|  | # Generated with generate_ssl_tests.pl | 
|  |  | 
|  | num_tests = 56 | 
|  |  | 
|  | test-0 = 0-ECDSA CipherString Selection | 
|  | test-1 = 1-ECDSA CipherString Selection | 
|  | test-2 = 2-ECDSA CipherString Selection | 
|  | test-3 = 3-Ed25519 CipherString and Signature Algorithm Selection | 
|  | test-4 = 4-Ed448 CipherString and Signature Algorithm Selection | 
|  | test-5 = 5-ECDSA with brainpool | 
|  | test-6 = 6-RSA CipherString Selection | 
|  | test-7 = 7-RSA-PSS Certificate CipherString Selection | 
|  | test-8 = 8-P-256 CipherString and Signature Algorithm Selection | 
|  | test-9 = 9-Ed25519 CipherString and Curves Selection | 
|  | test-10 = 10-Ed448 CipherString and Curves Selection | 
|  | test-11 = 11-ECDSA CipherString Selection, no ECDSA certificate | 
|  | test-12 = 12-ECDSA Signature Algorithm Selection | 
|  | test-13 = 13-ECDSA Signature Algorithm Selection SHA384 | 
|  | test-14 = 14-ECDSA Signature Algorithm Selection SHA1 | 
|  | test-15 = 15-ECDSA Signature Algorithm Selection compressed point | 
|  | test-16 = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate | 
|  | test-17 = 17-RSA Signature Algorithm Selection | 
|  | test-18 = 18-RSA-PSS Signature Algorithm Selection | 
|  | test-19 = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection | 
|  | test-20 = 20-RSA-PSS Certificate Unified Signature Algorithm Selection | 
|  | test-21 = 21-Only RSA-PSS Certificate | 
|  | test-22 = 22-Only RSA-PSS Certificate Valid Signature Algorithms | 
|  | test-23 = 23-RSA-PSS Certificate, no PSS signature algorithms | 
|  | test-24 = 24-Only RSA-PSS Restricted Certificate | 
|  | test-25 = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms | 
|  | test-26 = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm | 
|  | test-27 = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms | 
|  | test-28 = 28-RSA key exchange with all RSA certificate types | 
|  | test-29 = 29-RSA key exchange with only RSA-PSS certificate | 
|  | test-30 = 30-Suite B P-256 Hash Algorithm Selection | 
|  | test-31 = 31-Suite B P-384 Hash Algorithm Selection | 
|  | test-32 = 32-TLS 1.2 Ed25519 Client Auth | 
|  | test-33 = 33-TLS 1.2 Ed448 Client Auth | 
|  | test-34 = 34-Only RSA-PSS Certificate, TLS v1.1 | 
|  | test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection | 
|  | test-36 = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point | 
|  | test-37 = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1 | 
|  | test-38 = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS | 
|  | test-39 = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS | 
|  | test-40 = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate | 
|  | test-41 = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS | 
|  | test-42 = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection | 
|  | test-43 = 43-TLS 1.3 Ed25519 Signature Algorithm Selection | 
|  | test-44 = 44-TLS 1.3 Ed448 Signature Algorithm Selection | 
|  | test-45 = 45-TLS 1.3 Ed25519 CipherString and Groups Selection | 
|  | test-46 = 46-TLS 1.3 Ed448 CipherString and Groups Selection | 
|  | test-47 = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection | 
|  | test-48 = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names | 
|  | test-49 = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection | 
|  | test-50 = 50-TLS 1.3 Ed25519 Client Auth | 
|  | test-51 = 51-TLS 1.3 Ed448 Client Auth | 
|  | test-52 = 52-TLS 1.3 ECDSA with brainpool | 
|  | test-53 = 53-TLS 1.2 DSA Certificate Test | 
|  | test-54 = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms | 
|  | test-55 = 55-TLS 1.3 DSA Certificate Test | 
|  | # =========================================================== | 
|  |  | 
|  | [0-ECDSA CipherString Selection] | 
|  | ssl_conf = 0-ECDSA CipherString Selection-ssl | 
|  |  | 
|  | [0-ECDSA CipherString Selection-ssl] | 
|  | server = 0-ECDSA CipherString Selection-server | 
|  | client = 0-ECDSA CipherString Selection-client | 
|  |  | 
|  | [0-ECDSA CipherString Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [0-ECDSA CipherString Selection-client] | 
|  | CipherString = aECDSA | 
|  | MaxProtocol = TLSv1.2 | 
|  | RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-0] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCANames = empty | 
|  | ExpectedServerCertType = P-256 | 
|  | ExpectedServerSignType = EC | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [1-ECDSA CipherString Selection] | 
|  | ssl_conf = 1-ECDSA CipherString Selection-ssl | 
|  |  | 
|  | [1-ECDSA CipherString Selection-ssl] | 
|  | server = 1-ECDSA CipherString Selection-server | 
|  | client = 1-ECDSA CipherString Selection-client | 
|  |  | 
|  | [1-ECDSA CipherString Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Groups = P-384 | 
|  | MaxProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [1-ECDSA CipherString Selection-client] | 
|  | CipherString = aECDSA | 
|  | Groups = P-256:P-384 | 
|  | MaxProtocol = TLSv1.2 | 
|  | RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-1] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCANames = empty | 
|  | ExpectedServerCertType = P-256 | 
|  | ExpectedServerSignType = EC | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [2-ECDSA CipherString Selection] | 
|  | ssl_conf = 2-ECDSA CipherString Selection-ssl | 
|  |  | 
|  | [2-ECDSA CipherString Selection-ssl] | 
|  | server = 2-ECDSA CipherString Selection-server | 
|  | client = 2-ECDSA CipherString Selection-client | 
|  |  | 
|  | [2-ECDSA CipherString Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Groups = P-256:P-384 | 
|  | MaxProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [2-ECDSA CipherString Selection-client] | 
|  | CipherString = aECDSA | 
|  | Groups = P-384 | 
|  | MaxProtocol = TLSv1.2 | 
|  | RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-2] | 
|  | ExpectedResult = ServerFail | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [3-Ed25519 CipherString and Signature Algorithm Selection] | 
|  | ssl_conf = 3-Ed25519 CipherString and Signature Algorithm Selection-ssl | 
|  |  | 
|  | [3-Ed25519 CipherString and Signature Algorithm Selection-ssl] | 
|  | server = 3-Ed25519 CipherString and Signature Algorithm Selection-server | 
|  | client = 3-Ed25519 CipherString and Signature Algorithm Selection-client | 
|  |  | 
|  | [3-Ed25519 CipherString and Signature Algorithm Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [3-Ed25519 CipherString and Signature Algorithm Selection-client] | 
|  | CipherString = aECDSA | 
|  | MaxProtocol = TLSv1.2 | 
|  | RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | 
|  | SignatureAlgorithms = ed25519:ECDSA+SHA256 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-3] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCANames = empty | 
|  | ExpectedServerCertType = Ed25519 | 
|  | ExpectedServerSignType = Ed25519 | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [4-Ed448 CipherString and Signature Algorithm Selection] | 
|  | ssl_conf = 4-Ed448 CipherString and Signature Algorithm Selection-ssl | 
|  |  | 
|  | [4-Ed448 CipherString and Signature Algorithm Selection-ssl] | 
|  | server = 4-Ed448 CipherString and Signature Algorithm Selection-server | 
|  | client = 4-Ed448 CipherString and Signature Algorithm Selection-client | 
|  |  | 
|  | [4-Ed448 CipherString and Signature Algorithm Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [4-Ed448 CipherString and Signature Algorithm Selection-client] | 
|  | CipherString = aECDSA | 
|  | MaxProtocol = TLSv1.2 | 
|  | RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem | 
|  | SignatureAlgorithms = ed448:ECDSA+SHA256 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-4] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCANames = empty | 
|  | ExpectedServerCertType = Ed448 | 
|  | ExpectedServerSignType = Ed448 | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [5-ECDSA with brainpool] | 
|  | ssl_conf = 5-ECDSA with brainpool-ssl | 
|  |  | 
|  | [5-ECDSA with brainpool-ssl] | 
|  | server = 5-ECDSA with brainpool-server | 
|  | client = 5-ECDSA with brainpool-client | 
|  |  | 
|  | [5-ECDSA with brainpool-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem | 
|  | CipherString = DEFAULT | 
|  | Groups = brainpoolP256r1 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem | 
|  |  | 
|  | [5-ECDSA with brainpool-client] | 
|  | CipherString = aECDSA | 
|  | Groups = brainpoolP256r1 | 
|  | RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-5] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCANames = empty | 
|  | ExpectedServerCertType = brainpoolP256r1 | 
|  | ExpectedServerSignType = EC | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [6-RSA CipherString Selection] | 
|  | ssl_conf = 6-RSA CipherString Selection-ssl | 
|  |  | 
|  | [6-RSA CipherString Selection-ssl] | 
|  | server = 6-RSA CipherString Selection-server | 
|  | client = 6-RSA CipherString Selection-client | 
|  |  | 
|  | [6-RSA CipherString Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [6-RSA CipherString Selection-client] | 
|  | CipherString = aRSA | 
|  | MaxProtocol = TLSv1.2 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-6] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = RSA | 
|  | ExpectedServerSignType = RSA-PSS | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [7-RSA-PSS Certificate CipherString Selection] | 
|  | ssl_conf = 7-RSA-PSS Certificate CipherString Selection-ssl | 
|  |  | 
|  | [7-RSA-PSS Certificate CipherString Selection-ssl] | 
|  | server = 7-RSA-PSS Certificate CipherString Selection-server | 
|  | client = 7-RSA-PSS Certificate CipherString Selection-client | 
|  |  | 
|  | [7-RSA-PSS Certificate CipherString Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem | 
|  | PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [7-RSA-PSS Certificate CipherString Selection-client] | 
|  | CipherString = aRSA | 
|  | MaxProtocol = TLSv1.2 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-7] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = RSA-PSS | 
|  | ExpectedServerSignType = RSA-PSS | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [8-P-256 CipherString and Signature Algorithm Selection] | 
|  | ssl_conf = 8-P-256 CipherString and Signature Algorithm Selection-ssl | 
|  |  | 
|  | [8-P-256 CipherString and Signature Algorithm Selection-ssl] | 
|  | server = 8-P-256 CipherString and Signature Algorithm Selection-server | 
|  | client = 8-P-256 CipherString and Signature Algorithm Selection-client | 
|  |  | 
|  | [8-P-256 CipherString and Signature Algorithm Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [8-P-256 CipherString and Signature Algorithm Selection-client] | 
|  | CipherString = aECDSA | 
|  | MaxProtocol = TLSv1.2 | 
|  | SignatureAlgorithms = ECDSA+SHA256:ed25519 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-8] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = P-256 | 
|  | ExpectedServerSignHash = SHA256 | 
|  | ExpectedServerSignType = EC | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [9-Ed25519 CipherString and Curves Selection] | 
|  | ssl_conf = 9-Ed25519 CipherString and Curves Selection-ssl | 
|  |  | 
|  | [9-Ed25519 CipherString and Curves Selection-ssl] | 
|  | server = 9-Ed25519 CipherString and Curves Selection-server | 
|  | client = 9-Ed25519 CipherString and Curves Selection-client | 
|  |  | 
|  | [9-Ed25519 CipherString and Curves Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [9-Ed25519 CipherString and Curves Selection-client] | 
|  | CipherString = aECDSA | 
|  | Curves = X25519 | 
|  | MaxProtocol = TLSv1.2 | 
|  | SignatureAlgorithms = ECDSA+SHA256:ed25519 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-9] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = Ed25519 | 
|  | ExpectedServerSignType = Ed25519 | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [10-Ed448 CipherString and Curves Selection] | 
|  | ssl_conf = 10-Ed448 CipherString and Curves Selection-ssl | 
|  |  | 
|  | [10-Ed448 CipherString and Curves Selection-ssl] | 
|  | server = 10-Ed448 CipherString and Curves Selection-server | 
|  | client = 10-Ed448 CipherString and Curves Selection-client | 
|  |  | 
|  | [10-Ed448 CipherString and Curves Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [10-Ed448 CipherString and Curves Selection-client] | 
|  | CipherString = aECDSA | 
|  | Curves = X448 | 
|  | MaxProtocol = TLSv1.2 | 
|  | SignatureAlgorithms = ECDSA+SHA256:ed448 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-10] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = Ed448 | 
|  | ExpectedServerSignType = Ed448 | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [11-ECDSA CipherString Selection, no ECDSA certificate] | 
|  | ssl_conf = 11-ECDSA CipherString Selection, no ECDSA certificate-ssl | 
|  |  | 
|  | [11-ECDSA CipherString Selection, no ECDSA certificate-ssl] | 
|  | server = 11-ECDSA CipherString Selection, no ECDSA certificate-server | 
|  | client = 11-ECDSA CipherString Selection, no ECDSA certificate-client | 
|  |  | 
|  | [11-ECDSA CipherString Selection, no ECDSA certificate-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | MaxProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [11-ECDSA CipherString Selection, no ECDSA certificate-client] | 
|  | CipherString = aECDSA | 
|  | MaxProtocol = TLSv1.2 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-11] | 
|  | ExpectedResult = ServerFail | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [12-ECDSA Signature Algorithm Selection] | 
|  | ssl_conf = 12-ECDSA Signature Algorithm Selection-ssl | 
|  |  | 
|  | [12-ECDSA Signature Algorithm Selection-ssl] | 
|  | server = 12-ECDSA Signature Algorithm Selection-server | 
|  | client = 12-ECDSA Signature Algorithm Selection-client | 
|  |  | 
|  | [12-ECDSA Signature Algorithm Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [12-ECDSA Signature Algorithm Selection-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = ECDSA+SHA256 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-12] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = P-256 | 
|  | ExpectedServerSignHash = SHA256 | 
|  | ExpectedServerSignType = EC | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [13-ECDSA Signature Algorithm Selection SHA384] | 
|  | ssl_conf = 13-ECDSA Signature Algorithm Selection SHA384-ssl | 
|  |  | 
|  | [13-ECDSA Signature Algorithm Selection SHA384-ssl] | 
|  | server = 13-ECDSA Signature Algorithm Selection SHA384-server | 
|  | client = 13-ECDSA Signature Algorithm Selection SHA384-client | 
|  |  | 
|  | [13-ECDSA Signature Algorithm Selection SHA384-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [13-ECDSA Signature Algorithm Selection SHA384-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = ECDSA+SHA384 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-13] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = P-256 | 
|  | ExpectedServerSignHash = SHA384 | 
|  | ExpectedServerSignType = EC | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [14-ECDSA Signature Algorithm Selection SHA1] | 
|  | ssl_conf = 14-ECDSA Signature Algorithm Selection SHA1-ssl | 
|  |  | 
|  | [14-ECDSA Signature Algorithm Selection SHA1-ssl] | 
|  | server = 14-ECDSA Signature Algorithm Selection SHA1-server | 
|  | client = 14-ECDSA Signature Algorithm Selection SHA1-client | 
|  |  | 
|  | [14-ECDSA Signature Algorithm Selection SHA1-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [14-ECDSA Signature Algorithm Selection SHA1-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = ECDSA+SHA1 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-14] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = P-256 | 
|  | ExpectedServerSignHash = SHA1 | 
|  | ExpectedServerSignType = EC | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [15-ECDSA Signature Algorithm Selection compressed point] | 
|  | ssl_conf = 15-ECDSA Signature Algorithm Selection compressed point-ssl | 
|  |  | 
|  | [15-ECDSA Signature Algorithm Selection compressed point-ssl] | 
|  | server = 15-ECDSA Signature Algorithm Selection compressed point-server | 
|  | client = 15-ECDSA Signature Algorithm Selection compressed point-client | 
|  |  | 
|  | [15-ECDSA Signature Algorithm Selection compressed point-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [15-ECDSA Signature Algorithm Selection compressed point-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = ECDSA+SHA256 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-15] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = P-256 | 
|  | ExpectedServerSignHash = SHA256 | 
|  | ExpectedServerSignType = EC | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [16-ECDSA Signature Algorithm Selection, no ECDSA certificate] | 
|  | ssl_conf = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl | 
|  |  | 
|  | [16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] | 
|  | server = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server | 
|  | client = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client | 
|  |  | 
|  | [16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | MaxProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = ECDSA+SHA256 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-16] | 
|  | ExpectedResult = ServerFail | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [17-RSA Signature Algorithm Selection] | 
|  | ssl_conf = 17-RSA Signature Algorithm Selection-ssl | 
|  |  | 
|  | [17-RSA Signature Algorithm Selection-ssl] | 
|  | server = 17-RSA Signature Algorithm Selection-server | 
|  | client = 17-RSA Signature Algorithm Selection-client | 
|  |  | 
|  | [17-RSA Signature Algorithm Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [17-RSA Signature Algorithm Selection-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = RSA+SHA256 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-17] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = RSA | 
|  | ExpectedServerSignHash = SHA256 | 
|  | ExpectedServerSignType = RSA | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [18-RSA-PSS Signature Algorithm Selection] | 
|  | ssl_conf = 18-RSA-PSS Signature Algorithm Selection-ssl | 
|  |  | 
|  | [18-RSA-PSS Signature Algorithm Selection-ssl] | 
|  | server = 18-RSA-PSS Signature Algorithm Selection-server | 
|  | client = 18-RSA-PSS Signature Algorithm Selection-client | 
|  |  | 
|  | [18-RSA-PSS Signature Algorithm Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [18-RSA-PSS Signature Algorithm Selection-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = RSA-PSS+SHA256 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-18] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = RSA | 
|  | ExpectedServerSignHash = SHA256 | 
|  | ExpectedServerSignType = RSA-PSS | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [19-RSA-PSS Certificate Legacy Signature Algorithm Selection] | 
|  | ssl_conf = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl | 
|  |  | 
|  | [19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl] | 
|  | server = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server | 
|  | client = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client | 
|  |  | 
|  | [19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem | 
|  | PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = RSA-PSS+SHA256 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-19] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = RSA | 
|  | ExpectedServerSignHash = SHA256 | 
|  | ExpectedServerSignType = RSA-PSS | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [20-RSA-PSS Certificate Unified Signature Algorithm Selection] | 
|  | ssl_conf = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl | 
|  |  | 
|  | [20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl] | 
|  | server = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-server | 
|  | client = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-client | 
|  |  | 
|  | [20-RSA-PSS Certificate Unified Signature Algorithm Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem | 
|  | PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [20-RSA-PSS Certificate Unified Signature Algorithm Selection-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = rsa_pss_pss_sha256 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-20] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = RSA-PSS | 
|  | ExpectedServerSignHash = SHA256 | 
|  | ExpectedServerSignType = RSA-PSS | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [21-Only RSA-PSS Certificate] | 
|  | ssl_conf = 21-Only RSA-PSS Certificate-ssl | 
|  |  | 
|  | [21-Only RSA-PSS Certificate-ssl] | 
|  | server = 21-Only RSA-PSS Certificate-server | 
|  | client = 21-Only RSA-PSS Certificate-client | 
|  |  | 
|  | [21-Only RSA-PSS Certificate-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem | 
|  | CipherString = DEFAULT | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem | 
|  |  | 
|  | [21-Only RSA-PSS Certificate-client] | 
|  | CipherString = DEFAULT | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-21] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = RSA-PSS | 
|  | ExpectedServerSignHash = SHA256 | 
|  | ExpectedServerSignType = RSA-PSS | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [22-Only RSA-PSS Certificate Valid Signature Algorithms] | 
|  | ssl_conf = 22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl | 
|  |  | 
|  | [22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl] | 
|  | server = 22-Only RSA-PSS Certificate Valid Signature Algorithms-server | 
|  | client = 22-Only RSA-PSS Certificate Valid Signature Algorithms-client | 
|  |  | 
|  | [22-Only RSA-PSS Certificate Valid Signature Algorithms-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem | 
|  | CipherString = DEFAULT | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem | 
|  |  | 
|  | [22-Only RSA-PSS Certificate Valid Signature Algorithms-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = rsa_pss_pss_sha512 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-22] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = RSA-PSS | 
|  | ExpectedServerSignHash = SHA512 | 
|  | ExpectedServerSignType = RSA-PSS | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [23-RSA-PSS Certificate, no PSS signature algorithms] | 
|  | ssl_conf = 23-RSA-PSS Certificate, no PSS signature algorithms-ssl | 
|  |  | 
|  | [23-RSA-PSS Certificate, no PSS signature algorithms-ssl] | 
|  | server = 23-RSA-PSS Certificate, no PSS signature algorithms-server | 
|  | client = 23-RSA-PSS Certificate, no PSS signature algorithms-client | 
|  |  | 
|  | [23-RSA-PSS Certificate, no PSS signature algorithms-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem | 
|  | CipherString = DEFAULT | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem | 
|  |  | 
|  | [23-RSA-PSS Certificate, no PSS signature algorithms-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = RSA+SHA256 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-23] | 
|  | ExpectedResult = ServerFail | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [24-Only RSA-PSS Restricted Certificate] | 
|  | ssl_conf = 24-Only RSA-PSS Restricted Certificate-ssl | 
|  |  | 
|  | [24-Only RSA-PSS Restricted Certificate-ssl] | 
|  | server = 24-Only RSA-PSS Restricted Certificate-server | 
|  | client = 24-Only RSA-PSS Restricted Certificate-client | 
|  |  | 
|  | [24-Only RSA-PSS Restricted Certificate-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem | 
|  | CipherString = DEFAULT | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem | 
|  |  | 
|  | [24-Only RSA-PSS Restricted Certificate-client] | 
|  | CipherString = DEFAULT | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-24] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = RSA-PSS | 
|  | ExpectedServerSignHash = SHA256 | 
|  | ExpectedServerSignType = RSA-PSS | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [25-RSA-PSS Restricted Certificate Valid Signature Algorithms] | 
|  | ssl_conf = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl | 
|  |  | 
|  | [25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl] | 
|  | server = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server | 
|  | client = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client | 
|  |  | 
|  | [25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem | 
|  | CipherString = DEFAULT | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem | 
|  |  | 
|  | [25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = rsa_pss_pss_sha256:rsa_pss_pss_sha512 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-25] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = RSA-PSS | 
|  | ExpectedServerSignHash = SHA256 | 
|  | ExpectedServerSignType = RSA-PSS | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm] | 
|  | ssl_conf = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl | 
|  |  | 
|  | [26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl] | 
|  | server = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server | 
|  | client = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client | 
|  |  | 
|  | [26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem | 
|  | CipherString = DEFAULT | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem | 
|  |  | 
|  | [26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = rsa_pss_pss_sha512:rsa_pss_pss_sha256 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-26] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = RSA-PSS | 
|  | ExpectedServerSignHash = SHA256 | 
|  | ExpectedServerSignType = RSA-PSS | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [27-RSA-PSS Restricted Certificate Invalid Signature Algorithms] | 
|  | ssl_conf = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl | 
|  |  | 
|  | [27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl] | 
|  | server = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server | 
|  | client = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client | 
|  |  | 
|  | [27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem | 
|  | CipherString = DEFAULT | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem | 
|  |  | 
|  | [27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = rsa_pss_pss_sha512 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-27] | 
|  | ExpectedResult = ServerFail | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [28-RSA key exchange with all RSA certificate types] | 
|  | ssl_conf = 28-RSA key exchange with all RSA certificate types-ssl | 
|  |  | 
|  | [28-RSA key exchange with all RSA certificate types-ssl] | 
|  | server = 28-RSA key exchange with all RSA certificate types-server | 
|  | client = 28-RSA key exchange with all RSA certificate types-client | 
|  |  | 
|  | [28-RSA key exchange with all RSA certificate types-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem | 
|  | PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [28-RSA key exchange with all RSA certificate types-client] | 
|  | CipherString = kRSA | 
|  | MaxProtocol = TLSv1.2 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-28] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = RSA | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [29-RSA key exchange with only RSA-PSS certificate] | 
|  | ssl_conf = 29-RSA key exchange with only RSA-PSS certificate-ssl | 
|  |  | 
|  | [29-RSA key exchange with only RSA-PSS certificate-ssl] | 
|  | server = 29-RSA key exchange with only RSA-PSS certificate-server | 
|  | client = 29-RSA key exchange with only RSA-PSS certificate-client | 
|  |  | 
|  | [29-RSA key exchange with only RSA-PSS certificate-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem | 
|  | CipherString = DEFAULT | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem | 
|  |  | 
|  | [29-RSA key exchange with only RSA-PSS certificate-client] | 
|  | CipherString = kRSA | 
|  | MaxProtocol = TLSv1.2 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-29] | 
|  | ExpectedResult = ServerFail | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [30-Suite B P-256 Hash Algorithm Selection] | 
|  | ssl_conf = 30-Suite B P-256 Hash Algorithm Selection-ssl | 
|  |  | 
|  | [30-Suite B P-256 Hash Algorithm Selection-ssl] | 
|  | server = 30-Suite B P-256 Hash Algorithm Selection-server | 
|  | client = 30-Suite B P-256 Hash Algorithm Selection-client | 
|  |  | 
|  | [30-Suite B P-256 Hash Algorithm Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = SUITEB128 | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [30-Suite B P-256 Hash Algorithm Selection-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-30] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = P-256 | 
|  | ExpectedServerSignHash = SHA256 | 
|  | ExpectedServerSignType = EC | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [31-Suite B P-384 Hash Algorithm Selection] | 
|  | ssl_conf = 31-Suite B P-384 Hash Algorithm Selection-ssl | 
|  |  | 
|  | [31-Suite B P-384 Hash Algorithm Selection-ssl] | 
|  | server = 31-Suite B P-384 Hash Algorithm Selection-server | 
|  | client = 31-Suite B P-384 Hash Algorithm Selection-client | 
|  |  | 
|  | [31-Suite B P-384 Hash Algorithm Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = SUITEB128 | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [31-Suite B P-384 Hash Algorithm Selection-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-31] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = P-384 | 
|  | ExpectedServerSignHash = SHA384 | 
|  | ExpectedServerSignType = EC | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [32-TLS 1.2 Ed25519 Client Auth] | 
|  | ssl_conf = 32-TLS 1.2 Ed25519 Client Auth-ssl | 
|  |  | 
|  | [32-TLS 1.2 Ed25519 Client Auth-ssl] | 
|  | server = 32-TLS 1.2 Ed25519 Client Auth-server | 
|  | client = 32-TLS 1.2 Ed25519 Client Auth-client | 
|  |  | 
|  | [32-TLS 1.2 Ed25519 Client Auth-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | 
|  | VerifyMode = Require | 
|  |  | 
|  | [32-TLS 1.2 Ed25519 Client Auth-client] | 
|  | CipherString = DEFAULT | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | MinProtocol = TLSv1.2 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-32] | 
|  | ExpectedClientCertType = Ed25519 | 
|  | ExpectedClientSignType = Ed25519 | 
|  | ExpectedResult = Success | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [33-TLS 1.2 Ed448 Client Auth] | 
|  | ssl_conf = 33-TLS 1.2 Ed448 Client Auth-ssl | 
|  |  | 
|  | [33-TLS 1.2 Ed448 Client Auth-ssl] | 
|  | server = 33-TLS 1.2 Ed448 Client Auth-server | 
|  | client = 33-TLS 1.2 Ed448 Client Auth-client | 
|  |  | 
|  | [33-TLS 1.2 Ed448 Client Auth-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | 
|  | VerifyMode = Require | 
|  |  | 
|  | [33-TLS 1.2 Ed448 Client Auth-client] | 
|  | CipherString = DEFAULT | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | MinProtocol = TLSv1.2 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-33] | 
|  | ExpectedClientCertType = Ed448 | 
|  | ExpectedClientSignType = Ed448 | 
|  | ExpectedResult = Success | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [34-Only RSA-PSS Certificate, TLS v1.1] | 
|  | ssl_conf = 34-Only RSA-PSS Certificate, TLS v1.1-ssl | 
|  |  | 
|  | [34-Only RSA-PSS Certificate, TLS v1.1-ssl] | 
|  | server = 34-Only RSA-PSS Certificate, TLS v1.1-server | 
|  | client = 34-Only RSA-PSS Certificate, TLS v1.1-client | 
|  |  | 
|  | [34-Only RSA-PSS Certificate, TLS v1.1-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem | 
|  | CipherString = DEFAULT | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem | 
|  |  | 
|  | [34-Only RSA-PSS Certificate, TLS v1.1-client] | 
|  | CipherString = DEFAULT | 
|  | MaxProtocol = TLSv1.1 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-34] | 
|  | ExpectedResult = ServerFail | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [35-TLS 1.3 ECDSA Signature Algorithm Selection] | 
|  | ssl_conf = 35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl | 
|  |  | 
|  | [35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl] | 
|  | server = 35-TLS 1.3 ECDSA Signature Algorithm Selection-server | 
|  | client = 35-TLS 1.3 ECDSA Signature Algorithm Selection-client | 
|  |  | 
|  | [35-TLS 1.3 ECDSA Signature Algorithm Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.3 | 
|  | MinProtocol = TLSv1.3 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [35-TLS 1.3 ECDSA Signature Algorithm Selection-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = ECDSA+SHA256 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-35] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCANames = empty | 
|  | ExpectedServerCertType = P-256 | 
|  | ExpectedServerSignHash = SHA256 | 
|  | ExpectedServerSignType = EC | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point] | 
|  | ssl_conf = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl | 
|  |  | 
|  | [36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl] | 
|  | server = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server | 
|  | client = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client | 
|  |  | 
|  | [36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem | 
|  | MaxProtocol = TLSv1.3 | 
|  | MinProtocol = TLSv1.3 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = ECDSA+SHA256 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-36] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCANames = empty | 
|  | ExpectedServerCertType = P-256 | 
|  | ExpectedServerSignHash = SHA256 | 
|  | ExpectedServerSignType = EC | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1] | 
|  | ssl_conf = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl | 
|  |  | 
|  | [37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl] | 
|  | server = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server | 
|  | client = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client | 
|  |  | 
|  | [37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.3 | 
|  | MinProtocol = TLSv1.3 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = ECDSA+SHA1 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-37] | 
|  | ExpectedResult = ServerFail | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS] | 
|  | ssl_conf = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl | 
|  |  | 
|  | [38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl] | 
|  | server = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server | 
|  | client = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client | 
|  |  | 
|  | [38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.3 | 
|  | MinProtocol = TLSv1.3 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client] | 
|  | CipherString = DEFAULT | 
|  | RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | 
|  | SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-38] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem | 
|  | ExpectedServerCertType = P-256 | 
|  | ExpectedServerSignHash = SHA256 | 
|  | ExpectedServerSignType = EC | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS] | 
|  | ssl_conf = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl | 
|  |  | 
|  | [39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl] | 
|  | server = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server | 
|  | client = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client | 
|  |  | 
|  | [39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.3 | 
|  | MinProtocol = TLSv1.3 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-39] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = RSA | 
|  | ExpectedServerSignHash = SHA384 | 
|  | ExpectedServerSignType = RSA-PSS | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate] | 
|  | ssl_conf = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl | 
|  |  | 
|  | [40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] | 
|  | server = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server | 
|  | client = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client | 
|  |  | 
|  | [40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | MaxProtocol = TLSv1.3 | 
|  | MinProtocol = TLSv1.3 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = ECDSA+SHA256 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-40] | 
|  | ExpectedResult = ServerFail | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [41-TLS 1.3 RSA Signature Algorithm Selection, no PSS] | 
|  | ssl_conf = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl | 
|  |  | 
|  | [41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl] | 
|  | server = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server | 
|  | client = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client | 
|  |  | 
|  | [41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.3 | 
|  | MinProtocol = TLSv1.3 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = RSA+SHA256 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-41] | 
|  | ExpectedResult = ServerFail | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [42-TLS 1.3 RSA-PSS Signature Algorithm Selection] | 
|  | ssl_conf = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl | 
|  |  | 
|  | [42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl] | 
|  | server = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server | 
|  | client = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client | 
|  |  | 
|  | [42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.3 | 
|  | MinProtocol = TLSv1.3 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = RSA-PSS+SHA256 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-42] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = RSA | 
|  | ExpectedServerSignHash = SHA256 | 
|  | ExpectedServerSignType = RSA-PSS | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [43-TLS 1.3 Ed25519 Signature Algorithm Selection] | 
|  | ssl_conf = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl | 
|  |  | 
|  | [43-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl] | 
|  | server = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-server | 
|  | client = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-client | 
|  |  | 
|  | [43-TLS 1.3 Ed25519 Signature Algorithm Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.3 | 
|  | MinProtocol = TLSv1.3 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [43-TLS 1.3 Ed25519 Signature Algorithm Selection-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = ed25519 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-43] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = Ed25519 | 
|  | ExpectedServerSignType = Ed25519 | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [44-TLS 1.3 Ed448 Signature Algorithm Selection] | 
|  | ssl_conf = 44-TLS 1.3 Ed448 Signature Algorithm Selection-ssl | 
|  |  | 
|  | [44-TLS 1.3 Ed448 Signature Algorithm Selection-ssl] | 
|  | server = 44-TLS 1.3 Ed448 Signature Algorithm Selection-server | 
|  | client = 44-TLS 1.3 Ed448 Signature Algorithm Selection-client | 
|  |  | 
|  | [44-TLS 1.3 Ed448 Signature Algorithm Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.3 | 
|  | MinProtocol = TLSv1.3 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [44-TLS 1.3 Ed448 Signature Algorithm Selection-client] | 
|  | CipherString = DEFAULT | 
|  | SignatureAlgorithms = ed448 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-44] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = Ed448 | 
|  | ExpectedServerSignType = Ed448 | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [45-TLS 1.3 Ed25519 CipherString and Groups Selection] | 
|  | ssl_conf = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl | 
|  |  | 
|  | [45-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl] | 
|  | server = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-server | 
|  | client = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-client | 
|  |  | 
|  | [45-TLS 1.3 Ed25519 CipherString and Groups Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.3 | 
|  | MinProtocol = TLSv1.3 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [45-TLS 1.3 Ed25519 CipherString and Groups Selection-client] | 
|  | CipherString = DEFAULT | 
|  | Groups = X25519 | 
|  | SignatureAlgorithms = ECDSA+SHA256:ed25519 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-45] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = P-256 | 
|  | ExpectedServerSignType = EC | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [46-TLS 1.3 Ed448 CipherString and Groups Selection] | 
|  | ssl_conf = 46-TLS 1.3 Ed448 CipherString and Groups Selection-ssl | 
|  |  | 
|  | [46-TLS 1.3 Ed448 CipherString and Groups Selection-ssl] | 
|  | server = 46-TLS 1.3 Ed448 CipherString and Groups Selection-server | 
|  | client = 46-TLS 1.3 Ed448 CipherString and Groups Selection-client | 
|  |  | 
|  | [46-TLS 1.3 Ed448 CipherString and Groups Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem | 
|  | Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem | 
|  | Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem | 
|  | Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem | 
|  | Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem | 
|  | MaxProtocol = TLSv1.3 | 
|  | MinProtocol = TLSv1.3 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [46-TLS 1.3 Ed448 CipherString and Groups Selection-client] | 
|  | CipherString = DEFAULT | 
|  | Groups = X448 | 
|  | SignatureAlgorithms = ECDSA+SHA256:ed448 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-46] | 
|  | ExpectedResult = Success | 
|  | ExpectedServerCertType = P-256 | 
|  | ExpectedServerSignType = EC | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [47-TLS 1.3 RSA Client Auth Signature Algorithm Selection] | 
|  | ssl_conf = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl | 
|  |  | 
|  | [47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl] | 
|  | server = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server | 
|  | client = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client | 
|  |  | 
|  | [47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ClientSignatureAlgorithms = PSS+SHA256 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | 
|  | VerifyMode = Require | 
|  |  | 
|  | [47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client] | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem | 
|  | MaxProtocol = TLSv1.3 | 
|  | MinProtocol = TLSv1.3 | 
|  | RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem | 
|  | RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-47] | 
|  | ExpectedClientCANames = empty | 
|  | ExpectedClientCertType = RSA | 
|  | ExpectedClientSignHash = SHA256 | 
|  | ExpectedClientSignType = RSA-PSS | 
|  | ExpectedResult = Success | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names] | 
|  | ssl_conf = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl | 
|  |  | 
|  | [48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl] | 
|  | server = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server | 
|  | client = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client | 
|  |  | 
|  | [48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ClientSignatureAlgorithms = PSS+SHA256 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  | RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | 
|  | VerifyMode = Require | 
|  |  | 
|  | [48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client] | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem | 
|  | MaxProtocol = TLSv1.3 | 
|  | MinProtocol = TLSv1.3 | 
|  | RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem | 
|  | RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-48] | 
|  | ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem | 
|  | ExpectedClientCertType = RSA | 
|  | ExpectedClientSignHash = SHA256 | 
|  | ExpectedClientSignType = RSA-PSS | 
|  | ExpectedResult = Success | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection] | 
|  | ssl_conf = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl | 
|  |  | 
|  | [49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl] | 
|  | server = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server | 
|  | client = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client | 
|  |  | 
|  | [49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ClientSignatureAlgorithms = ECDSA+SHA256 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | 
|  | VerifyMode = Require | 
|  |  | 
|  | [49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client] | 
|  | CipherString = DEFAULT | 
|  | ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem | 
|  | ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem | 
|  | MaxProtocol = TLSv1.3 | 
|  | MinProtocol = TLSv1.3 | 
|  | RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem | 
|  | RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-49] | 
|  | ExpectedClientCertType = P-256 | 
|  | ExpectedClientSignHash = SHA256 | 
|  | ExpectedClientSignType = EC | 
|  | ExpectedResult = Success | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [50-TLS 1.3 Ed25519 Client Auth] | 
|  | ssl_conf = 50-TLS 1.3 Ed25519 Client Auth-ssl | 
|  |  | 
|  | [50-TLS 1.3 Ed25519 Client Auth-ssl] | 
|  | server = 50-TLS 1.3 Ed25519 Client Auth-server | 
|  | client = 50-TLS 1.3 Ed25519 Client Auth-client | 
|  |  | 
|  | [50-TLS 1.3 Ed25519 Client Auth-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | 
|  | VerifyMode = Require | 
|  |  | 
|  | [50-TLS 1.3 Ed25519 Client Auth-client] | 
|  | CipherString = DEFAULT | 
|  | EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem | 
|  | EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem | 
|  | MaxProtocol = TLSv1.3 | 
|  | MinProtocol = TLSv1.3 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-50] | 
|  | ExpectedClientCertType = Ed25519 | 
|  | ExpectedClientSignType = Ed25519 | 
|  | ExpectedResult = Success | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [51-TLS 1.3 Ed448 Client Auth] | 
|  | ssl_conf = 51-TLS 1.3 Ed448 Client Auth-ssl | 
|  |  | 
|  | [51-TLS 1.3 Ed448 Client Auth-ssl] | 
|  | server = 51-TLS 1.3 Ed448 Client Auth-server | 
|  | client = 51-TLS 1.3 Ed448 Client Auth-client | 
|  |  | 
|  | [51-TLS 1.3 Ed448 Client Auth-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | 
|  | VerifyMode = Require | 
|  |  | 
|  | [51-TLS 1.3 Ed448 Client Auth-client] | 
|  | CipherString = DEFAULT | 
|  | EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem | 
|  | EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem | 
|  | MaxProtocol = TLSv1.3 | 
|  | MinProtocol = TLSv1.3 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-51] | 
|  | ExpectedClientCertType = Ed448 | 
|  | ExpectedClientSignType = Ed448 | 
|  | ExpectedResult = Success | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [52-TLS 1.3 ECDSA with brainpool] | 
|  | ssl_conf = 52-TLS 1.3 ECDSA with brainpool-ssl | 
|  |  | 
|  | [52-TLS 1.3 ECDSA with brainpool-ssl] | 
|  | server = 52-TLS 1.3 ECDSA with brainpool-server | 
|  | client = 52-TLS 1.3 ECDSA with brainpool-client | 
|  |  | 
|  | [52-TLS 1.3 ECDSA with brainpool-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem | 
|  | CipherString = DEFAULT | 
|  | Groups = brainpoolP256r1 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem | 
|  |  | 
|  | [52-TLS 1.3 ECDSA with brainpool-client] | 
|  | CipherString = DEFAULT | 
|  | Groups = brainpoolP256r1 | 
|  | MaxProtocol = TLSv1.3 | 
|  | MinProtocol = TLSv1.3 | 
|  | RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-52] | 
|  | ExpectedResult = ServerFail | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [53-TLS 1.2 DSA Certificate Test] | 
|  | ssl_conf = 53-TLS 1.2 DSA Certificate Test-ssl | 
|  |  | 
|  | [53-TLS 1.2 DSA Certificate Test-ssl] | 
|  | server = 53-TLS 1.2 DSA Certificate Test-server | 
|  | client = 53-TLS 1.2 DSA Certificate Test-client | 
|  |  | 
|  | [53-TLS 1.2 DSA Certificate Test-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = ALL | 
|  | DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem | 
|  | DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem | 
|  | DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem | 
|  | MaxProtocol = TLSv1.2 | 
|  | MinProtocol = TLSv1.2 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [53-TLS 1.2 DSA Certificate Test-client] | 
|  | CipherString = ALL | 
|  | SignatureAlgorithms = DSA+SHA256:DSA+SHA1 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-53] | 
|  | ExpectedResult = Success | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms] | 
|  | ssl_conf = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl | 
|  |  | 
|  | [54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl] | 
|  | server = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server | 
|  | client = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client | 
|  |  | 
|  | [54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = DEFAULT | 
|  | ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | 
|  | VerifyMode = Request | 
|  |  | 
|  | [54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client] | 
|  | CipherString = DEFAULT | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-54] | 
|  | ExpectedResult = ServerFail | 
|  |  | 
|  |  | 
|  | # =========================================================== | 
|  |  | 
|  | [55-TLS 1.3 DSA Certificate Test] | 
|  | ssl_conf = 55-TLS 1.3 DSA Certificate Test-ssl | 
|  |  | 
|  | [55-TLS 1.3 DSA Certificate Test-ssl] | 
|  | server = 55-TLS 1.3 DSA Certificate Test-server | 
|  | client = 55-TLS 1.3 DSA Certificate Test-client | 
|  |  | 
|  | [55-TLS 1.3 DSA Certificate Test-server] | 
|  | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | 
|  | CipherString = ALL | 
|  | DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem | 
|  | DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem | 
|  | MaxProtocol = TLSv1.3 | 
|  | MinProtocol = TLSv1.3 | 
|  | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | 
|  |  | 
|  | [55-TLS 1.3 DSA Certificate Test-client] | 
|  | CipherString = ALL | 
|  | SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256 | 
|  | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | 
|  | VerifyMode = Peer | 
|  |  | 
|  | [test-55] | 
|  | ExpectedResult = ServerFail | 
|  |  | 
|  |  |