258,7 +18294,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-657]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -18284,7 +18320,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-658]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -18310,7 +18346,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-659]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -18336,7 +18372,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-660]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -18361,7 +18398,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-661]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -18387,7 +18425,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-662]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -18413,7 +18451,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-663]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -18439,7 +18477,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-664]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -18465,7 +18503,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-665]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -18490,7 +18529,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-666]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -18516,7 +18556,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-667]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -18542,7 +18582,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-668]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -18568,7 +18608,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-669]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -18593,7 +18634,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-670]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -18619,7 +18661,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-671]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -18645,7 +18687,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-672]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -18670,7 +18713,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-673]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -18696,7 +18740,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-674]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -18721,6 +18766,55 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-675]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[676-ciphersuite-sanity-check-client]
+ssl_conf = 676-ciphersuite-sanity-check-client-ssl
+
+[676-ciphersuite-sanity-check-client-ssl]
+server = 676-ciphersuite-sanity-check-client-server
+client = 676-ciphersuite-sanity-check-client-client
+
+[676-ciphersuite-sanity-check-client-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[676-ciphersuite-sanity-check-client-client]
+CipherString = AES128-SHA
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-676]
ExpectedResult = ClientFail
+# ===========================================================
+
+[677-ciphersuite-sanity-check-server]
+ssl_conf = 677-ciphersuite-sanity-check-server-ssl
+
+[677-ciphersuite-sanity-check-server-ssl]
+server = 677-ciphersuite-sanity-check-server-server
+client = 677-ciphersuite-sanity-check-server-client
+
+[677-ciphersuite-sanity-check-server-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = AES128-SHA
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[677-ciphersuite-sanity-check-server-client]
+CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-677]
+ExpectedResult = ServerFail
+
+
diff --git a/test/ssl-tests/10-resumption.conf b/test/ssl-tests/10-resumption.conf
index b2deee4..73955de 100644
--- a/test/ssl-tests/10-resumption.conf
+++ b/test/ssl-tests/10-resumption.conf
@@ -1,6 +1,6 @@
# Generated with generate_ssl_tests.pl
-num_tests = 36
+num_tests = 65
test-0 = 0-resumption
test-1 = 1-resumption
@@ -38,6 +38,35 @@ test-32 = 32-resumption
test-33 = 33-resumption
test-34 = 34-resumption
test-35 = 35-resumption
+test-36 = 36-resumption
+test-37 = 37-resumption
+test-38 = 38-resumption
+test-39 = 39-resumption
+test-40 = 40-resumption
+test-41 = 41-resumption
+test-42 = 42-resumption
+test-43 = 43-resumption
+test-44 = 44-resumption
+test-45 = 45-resumption
+test-46 = 46-resumption
+test-47 = 47-resumption
+test-48 = 48-resumption
+test-49 = 49-resumption
+test-50 = 50-resumption
+test-51 = 51-resumption
+test-52 = 52-resumption
+test-53 = 53-resumption
+test-54 = 54-resumption
+test-55 = 55-resumption
+test-56 = 56-resumption
+test-57 = 57-resumption
+test-58 = 58-resumption
+test-59 = 59-resumption
+test-60 = 60-resumption
+test-61 = 61-resumption
+test-62 = 62-resumption
+test-63 = 63-resumption
+test-64 = 64-resumption-with-hrr
# ===========================================================
[0-resumption]
@@ -268,15 +297,15 @@ resume-client = 6-resumption-client
[6-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[6-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[6-resumption-client]
@@ -285,7 +314,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-6]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
HandshakeMode = Resume
ResumptionExpected = No
@@ -304,15 +333,15 @@ resume-client = 7-resumption-client
[7-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[7-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[7-resumption-client]
@@ -321,7 +350,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-7]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
HandshakeMode = Resume
ResumptionExpected = No
@@ -348,7 +377,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[8-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[8-resumption-client]
@@ -357,9 +386,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-8]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
# ===========================================================
@@ -384,7 +413,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[9-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[9-resumption-client]
@@ -393,9 +422,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-9]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
# ===========================================================
@@ -420,7 +449,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[10-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[10-resumption-client]
@@ -429,9 +458,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-10]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
# ===========================================================
@@ -456,7 +485,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[11-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[11-resumption-client]
@@ -465,9 +494,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-11]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
# ===========================================================
@@ -484,15 +513,15 @@ resume-client = 12-resumption-client
[12-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[12-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[12-resumption-client]
@@ -501,7 +530,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-12]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
ResumptionExpected = No
@@ -520,15 +549,15 @@ resume-client = 13-resumption-client
[13-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[13-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[13-resumption-client]
@@ -537,7 +566,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-13]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
ResumptionExpected = No
@@ -556,15 +585,15 @@ resume-client = 14-resumption-client
[14-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[14-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[14-resumption-client]
@@ -573,7 +602,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-14]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
HandshakeMode = Resume
ResumptionExpected = No
@@ -592,15 +621,15 @@ resume-client = 15-resumption-client
[15-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[15-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[15-resumption-client]
@@ -609,7 +638,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-15]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
HandshakeMode = Resume
ResumptionExpected = No
@@ -636,7 +665,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[16-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[16-resumption-client]
@@ -645,9 +674,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-16]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
# ===========================================================
@@ -672,7 +701,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[17-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[17-resumption-client]
@@ -681,9 +710,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-17]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
# ===========================================================
@@ -694,32 +723,32 @@ ssl_conf = 18-resumption-ssl
[18-resumption-ssl]
server = 18-resumption-server
client = 18-resumption-client
-resume-server = 18-resumption-server
-resume-client = 18-resumption-resume-client
+resume-server = 18-resumption-resume-server
+resume-client = 18-resumption-client
[18-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[18-resumption-client]
+[18-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[18-resumption-resume-client]
+[18-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-18]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
# ===========================================================
@@ -730,32 +759,32 @@ ssl_conf = 19-resumption-ssl
[19-resumption-ssl]
server = 19-resumption-server
client = 19-resumption-client
-resume-server = 19-resumption-server
-resume-client = 19-resumption-resume-client
+resume-server = 19-resumption-resume-server
+resume-client = 19-resumption-client
[19-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[19-resumption-client]
+[19-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[19-resumption-resume-client]
+[19-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-19]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
# ===========================================================
@@ -766,32 +795,32 @@ ssl_conf = 20-resumption-ssl
[20-resumption-ssl]
server = 20-resumption-server
client = 20-resumption-client
-resume-server = 20-resumption-server
-resume-client = 20-resumption-resume-client
+resume-server = 20-resumption-resume-server
+resume-client = 20-resumption-client
[20-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[20-resumption-client]
+[20-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[20-resumption-resume-client]
+[20-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-20]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
# ===========================================================
@@ -802,32 +831,32 @@ ssl_conf = 21-resumption-ssl
[21-resumption-ssl]
server = 21-resumption-server
client = 21-resumption-client
-resume-server = 21-resumption-server
-resume-client = 21-resumption-resume-client
+resume-server = 21-resumption-resume-server
+resume-client = 21-resumption-client
[21-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[21-resumption-client]
+[21-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[21-resumption-resume-client]
+[21-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-21]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
# ===========================================================
@@ -838,30 +867,30 @@ ssl_conf = 22-resumption-ssl
[22-resumption-ssl]
server = 22-resumption-server
client = 22-resumption-client
-resume-server = 22-resumption-server
-resume-client = 22-resumption-resume-client
+resume-server = 22-resumption-resume-server
+resume-client = 22-resumption-client
[22-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[22-resumption-client]
+[22-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[22-resumption-resume-client]
+[22-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-22]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
HandshakeMode = Resume
ResumptionExpected = No
@@ -874,30 +903,30 @@ ssl_conf = 23-resumption-ssl
[23-resumption-ssl]
server = 23-resumption-server
client = 23-resumption-client
-resume-server = 23-resumption-server
-resume-client = 23-resumption-resume-client
+resume-server = 23-resumption-resume-server
+resume-client = 23-resumption-client
[23-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[23-resumption-client]
+[23-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[23-resumption-resume-client]
+[23-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-23]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
HandshakeMode = Resume
ResumptionExpected = No
@@ -910,25 +939,25 @@ ssl_conf = 24-resumption-ssl
[24-resumption-ssl]
server = 24-resumption-server
client = 24-resumption-client
-resume-server = 24-resumption-server
-resume-client = 24-resumption-resume-client
+resume-server = 24-resumption-resume-server
+resume-client = 24-resumption-client
[24-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[24-resumption-client]
+[24-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[24-resumption-resume-client]
+[24-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -946,25 +975,25 @@ ssl_conf = 25-resumption-ssl
[25-resumption-ssl]
server = 25-resumption-server
client = 25-resumption-client
-resume-server = 25-resumption-server
-resume-client = 25-resumption-resume-client
+resume-server = 25-resumption-resume-server
+resume-client = 25-resumption-client
[25-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[25-resumption-client]
+[25-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[25-resumption-resume-client]
+[25-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -982,32 +1011,32 @@ ssl_conf = 26-resumption-ssl
[26-resumption-ssl]
server = 26-resumption-server
client = 26-resumption-client
-resume-server = 26-resumption-server
-resume-client = 26-resumption-resume-client
+resume-server = 26-resumption-resume-server
+resume-client = 26-resumption-client
[26-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[26-resumption-client]
+[26-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[26-resumption-resume-client]
+[26-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-26]
ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
# ===========================================================
@@ -1018,32 +1047,32 @@ ssl_conf = 27-resumption-ssl
[27-resumption-ssl]
server = 27-resumption-server
client = 27-resumption-client
-resume-server = 27-resumption-server
-resume-client = 27-resumption-resume-client
+resume-server = 27-resumption-resume-server
+resume-client = 27-resumption-client
[27-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[27-resumption-client]
+[27-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[27-resumption-resume-client]
+[27-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-27]
ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
# ===========================================================
@@ -1054,25 +1083,25 @@ ssl_conf = 28-resumption-ssl
[28-resumption-ssl]
server = 28-resumption-server
client = 28-resumption-client
-resume-server = 28-resumption-server
-resume-client = 28-resumption-resume-client
+resume-server = 28-resumption-resume-server
+resume-client = 28-resumption-client
[28-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[28-resumption-client]
+[28-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[28-resumption-resume-client]
+[28-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -1090,25 +1119,25 @@ ssl_conf = 29-resumption-ssl
[29-resumption-ssl]
server = 29-resumption-server
client = 29-resumption-client
-resume-server = 29-resumption-server
-resume-client = 29-resumption-resume-client
+resume-server = 29-resumption-resume-server
+resume-client = 29-resumption-client
[29-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[29-resumption-client]
+[29-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[29-resumption-resume-client]
+[29-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -1126,32 +1155,32 @@ ssl_conf = 30-resumption-ssl
[30-resumption-ssl]
server = 30-resumption-server
client = 30-resumption-client
-resume-server = 30-resumption-server
-resume-client = 30-resumption-resume-client
+resume-server = 30-resumption-resume-server
+resume-client = 30-resumption-client
[30-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[30-resumption-client]
+[30-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[30-resumption-resume-client]
+[30-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-30]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
# ===========================================================
@@ -1162,32 +1191,32 @@ ssl_conf = 31-resumption-ssl
[31-resumption-ssl]
server = 31-resumption-server
client = 31-resumption-client
-resume-server = 31-resumption-server
-resume-client = 31-resumption-resume-client
+resume-server = 31-resumption-resume-server
+resume-client = 31-resumption-client
[31-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[31-resumption-client]
+[31-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[31-resumption-resume-client]
+[31-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-31]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
# ===========================================================
@@ -1209,21 +1238,21 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[32-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[32-resumption-resume-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-32]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
# ===========================================================
@@ -1245,21 +1274,21 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[33-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[33-resumption-resume-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-33]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
# ===========================================================
@@ -1281,21 +1310,21 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[34-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[34-resumption-resume-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-34]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
# ===========================================================
@@ -1317,20 +1346,1062 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[35-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[35-resumption-resume-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-35]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[36-resumption]
+ssl_conf = 36-resumption-ssl
+
+[36-resumption-ssl]
+server = 36-resumption-server
+client = 36-resumption-client
+resume-server = 36-resumption-server
+resume-client = 36-resumption-resume-client
+
+[36-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[36-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[36-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-36]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[37-resumption]
+ssl_conf = 37-resumption-ssl
+
+[37-resumption-ssl]
+server = 37-resumption-server
+client = 37-resumption-client
+resume-server = 37-resumption-server
+resume-client = 37-resumption-resume-client
+
+[37-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[37-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[37-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-37]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[38-resumption]
+ssl_conf = 38-resumption-ssl
+
+[38-resumption-ssl]
+server = 38-resumption-server
+client = 38-resumption-client
+resume-server = 38-resumption-server
+resume-client = 38-resumption-resume-client
+
+[38-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[38-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[38-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-38]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[39-resumption]
+ssl_conf = 39-resumption-ssl
+
+[39-resumption-ssl]
+server = 39-resumption-server
+client = 39-resumption-client
+resume-server = 39-resumption-server
+resume-client = 39-resumption-resume-client
+
+[39-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[39-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[39-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-39]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[40-resumption]
+ssl_conf = 40-resumption-ssl
+
+[40-resumption-ssl]
+server = 40-resumption-server
+client = 40-resumption-client
+resume-server = 40-resumption-server
+resume-client = 40-resumption-resume-client
+
+[40-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[40-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[40-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-40]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[41-resumption]
+ssl_conf = 41-resumption-ssl
+
+[41-resumption-ssl]
+server = 41-resumption-server
+client = 41-resumption-client
+resume-server = 41-resumption-server
+resume-client = 41-resumption-resume-client
+
+[41-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[41-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[41-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-41]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[42-resumption]
+ssl_conf = 42-resumption-ssl
+
+[42-resumption-ssl]
+server = 42-resumption-server
+client = 42-resumption-client
+resume-server = 42-resumption-server
+resume-client = 42-resumption-resume-client
+
+[42-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[42-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[42-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-42]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[43-resumption]
+ssl_conf = 43-resumption-ssl
+
+[43-resumption-ssl]
+server = 43-resumption-server
+client = 43-resumption-client
+resume-server = 43-resumption-server
+resume-client = 43-resumption-resume-client
+
+[43-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[43-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[43-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-43]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[44-resumption]
+ssl_conf = 44-resumption-ssl
+
+[44-resumption-ssl]
+server = 44-resumption-server
+client = 44-resumption-client
+resume-server = 44-resumption-server
+resume-client = 44-resumption-resume-client
+
+[44-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[44-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[44-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-44]
ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[45-resumption]
+ssl_conf = 45-resumption-ssl
+
+[45-resumption-ssl]
+server = 45-resumption-server
+client = 45-resumption-client
+resume-server = 45-resumption-server
+resume-client = 45-resumption-resume-client
+
+[45-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[45-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[45-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-45]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[46-resumption]
+ssl_conf = 46-resumption-ssl
+
+[46-resumption-ssl]
+server = 46-resumption-server
+client = 46-resumption-client
+resume-server = 46-resumption-server
+resume-client = 46-resumption-resume-client
+
+[46-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[46-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[46-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-46]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[47-resumption]
+ssl_conf = 47-resumption-ssl
+
+[47-resumption-ssl]
+server = 47-resumption-server
+client = 47-resumption-client
+resume-server = 47-resumption-server
+resume-client = 47-resumption-resume-client
+
+[47-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[47-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[47-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-47]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[48-resumption]
+ssl_conf = 48-resumption-ssl
+
+[48-resumption-ssl]
+server = 48-resumption-server
+client = 48-resumption-client
+resume-server = 48-resumption-server
+resume-client = 48-resumption-resume-client
+
+[48-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[48-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[48-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-48]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[49-resumption]
+ssl_conf = 49-resumption-ssl
+
+[49-resumption-ssl]
+server = 49-resumption-server
+client = 49-resumption-client
+resume-server = 49-resumption-server
+resume-client = 49-resumption-resume-client
+
+[49-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[49-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[49-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-49]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[50-resumption]
+ssl_conf = 50-resumption-ssl
+
+[50-resumption-ssl]
+server = 50-resumption-server
+client = 50-resumption-client
+resume-server = 50-resumption-server
+resume-client = 50-resumption-resume-client
+
+[50-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[50-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[50-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-50]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[51-resumption]
+ssl_conf = 51-resumption-ssl
+
+[51-resumption-ssl]
+server = 51-resumption-server
+client = 51-resumption-client
+resume-server = 51-resumption-server
+resume-client = 51-resumption-resume-client
+
+[51-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[51-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[51-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-51]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[52-resumption]
+ssl_conf = 52-resumption-ssl
+
+[52-resumption-ssl]
+server = 52-resumption-server
+client = 52-resumption-client
+resume-server = 52-resumption-server
+resume-client = 52-resumption-resume-client
+
+[52-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[52-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[52-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-52]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[53-resumption]
+ssl_conf = 53-resumption-ssl
+
+[53-resumption-ssl]
+server = 53-resumption-server
+client = 53-resumption-client
+resume-server = 53-resumption-server
+resume-client = 53-resumption-resume-client
+
+[53-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[53-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[53-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-53]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[54-resumption]
+ssl_conf = 54-resumption-ssl
+
+[54-resumption-ssl]
+server = 54-resumption-server
+client = 54-resumption-client
+resume-server = 54-resumption-server
+resume-client = 54-resumption-resume-client
+
+[54-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[54-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[54-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-54]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[55-resumption]
+ssl_conf = 55-resumption-ssl
+
+[55-resumption-ssl]
+server = 55-resumption-server
+client = 55-resumption-client
+resume-server = 55-resumption-server
+resume-client = 55-resumption-resume-client
+
+[55-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[55-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[55-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-55]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[56-resumption]
+ssl_conf = 56-resumption-ssl
+
+[56-resumption-ssl]
+server = 56-resumption-server
+client = 56-resumption-client
+resume-server = 56-resumption-server
+resume-client = 56-resumption-resume-client
+
+[56-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[56-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[56-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-56]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[57-resumption]
+ssl_conf = 57-resumption-ssl
+
+[57-resumption-ssl]
+server = 57-resumption-server
+client = 57-resumption-client
+resume-server = 57-resumption-server
+resume-client = 57-resumption-resume-client
+
+[57-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[57-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[57-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-57]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[58-resumption]
+ssl_conf = 58-resumption-ssl
+
+[58-resumption-ssl]
+server = 58-resumption-server
+client = 58-resumption-client
+resume-server = 58-resumption-server
+resume-client = 58-resumption-resume-client
+
+[58-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[58-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[58-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-58]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[59-resumption]
+ssl_conf = 59-resumption-ssl
+
+[59-resumption-ssl]
+server = 59-resumption-server
+client = 59-resumption-client
+resume-server = 59-resumption-server
+resume-client = 59-resumption-resume-client
+
+[59-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[59-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[59-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-59]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[60-resumption]
+ssl_conf = 60-resumption-ssl
+
+[60-resumption-ssl]
+server = 60-resumption-server
+client = 60-resumption-client
+resume-server = 60-resumption-server
+resume-client = 60-resumption-resume-client
+
+[60-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[60-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[60-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-60]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[61-resumption]
+ssl_conf = 61-resumption-ssl
+
+[61-resumption-ssl]
+server = 61-resumption-server
+client = 61-resumption-client
+resume-server = 61-resumption-server
+resume-client = 61-resumption-resume-client
+
+[61-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[61-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[61-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-61]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[62-resumption]
+ssl_conf = 62-resumption-ssl
+
+[62-resumption-ssl]
+server = 62-resumption-server
+client = 62-resumption-client
+resume-server = 62-resumption-server
+resume-client = 62-resumption-resume-client
+
+[62-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[62-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[62-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-62]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[63-resumption]
+ssl_conf = 63-resumption-ssl
+
+[63-resumption-ssl]
+server = 63-resumption-server
+client = 63-resumption-client
+resume-server = 63-resumption-server
+resume-client = 63-resumption-resume-client
+
+[63-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[63-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[63-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-63]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[64-resumption-with-hrr]
+ssl_conf = 64-resumption-with-hrr-ssl
+
+[64-resumption-with-hrr-ssl]
+server = 64-resumption-with-hrr-server
+client = 64-resumption-with-hrr-client
+resume-server = 64-resumption-with-hrr-server
+resume-client = 64-resumption-with-hrr-resume-client
+
+[64-resumption-with-hrr-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = P-256
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[64-resumption-with-hrr-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[64-resumption-with-hrr-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-64]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+Method = TLS
ResumptionExpected = Yes
diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf
index 47ff667..609e216 100644
--- a/test/ssl-tests/20-cert-select.conf
+++ b/test/ssl-tests/20-cert-select.conf
@@ -1,6 +1,6 @@
# Generated with generate_ssl_tests.pl
-num_tests = 23
+num_tests = 39
test-0 = 0-ECDSA CipherString Selection
test-1 = 1-Ed25519 CipherString and Signature Algorithm Selection
@@ -24,7 +24,23 @@ test-18 = 18-Suite B P-256 Hash Algorithm Selection
test-19 = 19-Suite B P-384 Hash Algorithm Selection
test-20 = 20-TLS 1.2 Ed25519 Client Auth
test-21 = 21-Only RSA-PSS Certificate, TLS v1.1
-test-22 = 22-TLS 1.2 DSA Certificate Test
+test-22 = 22-TLS 1.3 ECDSA Signature Algorithm Selection
+test-23 = 23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point
+test-24 = 24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1
+test-25 = 25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS
+test-26 = 26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS
+test-27 = 27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate
+test-28 = 28-TLS 1.3 RSA Signature Algorithm Selection, no PSS
+test-29 = 29-TLS 1.3 RSA-PSS Signature Algorithm Selection
+test-30 = 30-TLS 1.3 Ed25519 Signature Algorithm Selection
+test-31 = 31-TLS 1.3 Ed25519 CipherString and Groups Selection
+test-32 = 32-TLS 1.3 RSA Client Auth Signature Algorithm Selection
+test-33 = 33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names
+test-34 = 34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection
+test-35 = 35-TLS 1.3 Ed25519 Client Auth
+test-36 = 36-TLS 1.2 DSA Certificate Test
+test-37 = 37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms
+test-38 = 38-TLS 1.3 DSA Certificate Test
# ===========================================================
[0-ECDSA CipherString Selection]
@@ -697,14 +713,467 @@ ExpectedResult = ServerFail
# ===========================================================
-[22-TLS 1.2 DSA Certificate Test]
-ssl_conf = 22-TLS 1.2 DSA Certificate Test-ssl
+[22-TLS 1.3 ECDSA Signature Algorithm Selection]
+ssl_conf = 22-TLS 1.3 ECDSA Signature Algorithm Selection-ssl
-[22-TLS 1.2 DSA Certificate Test-ssl]
-server = 22-TLS 1.2 DSA Certificate Test-server
-client = 22-TLS 1.2 DSA Certificate Test-client
+[22-TLS 1.3 ECDSA Signature Algorithm Selection-ssl]
+server = 22-TLS 1.3 ECDSA Signature Algorithm Selection-server
+client = 22-TLS 1.3 ECDSA Signature Algorithm Selection-client
-[22-TLS 1.2 DSA Certificate Test-server]
+[22-TLS 1.3 ECDSA Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[22-TLS 1.3 ECDSA Signature Algorithm Selection-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-22]
+ExpectedResult = Success
+ExpectedServerCANames = empty
+ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point]
+ssl_conf = 23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl
+
+[23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl]
+server = 23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server
+client = 23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client
+
+[23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-23]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1]
+ssl_conf = 24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl
+
+[24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl]
+server = 24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server
+client = 24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client
+
+[24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-24]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS]
+ssl_conf = 25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl
+
+[25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl]
+server = 25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server
+client = 25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client
+
+[25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client]
+CipherString = DEFAULT
+RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-25]
+ExpectedResult = Success
+ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS]
+ssl_conf = 26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl
+
+[26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl]
+server = 26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server
+client = 26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client
+
+[26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-26]
+ExpectedResult = Success
+ExpectedServerCertType = RSA
+ExpectedServerSignHash = SHA384
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate]
+ssl_conf = 27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
+
+[27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
+server = 27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server
+client = 27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client
+
+[27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-27]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[28-TLS 1.3 RSA Signature Algorithm Selection, no PSS]
+ssl_conf = 28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl
+
+[28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl]
+server = 28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server
+client = 28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client
+
+[28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client]
+CipherString = DEFAULT
+SignatureAlgorithms = RSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-28]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[29-TLS 1.3 RSA-PSS Signature Algorithm Selection]
+ssl_conf = 29-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl
+
+[29-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl]
+server = 29-TLS 1.3 RSA-PSS Signature Algorithm Selection-server
+client = 29-TLS 1.3 RSA-PSS Signature Algorithm Selection-client
+
+[29-TLS 1.3 RSA-PSS Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[29-TLS 1.3 RSA-PSS Signature Algorithm Selection-client]
+CipherString = DEFAULT
+SignatureAlgorithms = RSA-PSS+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-29]
+ExpectedResult = Success
+ExpectedServerCertType = RSA
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[30-TLS 1.3 Ed25519 Signature Algorithm Selection]
+ssl_conf = 30-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl
+
+[30-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl]
+server = 30-TLS 1.3 Ed25519 Signature Algorithm Selection-server
+client = 30-TLS 1.3 Ed25519 Signature Algorithm Selection-client
+
+[30-TLS 1.3 Ed25519 Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[30-TLS 1.3 Ed25519 Signature Algorithm Selection-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ed25519
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-30]
+ExpectedResult = Success
+ExpectedServerCertType = Ed25519
+ExpectedServerSignType = Ed25519
+
+
+# ===========================================================
+
+[31-TLS 1.3 Ed25519 CipherString and Groups Selection]
+ssl_conf = 31-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl
+
+[31-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl]
+server = 31-TLS 1.3 Ed25519 CipherString and Groups Selection-server
+client = 31-TLS 1.3 Ed25519 CipherString and Groups Selection-client
+
+[31-TLS 1.3 Ed25519 CipherString and Groups Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[31-TLS 1.3 Ed25519 CipherString and Groups Selection-client]
+CipherString = DEFAULT
+Groups = X25519
+SignatureAlgorithms = ECDSA+SHA256:ed25519
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-31]
+ExpectedResult = Success
+ExpectedServerCertType = P-256
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[32-TLS 1.3 RSA Client Auth Signature Algorithm Selection]
+ssl_conf = 32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl
+
+[32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl]
+server = 32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server
+client = 32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client
+
+[32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientSignatureAlgorithms = PSS+SHA256
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client]
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-32]
+ExpectedClientCANames = empty
+ExpectedClientCertType = RSA
+ExpectedClientSignHash = SHA256
+ExpectedClientSignType = RSA-PSS
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names]
+ssl_conf = 33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl
+
+[33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl]
+server = 33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server
+client = 33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client
+
+[33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientSignatureAlgorithms = PSS+SHA256
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client]
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-33]
+ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ExpectedClientCertType = RSA
+ExpectedClientSignHash = SHA256
+ExpectedClientSignType = RSA-PSS
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection]
+ssl_conf = 34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl
+
+[34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl]
+server = 34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server
+client = 34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client
+
+[34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientSignatureAlgorithms = ECDSA+SHA256
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client]
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-34]
+ExpectedClientCertType = P-256
+ExpectedClientSignHash = SHA256
+ExpectedClientSignType = EC
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[35-TLS 1.3 Ed25519 Client Auth]
+ssl_conf = 35-TLS 1.3 Ed25519 Client Auth-ssl
+
+[35-TLS 1.3 Ed25519 Client Auth-ssl]
+server = 35-TLS 1.3 Ed25519 Client Auth-server
+client = 35-TLS 1.3 Ed25519 Client Auth-client
+
+[35-TLS 1.3 Ed25519 Client Auth-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[35-TLS 1.3 Ed25519 Client Auth-client]
+CipherString = DEFAULT
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-35]
+ExpectedClientCertType = Ed25519
+ExpectedClientSignType = Ed25519
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[36-TLS 1.2 DSA Certificate Test]
+ssl_conf = 36-TLS 1.2 DSA Certificate Test-ssl
+
+[36-TLS 1.2 DSA Certificate Test-ssl]
+server = 36-TLS 1.2 DSA Certificate Test-server
+client = 36-TLS 1.2 DSA Certificate Test-client
+
+[36-TLS 1.2 DSA Certificate Test-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = ALL
DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
@@ -714,13 +1183,67 @@ MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[22-TLS 1.2 DSA Certificate Test-client]
+[36-TLS 1.2 DSA Certificate Test-client]
CipherString = ALL
SignatureAlgorithms = DSA+SHA256:DSA+SHA1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-22]
+[test-36]
ExpectedResult = Success
+# ===========================================================
+
+[37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms]
+ssl_conf = 37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl
+
+[37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl]
+server = 37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server
+client = 37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client
+
+[37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-37]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[38-TLS 1.3 DSA Certificate Test]
+ssl_conf = 38-TLS 1.3 DSA Certificate Test-ssl
+
+[38-TLS 1.3 DSA Certificate Test-ssl]
+server = 38-TLS 1.3 DSA Certificate Test-server
+client = 38-TLS 1.3 DSA Certificate Test-client
+
+[38-TLS 1.3 DSA Certificate Test-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = ALL
+DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
+DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[38-TLS 1.3 DSA Certificate Test-client]
+CipherString = ALL
+SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-38]
+ExpectedResult = ServerFail
+
+
diff --git a/test/ssl-tests/22-compression.conf b/test/ssl-tests/22-compression.conf
index 999b008..c85d312 100644
--- a/test/ssl-tests/22-compression.conf
+++ b/test/ssl-tests/22-compression.conf
@@ -1,111 +1,215 @@
# Generated with generate_ssl_tests.pl
-num_tests = 4
+num_tests = 8
+
+test-0 = 0-tlsv1_3-both-compress
+test-1 = 1-tlsv1_3-client-compress
+test-2 = 2-tlsv1_3-server-compress
+test-3 = 3-tlsv1_3-neither-compress
+test-4 = 4-tlsv1_2-both-compress
+test-5 = 5-tlsv1_2-client-compress
+test-6 = 6-tlsv1_2-server-compress
+test-7 = 7-tlsv1_2-neither-compress
+# ===========================================================
+
+[0-tlsv1_3-both-compress]
+ssl_conf = 0-tlsv1_3-both-compress-ssl
+
+[0-tlsv1_3-both-compress-ssl]
+server = 0-tlsv1_3-both-compress-server
+client = 0-tlsv1_3-both-compress-client
+
+[0-tlsv1_3-both-compress-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = Compression
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-tlsv1_3-both-compress-client]
+CipherString = DEFAULT
+Options = Compression
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+CompressionExpected = No
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[1-tlsv1_3-client-compress]
+ssl_conf = 1-tlsv1_3-client-compress-ssl
+
+[1-tlsv1_3-client-compress-ssl]
+server = 1-tlsv1_3-client-compress-server
+client = 1-tlsv1_3-client-compress-client
+
+[1-tlsv1_3-client-compress-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-tlsv1_3-client-compress-client]
+CipherString = DEFAULT
+Options = Compression
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+CompressionExpected = No
+ExpectedResult = Success
+
-test-0 = 0-tlsv1_2-both-compress
-test-1 = 1-tlsv1_2-client-compress
-test-2 = 2-tlsv1_2-server-compress
-test-3 = 3-tlsv1_2-neither-compress
# ===========================================================
-[0-tlsv1_2-both-compress]
-ssl_conf = 0-tlsv1_2-both-compress-ssl
+[2-tlsv1_3-server-compress]
+ssl_conf = 2-tlsv1_3-server-compress-ssl
-[0-tlsv1_2-both-compress-ssl]
-server = 0-tlsv1_2-both-compress-server
-client = 0-tlsv1_2-both-compress-client
+[2-tlsv1_3-server-compress-ssl]
+server = 2-tlsv1_3-server-compress-server
+client = 2-tlsv1_3-server-compress-client
-[0-tlsv1_2-both-compress-server]
+[2-tlsv1_3-server-compress-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Options = Compression
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[0-tlsv1_2-both-compress-client]
+[2-tlsv1_3-server-compress-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+CompressionExpected = No
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[3-tlsv1_3-neither-compress]
+ssl_conf = 3-tlsv1_3-neither-compress-ssl
+
+[3-tlsv1_3-neither-compress-ssl]
+server = 3-tlsv1_3-neither-compress-server
+client = 3-tlsv1_3-neither-compress-client
+
+[3-tlsv1_3-neither-compress-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-tlsv1_3-neither-compress-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+CompressionExpected = No
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[4-tlsv1_2-both-compress]
+ssl_conf = 4-tlsv1_2-both-compress-ssl
+
+[4-tlsv1_2-both-compress-ssl]
+server = 4-tlsv1_2-both-compress-server
+client = 4-tlsv1_2-both-compress-client
+
+[4-tlsv1_2-both-compress-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = Compression
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-tlsv1_2-both-compress-client]
CipherString = DEFAULT
MaxProtocol = TLSv1.2
Options = Compression
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-0]
+[test-4]
CompressionExpected = Yes
ExpectedResult = Success
# ===========================================================
-[1-tlsv1_2-client-compress]
-ssl_conf = 1-tlsv1_2-client-compress-ssl
+[5-tlsv1_2-client-compress]
+ssl_conf = 5-tlsv1_2-client-compress-ssl
-[1-tlsv1_2-client-compress-ssl]
-server = 1-tlsv1_2-client-compress-server
-client = 1-tlsv1_2-client-compress-client
+[5-tlsv1_2-client-compress-ssl]
+server = 5-tlsv1_2-client-compress-server
+client = 5-tlsv1_2-client-compress-client
-[1-tlsv1_2-client-compress-server]
+[5-tlsv1_2-client-compress-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[1-tlsv1_2-client-compress-client]
+[5-tlsv1_2-client-compress-client]
CipherString = DEFAULT
MaxProtocol = TLSv1.2
Options = Compression
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-1]
+[test-5]
CompressionExpected = No
ExpectedResult = Success
# ===========================================================
-[2-tlsv1_2-server-compress]
-ssl_conf = 2-tlsv1_2-server-compress-ssl
+[6-tlsv1_2-server-compress]
+ssl_conf = 6-tlsv1_2-server-compress-ssl
-[2-tlsv1_2-server-compress-ssl]
-server = 2-tlsv1_2-server-compress-server
-client = 2-tlsv1_2-server-compress-client
+[6-tlsv1_2-server-compress-ssl]
+server = 6-tlsv1_2-server-compress-server
+client = 6-tlsv1_2-server-compress-client
-[2-tlsv1_2-server-compress-server]
+[6-tlsv1_2-server-compress-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Options = Compression
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[2-tlsv1_2-server-compress-client]
+[6-tlsv1_2-server-compress-client]
CipherString = DEFAULT
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-2]
+[test-6]
CompressionExpected = No
ExpectedResult = Success
# ===========================================================
-[3-tlsv1_2-neither-compress]
-ssl_conf = 3-tlsv1_2-neither-compress-ssl
+[7-tlsv1_2-neither-compress]
+ssl_conf = 7-tlsv1_2-neither-compress-ssl
-[3-tlsv1_2-neither-compress-ssl]
-server = 3-tlsv1_2-neither-compress-server
-client = 3-tlsv1_2-neither-compress-client
+[7-tlsv1_2-neither-compress-ssl]
+server = 7-tlsv1_2-neither-compress-server
+client = 7-tlsv1_2-neither-compress-client
-[3-tlsv1_2-neither-compress-server]
+[7-tlsv1_2-neither-compress-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[3-tlsv1_2-neither-compress-client]
+[7-tlsv1_2-neither-compress-client]
CipherString = DEFAULT
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-3]
+[test-7]
CompressionExpected = No
ExpectedResult = Success
More information about the openssl-commits
mailing list