Commit 60c15b2aff for openssl.org
commit 60c15b2aff152a64523cf3904a4f8d19ee8aceee
Author: Kurt Roeckx <kurt@roeckx.be>
Date: Tue Jul 15 11:38:21 2025 +0200
Remove support for SSLv3
Reviewed-by: Saša NedvÄ›dický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša NedvÄ›dický <sashan@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d4712c262e..20079baca2 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -144,7 +144,7 @@ jobs:
with:
persist-credentials: false
- name: config
- run: ./config --strict-warnings enable-demos enable-fips enable-lms enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
+ run: ./config --strict-warnings enable-demos enable-fips enable-lms enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-trace
- name: config dump
run: ./configdata.pm --dump
- name: make
@@ -217,7 +217,7 @@ jobs:
shutdown_vm: false
run: |
sudo pkg install -y gcc perl5
- ./config --strict-warnings enable-fips enable-lms enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
+ ./config --strict-warnings enable-fips enable-lms enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-trace
- name: config dump
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
with:
@@ -418,7 +418,7 @@ jobs:
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
- run: ./config --strict-warnings --banner=Configured --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-nextprotoneg && perl configdata.pm --dump
+ run: ./config --strict-warnings --banner=Configured --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-nextprotoneg && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
@@ -538,7 +538,7 @@ jobs:
- name: install extra config support
run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd
- name: config
- run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo enable-ktls enable-fips enable-lms enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-trace enable-zlib enable-zstd && perl configdata.pm --dump
+ run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo enable-ktls enable-fips enable-lms enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-weak-ssl-ciphers enable-trace enable-zlib enable-zstd && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
@@ -588,7 +588,7 @@ jobs:
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
- run: ./config --strict-warnings --banner=Configured --debug enable-demos enable-h3demo no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump
+ run: ./config --strict-warnings --banner=Configured --debug enable-demos enable-h3demo no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
@@ -711,7 +711,7 @@ jobs:
- name: setup hostname workaround
run: sudo hostname localhost
- name: config
- run: ./config --strict-warnings --banner=Configured --debug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests no-fips && perl configdata.pm --dump
+ run: ./config --strict-warnings --banner=Configured --debug enable-rc5 enable-md2 enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests no-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- uses: dtolnay/rust-toolchain@0f44b27771c32bda9f458f75a1e241b09791b331
diff --git a/.github/workflows/coveralls.yml b/.github/workflows/coveralls.yml
index c219577991..e413f71d95 100644
--- a/.github/workflows/coveralls.yml
+++ b/.github/workflows/coveralls.yml
@@ -107,7 +107,7 @@ jobs:
- name: setup hostname workaround
run: sudo hostname localhost
- name: config
- run: CC=gcc ./config --debug --coverage ${{ matrix.branches.extra_config }} no-asm enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-buildtest-c++ enable-ssl-trace enable-trace
+ run: CC=gcc ./config --debug --coverage ${{ matrix.branches.extra_config }} no-asm enable-rc5 enable-md2 enable-nextprotoneg enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-buildtest-c++ enable-ssl-trace enable-trace
- name: config dump
run: ./configdata.pm --dump
- name: make
diff --git a/.github/workflows/fips-checksums.yml b/.github/workflows/fips-checksums.yml
index 67e7cd13a9..c7d8f223a0 100644
--- a/.github/workflows/fips-checksums.yml
+++ b/.github/workflows/fips-checksums.yml
@@ -79,7 +79,7 @@ jobs:
compute-abidiff:
runs-on: ubuntu-latest
env:
- BUILD_OPTS: -g --strict-warnings enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-trace enable-zlib enable-zstd
+ BUILD_OPTS: -g --strict-warnings enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-trace enable-zlib enable-zstd
steps:
- name: create build dirs
run: |
diff --git a/.github/workflows/fuzz-checker.yml b/.github/workflows/fuzz-checker.yml
index 184fd7b739..ade5c92826 100644
--- a/.github/workflows/fuzz-checker.yml
+++ b/.github/workflows/fuzz-checker.yml
@@ -35,7 +35,7 @@ jobs:
name: libFuzzer+,
config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
libs: --with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer,
- extra: enable-fips enable-lms enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
+ extra: enable-fips enable-lms enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-nextprotoneg,
install: libfuzzer-18-dev,
cc: clang-18,
linker: clang++-18,
diff --git a/.github/workflows/os-zoo.yml b/.github/workflows/os-zoo.yml
index ebcf1fc2df..ba39c7a137 100644
--- a/.github/workflows/os-zoo.yml
+++ b/.github/workflows/os-zoo.yml
@@ -192,7 +192,7 @@ jobs:
with:
persist-credentials: false
- name: config
- run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
+ run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-trace
- name: config dump
run: ./configdata.pm --dump
- name: make
@@ -251,7 +251,7 @@ jobs:
with:
persist-credentials: false
- name: config
- run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
+ run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-trace
- name: config dump
run: ./configdata.pm --dump
- name: make
@@ -271,7 +271,7 @@ jobs:
with:
persist-credentials: false
- name: config
- run: ./config --strict-warnings enable-fips enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
+ run: ./config --strict-warnings enable-fips enable-md2 enable-rc5 enable-trace
- name: config dump
run: ./configdata.pm --dump
- name: make
@@ -291,7 +291,7 @@ jobs:
with:
persist-credentials: false
- name: config
- run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
+ run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-trace
- name: config dump
run: ./configdata.pm --dump
- name: make
@@ -318,7 +318,7 @@ jobs:
shutdown_vm: false
run: |
sudo pkg install -y gcc perl5
- ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
+ ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-trace
- name: config dump
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
with:
diff --git a/.github/workflows/prov-compat-label.yml b/.github/workflows/prov-compat-label.yml
index 4fa4759c3d..c8e74ca89e 100644
--- a/.github/workflows/prov-compat-label.yml
+++ b/.github/workflows/prov-compat-label.yml
@@ -16,7 +16,7 @@ permissions:
contents: read
env:
- opts: enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib
+ opts: enable-rc5 enable-md2 enable-weak-ssl-ciphers enable-zlib
jobs:
fips-releases:
diff --git a/.github/workflows/provider-compatibility.yml b/.github/workflows/provider-compatibility.yml
index 290c2751ad..73dcf4cba1 100644
--- a/.github/workflows/provider-compatibility.yml
+++ b/.github/workflows/provider-compatibility.yml
@@ -24,7 +24,7 @@ permissions:
contents: read
env:
- opts: enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib
+ opts: enable-rc5 enable-md2 enable-weak-ssl-ciphers enable-zlib
jobs:
fips-releases:
diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml
index c301b34290..6ae86ed2b2 100644
--- a/.github/workflows/run-checker-daily.yml
+++ b/.github/workflows/run-checker-daily.yml
@@ -104,8 +104,6 @@ jobs:
no-sse2,
no-ssl,
no-ssl-trace,
- enable-ssl3,
- enable-ssl3-method,
enable-sslkeylog,
no-shared,
no-tests,
diff --git a/.github/workflows/static-analysis-on-prem.yml b/.github/workflows/static-analysis-on-prem.yml
index 0dc82eb427..30973ba49a 100644
--- a/.github/workflows/static-analysis-on-prem.yml
+++ b/.github/workflows/static-analysis-on-prem.yml
@@ -31,7 +31,7 @@ jobs:
with:
persist-credentials: false
- name: Config
- run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-lms enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
+ run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-lms enable-fips enable-rc5 enable-md2 enable-nextprotoneg enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
- name: Config dump
run: ./configdata.pm --dump
- name: Make
diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
index 3ee2769a13..b68cdb8af1 100644
--- a/.github/workflows/static-analysis.yml
+++ b/.github/workflows/static-analysis.yml
@@ -30,7 +30,7 @@ jobs:
--post-data "token=${{ secrets.COVERITY_TOKEN }}&project=openssl%2Fopenssl" \
--progress=dot:giga -O coverity_tool.tgz
- name: config
- run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-lms enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
+ run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-lms enable-fips enable-rc5 enable-md2 enable-nextprotoneg enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
- name: config dump
run: ./configdata.pm --dump
- name: tool install
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
index 55eac915cc..b364db30bc 100644
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -115,7 +115,7 @@ jobs:
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
- perl ..\Configure --banner=Configured --strict-warnings enable-demos no-makedepend no-shared no-fips enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-trace enable-crypto-mdebug -DOSSL_WINCTX=openssl VC-WIN64A-masm
+ perl ..\Configure --banner=Configured --strict-warnings enable-demos no-makedepend no-shared no-fips enable-md2 enable-rc5 enable-weak-ssl-ciphers enable-trace enable-crypto-mdebug -DOSSL_WINCTX=openssl VC-WIN64A-masm
perl configdata.pm --dump
- name: build
working-directory: _build
diff --git a/CHANGES.md b/CHANGES.md
index 3bf218a50a..43019834e1 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -32,6 +32,11 @@ OpenSSL 4.0
### Changes between 3.6 and 4.0 [xx XXX xxxx]
+ * Support for SSLv3 was removed. SSLv3 has been deprecated since
+ 2015, and OpenSSL had it disabled by default since 1.1.0 (2016).
+
+ *Kurt Roeckx*
+
* The script tool `c_rehash` was removed. Use `openssl rehash` instead.
*Norbert Pocs*
diff --git a/Configure b/Configure
index c365a61c97..5923af9a69 100755
--- a/Configure
+++ b/Configure
@@ -413,7 +413,7 @@ my $auto_threads=1; # enable threads automatically? true by default
my $default_ranlib;
# Known TLS and DTLS protocols
-my @tls = qw(ssl3 tls1 tls1_1 tls1_2 tls1_3);
+my @tls = qw(tls1 tls1_1 tls1_2 tls1_3);
my @dtls = qw(dtls1 dtls1_2);
# Explicitly known options that are possible to disable. They can
diff --git a/apps/ciphers.c b/apps/ciphers.c
index dc52b9f912..3f2e73c13a 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -20,7 +20,6 @@ typedef enum OPTION_choice {
OPT_COMMON,
OPT_STDNAME,
OPT_CONVERT,
- OPT_SSL3,
OPT_TLS1,
OPT_TLS1_1,
OPT_TLS1_2,
@@ -48,9 +47,6 @@ const OPTIONS ciphers_options[] = {
OPT_SECTION("Cipher specification"),
{ "s", OPT_S, '-', "Only supported ciphers" },
-#ifndef OPENSSL_NO_SSL3
- { "ssl3", OPT_SSL3, '-', "Ciphers compatible with SSL3" },
-#endif
#ifndef OPENSSL_NO_TLS1
{ "tls1", OPT_TLS1, '-', "Ciphers compatible with TLS1" },
#endif
@@ -135,10 +131,6 @@ int ciphers_main(int argc, char **argv)
case OPT_CONVERT:
convert = opt_arg();
break;
- case OPT_SSL3:
- min_version = SSL3_VERSION;
- max_version = SSL3_VERSION;
- break;
case OPT_TLS1:
min_version = TLS1_VERSION;
max_version = TLS1_VERSION;
diff --git a/apps/include/opt.h b/apps/include/opt.h
index a2facb0252..a9b50c3f00 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -157,7 +157,7 @@
*/
#define OPT_S_ENUM \
OPT_S__FIRST = 3000, \
- OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
+ OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_CLIENTRENEG, \
OPT_S_LEGACYCONN, \
@@ -176,7 +176,6 @@
#define OPT_S_OPTIONS \
OPT_SECTION("TLS/SSL"), \
- { "no_ssl3", OPT_S_NOSSL3, '-', "Just disable SSLv3" }, \
{ "no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1" }, \
{ "no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \
{ "no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2" }, \
@@ -239,7 +238,6 @@
OPT_S__FIRST: \
case OPT_S__LAST: \
break; \
- case OPT_S_NOSSL3: \
case OPT_S_NOTLS1: \
case OPT_S_NOTLS1_1: \
case OPT_S_NOTLS1_2: \
@@ -276,8 +274,8 @@
case OPT_S_NO_ETM: \
case OPT_S_NO_EMS
-#define IS_NO_PROT_FLAG(o) \
- (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
+#define IS_NO_PROT_FLAG(o) \
+ (o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
|| o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)
/*
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 016adb5043..0cca3a8fed 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -583,7 +583,6 @@ void apps_ssl_info_callback(const SSL *s, int where, int ret)
}
static STRINT_PAIR ssl_versions[] = {
- { "SSL 3.0", SSL3_VERSION },
{ "TLS 1.0", TLS1_VERSION },
{ "TLS 1.1", TLS1_1_VERSION },
{ "TLS 1.2", TLS1_2_VERSION },
@@ -666,7 +665,7 @@ void msg_cb(int write_p, int version, int content_type, const void *buf,
const char *str_version, *str_content_type = "", *str_details1 = "", *str_details2 = "";
const unsigned char *bp = buf;
- if (version == SSL3_VERSION || version == TLS1_VERSION || version == TLS1_1_VERSION || version == TLS1_2_VERSION || version == TLS1_3_VERSION || version == DTLS1_VERSION || version == DTLS1_BAD_VER) {
+ if (version == TLS1_VERSION || version == TLS1_1_VERSION || version == TLS1_2_VERSION || version == TLS1_3_VERSION || version == DTLS1_VERSION || version == DTLS1_BAD_VER) {
str_version = lookup(version, ssl_versions, "???");
switch (content_type) {
case SSL3_RT_CHANGE_CIPHER_SPEC:
diff --git a/apps/list.c b/apps/list.c
index f735101aab..5a9673180d 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -1548,9 +1548,6 @@ static void list_disabled(void)
#ifdef OPENSSL_NO_SRTP
BIO_puts(bio_out, "SRTP\n");
#endif
-#ifdef OPENSSL_NO_SSL3
- BIO_puts(bio_out, "SSL3\n");
-#endif
#ifdef OPENSSL_NO_TLS1
BIO_puts(bio_out, "TLS1\n");
#endif
diff --git a/apps/s_client.c b/apps/s_client.c
index 55e8b02256..7b2cabdc42 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -530,7 +530,6 @@ typedef enum OPTION_choice {
OPT_SRP_LATEUSER,
OPT_SRP_MOREGROUPS,
#endif
- OPT_SSL3,
OPT_SSL_CONFIG,
OPT_TLS1_3,
OPT_TLS1_2,
@@ -760,9 +759,6 @@ const OPTIONS s_client_options[] = {
{ "nbio", OPT_NBIO, '-', "Use non-blocking IO" },
OPT_SECTION("Protocol and version"),
-#ifndef OPENSSL_NO_SSL3
- { "ssl3", OPT_SSL3, '-', "Just use SSLv3" },
-#endif
#ifndef OPENSSL_NO_TLS1
{ "tls1", OPT_TLS1, '-', "Just use TLSv1" },
#endif
@@ -888,7 +884,7 @@ static const OPT_PAIR services[] = {
#define IS_UNIX_FLAG(o) (o == OPT_UNIX)
#define IS_PROT_FLAG(o) \
- (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
+ (o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
|| o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2 \
|| o == OPT_QUIC)
@@ -1369,15 +1365,6 @@ int s_client_main(int argc, char **argv)
case OPT_SSL_CONFIG:
ssl_config = opt_arg();
break;
- case OPT_SSL3:
- min_version = SSL3_VERSION;
- max_version = SSL3_VERSION;
- socket_type = SOCK_STREAM;
-#ifndef OPENSSL_NO_DTLS
- isdtls = 0;
-#endif
- isquic = 0;
- break;
case OPT_TLS1_3:
min_version = TLS1_3_VERSION;
max_version = TLS1_3_VERSION;
diff --git a/apps/s_server.c b/apps/s_server.c
index dd5431ca30..2846ade6b5 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1025,7 +1025,6 @@ typedef enum OPTION_choice {
OPT_SPLIT_SEND_FRAG,
OPT_MAX_PIPELINES,
OPT_READ_BUF,
- OPT_SSL3,
OPT_TLS1_3,
OPT_TLS1_2,
OPT_TLS1_1,
@@ -1270,9 +1269,6 @@ const OPTIONS s_server_options[] = {
{ "no_ca_names", OPT_NOCANAMES, '-',
"Disable TLS Extension CA Names" },
{ "stateless", OPT_STATELESS, '-', "Require TLSv1.3 cookies" },
-#ifndef OPENSSL_NO_SSL3
- { "ssl3", OPT_SSL3, '-', "Just talk SSLv3" },
-#endif
#ifndef OPENSSL_NO_TLS1
{ "tls1", OPT_TLS1, '-', "Just talk TLSv1" },
#endif
@@ -1326,8 +1322,8 @@ const OPTIONS s_server_options[] = {
{ NULL }
};
-#define IS_PROT_FLAG(o) \
- (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
+#define IS_PROT_FLAG(o) \
+ (o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
|| o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
int s_server_main(int argc, char *argv[])
@@ -1856,10 +1852,6 @@ int s_server_main(int argc, char *argv[])
case OPT_SSL_CONFIG:
ssl_config = opt_arg();
break;
- case OPT_SSL3:
- min_version = SSL3_VERSION;
- max_version = SSL3_VERSION;
- break;
case OPT_TLS1_3:
min_version = TLS1_3_VERSION;
max_version = TLS1_3_VERSION;
diff --git a/apps/s_time.c b/apps/s_time.c
index e52f456838..7e34f01045 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -61,7 +61,6 @@ typedef enum OPTION_choice {
OPT_BUGS,
OPT_VERIFY,
OPT_TIME,
- OPT_SSL3,
OPT_WWW,
OPT_TLS1,
OPT_TLS1_1,
@@ -83,9 +82,6 @@ const OPTIONS s_time_options[] = {
{ "cipher", OPT_CIPHER, 's', "TLSv1.2 and below cipher list to be used" },
{ "ciphersuites", OPT_CIPHERSUITES, 's',
"Specify TLSv1.3 ciphersuites to be used" },
-#ifndef OPENSSL_NO_SSL3
- { "ssl3", OPT_SSL3, '-', "Just use SSLv3" },
-#endif
#ifndef OPENSSL_NO_TLS1
{ "tls1", OPT_TLS1, '-', "Just use TLSv1.0" },
#endif
@@ -226,10 +222,6 @@ int s_time_main(int argc, char **argv)
goto end;
}
break;
- case OPT_SSL3:
- min_version = SSL3_VERSION;
- max_version = SSL3_VERSION;
- break;
case OPT_TLS1:
min_version = TLS1_VERSION;
max_version = TLS1_VERSION;
@@ -326,8 +318,6 @@ int s_time_main(int argc, char **argv)
ver = SSL_version(scon);
if (ver == TLS1_VERSION)
ver = 't';
- else if (ver == SSL3_VERSION)
- ver = '3';
else
ver = '*';
}
@@ -408,8 +398,6 @@ next:
ver = SSL_version(scon);
if (ver == TLS1_VERSION)
ver = 't';
- else if (ver == SSL3_VERSION)
- ver = '3';
else
ver = '*';
}
diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
index 217326d122..66229eb020 100644
--- a/doc/man1/openssl-ciphers.pod.in
+++ b/doc/man1/openssl-ciphers.pod.in
@@ -12,7 +12,6 @@ B<openssl> B<ciphers>
[B<-s>]
[B<-v>]
[B<-V>]
-[B<-ssl3>]
[B<-tls1>]
[B<-tls1_1>]
[B<-tls1_2>]
@@ -76,7 +75,7 @@ L<SSL_CIPHER_description(3)>.
Like B<-v>, but include the official cipher suite values in hex.
-=item B<-tls1_3>, B<-tls1_2>, B<-tls1_1>, B<-tls1>, B<-ssl3>
+=item B<-tls1_3>, B<-tls1_2>, B<-tls1_1>, B<-tls1>
In combination with the B<-s> option, list the ciphers which could be used if
the specified protocol were negotiated.
diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in
index bc2d3c822f..ecaf7344c8 100644
--- a/doc/man1/openssl-s_client.pod.in
+++ b/doc/man1/openssl-s_client.pod.in
@@ -912,7 +912,7 @@ then an HTTP command can be given such as "GET /" to retrieve a web page.
If the handshake fails then there are several possible causes, if it is
nothing obvious like no client certificate then the B<-bugs>,
-B<-ssl3>, B<-tls1>, B<-no_ssl3>, B<-no_tls1> options can be tried
+B<-tls1>, B<-no_tls1> options can be tried
in case it is a buggy server. In particular you should play with these
options B<before> submitting a bug report to an OpenSSL mailing list.
diff --git a/doc/man1/openssl-s_time.pod.in b/doc/man1/openssl-s_time.pod.in
index b483aab68e..23f9d48cba 100644
--- a/doc/man1/openssl-s_time.pod.in
+++ b/doc/man1/openssl-s_time.pod.in
@@ -17,7 +17,6 @@ B<openssl> B<s_time>
[B<-new>]
[B<-verify> I<depth>]
[B<-time> I<seconds>]
-[B<-ssl3>]
[B<-tls1>]
[B<-tls1_1>]
[B<-tls1_2>]
@@ -128,7 +127,7 @@ can establish.
This is an obsolete synonym for B<-CAfile>.
-=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>
+=item B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>
See L<openssl(1)/TLS Version Options>.
@@ -151,7 +150,7 @@ by the client the same way the aforementioned option does.
This command can be used to measure the performance of an SSL connection.
To connect to an SSL HTTP server and get the default page the command
- openssl s_time -connect servername:443 -www / -CApath yourdir -CAfile yourfile.pem -cipher commoncipher [-ssl3]
+ openssl s_time -connect servername:443 -www / -CApath yourdir -CAfile yourfile.pem -cipher commoncipher
would typically be used (https uses port 443). I<commoncipher> is a cipher to
which both client and server can agree, see the L<openssl-ciphers(1)> command
@@ -159,7 +158,7 @@ for details.
If the handshake fails then there are several possible causes, if it is
nothing obvious like no client certificate then the B<-bugs> and
-B<-ssl3> options can be tried
+B<-tls1> options can be tried
in case it is a buggy server. In particular you should play with these
options B<before> submitting a bug report to an OpenSSL mailing list.
diff --git a/doc/man1/openssl-sess_id.pod.in b/doc/man1/openssl-sess_id.pod.in
index 92d7500f4f..827a2afaca 100644
--- a/doc/man1/openssl-sess_id.pod.in
+++ b/doc/man1/openssl-sess_id.pod.in
@@ -98,7 +98,7 @@ These are described below in more detail.
=item B<Protocol>
-This is the protocol in use TLSv1.3, TLSv1.2, TLSv1.1, TLSv1 or SSLv3.
+This is the protocol in use TLSv1.3, TLSv1.2, TLSv1.1 or TLSv1.
=item B<Cipher>
diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
index 9b6ed98cfb..ff66bcb260 100644
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@@ -597,7 +597,7 @@ OpenSSL was built.
=over 4
-=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
+=item B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
These options require or disable the use of the specified SSL or TLS protocols.
When a specific TLS version is required, only that version will be offered or
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index 3b84f16074..5813d59128 100644
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -309,9 +309,9 @@ Attempts to use B<file> as the set of temporary DH parameters for
the appropriate context. This option is only supported if certificate
operations are permitted.
-=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
+=item B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
-Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by
+Disables protocol support for TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by
setting the corresponding options B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>,
B<SSL_OP_NO_TLSv1_1>, B<SSL_OP_NO_TLSv1_2> and B<SSL_OP_NO_TLSv1_3>
respectively. These options are deprecated, use B<-min_protocol> and
diff --git a/doc/man3/SSL_CTX_new.pod b/doc/man3/SSL_CTX_new.pod
index 627d9e7f0d..ba24120f77 100644
--- a/doc/man3/SSL_CTX_new.pod
+++ b/doc/man3/SSL_CTX_new.pod
@@ -125,7 +125,7 @@ can be one of the following:
These are the general-purpose I<version-flexible> SSL/TLS methods.
The actual protocol version used will be negotiated to the highest version
mutually supported by the client and the server.
-The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3.
+The supported protocols are TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3.
Applications should use these methods, and avoid the version-specific
methods described below, which are deprecated.
@@ -155,9 +155,7 @@ TLSv1 protocol. These methods are deprecated.
=item SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()
-A TLS/SSL connection established with these methods will only understand the
-SSLv3 protocol.
-The SSLv3 protocol is deprecated and should not be used.
+Starting in version 3.6 those functions always return NULL.
=item DTLS_method(), DTLS_server_method(), DTLS_client_method()
diff --git a/doc/perlvars.pm b/doc/perlvars.pm
index ae3dfad545..82d37a6074 100644
--- a/doc/perlvars.pm
+++ b/doc/perlvars.pm
@@ -131,19 +131,17 @@ $OpenSSL::safe::opt_trust_item = ""
# TLS Version Options
$OpenSSL::safe::opt_versiontls_synopsis = ""
-. "[B<-no_ssl3>]\n"
. "[B<-no_tls1>]\n"
. "[B<-no_tls1_1>]\n"
. "[B<-no_tls1_2>]\n"
. "[B<-no_tls1_3>]\n"
-. "[B<-ssl3>]\n"
. "[B<-tls1>]\n"
. "[B<-tls1_1>]\n"
. "[B<-tls1_2>]\n"
. "[B<-tls1_3>]";
$OpenSSL::safe::opt_versiontls_item = ""
-. "=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>,\n"
-. "B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>\n"
+. "=item B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>,\n"
+. "B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>\n"
. "\n"
. "See L<openssl(1)/TLS Version Options>.";
diff --git a/ssl/build.info b/ssl/build.info
index 7f4ecaa68f..d293d966b6 100644
--- a/ssl/build.info
+++ b/ssl/build.info
@@ -4,7 +4,7 @@ LIBS=../libssl
SOURCE[../libssl]=\
pqueue.c \
- statem/statem_srvr.c statem/statem_clnt.c s3_lib.c s3_enc.c \
+ statem/statem_srvr.c statem/statem_clnt.c s3_lib.c s3_enc.c \
statem/statem_lib.c statem/extensions.c statem/extensions_srvr.c \
statem/extensions_clnt.c statem/extensions_cust.c s3_msg.c \
methods.c t1_lib.c t1_enc.c tls13_enc.c \
diff --git a/ssl/methods.c b/ssl/methods.c
index 0709883905..35d84444f1 100644
--- a/ssl/methods.c
+++ b/ssl/methods.c
@@ -41,9 +41,6 @@ IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
tlsv1_method,
ossl_statem_accept, ossl_statem_connect, TLSv1_enc_data)
#endif
-#ifndef OPENSSL_NO_SSL3_METHOD
-IMPLEMENT_ssl3_meth_func(sslv3_method, ossl_statem_accept, ossl_statem_connect)
-#endif
/*-
* TLS/SSLv3 server methods
*/
@@ -73,10 +70,6 @@ IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
ossl_statem_accept,
ssl_undefined_function, TLSv1_enc_data)
#endif
-#ifndef OPENSSL_NO_SSL3_METHOD
-IMPLEMENT_ssl3_meth_func(sslv3_server_method,
- ossl_statem_accept, ssl_undefined_function)
-#endif
/*-
* TLS/SSLv3 client methods
*/
@@ -106,10 +99,6 @@ IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
ssl_undefined_function,
ossl_statem_connect, TLSv1_enc_data)
#endif
-#ifndef OPENSSL_NO_SSL3_METHOD
-IMPLEMENT_ssl3_meth_func(sslv3_client_method,
- ssl_undefined_function, ossl_statem_connect)
-#endif
/*-
* DTLS methods
*/
@@ -228,17 +217,17 @@ const SSL_METHOD *TLSv1_client_method(void)
#ifndef OPENSSL_NO_SSL3_METHOD
const SSL_METHOD *SSLv3_method(void)
{
- return sslv3_method();
+ return NULL;
}
const SSL_METHOD *SSLv3_server_method(void)
{
- return sslv3_server_method();
+ return NULL;
}
const SSL_METHOD *SSLv3_client_method(void)
{
- return sslv3_client_method();
+ return NULL;
}
#endif
diff --git a/ssl/record/methods/build.info b/ssl/record/methods/build.info
index 8b1af5dd5d..4893ce9212 100644
--- a/ssl/record/methods/build.info
+++ b/ssl/record/methods/build.info
@@ -4,7 +4,7 @@ IF[{- !$disabled{ktls} -}]
ENDIF
SOURCE[../../../libssl]=\
- tls_common.c ssl3_meth.c tls1_meth.c tls13_meth.c tlsany_meth.c \
+ tls_common.c tls1_meth.c tls13_meth.c tlsany_meth.c \
dtls_meth.c tls_multib.c $KTLSSRC
# For shared builds we need to include the sources needed in providers
diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h
index 4ffce8d663..d2bb7b394d 100644
--- a/ssl/record/methods/recmethod_local.h
+++ b/ssl/record/methods/recmethod_local.h
@@ -378,7 +378,6 @@ typedef struct dtls_rlayer_record_data_st {
TLS_RL_RECORD rrec;
} DTLS_RLAYER_RECORD_DATA;
-extern const struct record_functions_st ssl_3_0_funcs;
extern const struct record_functions_st tls_1_funcs;
extern const struct record_functions_st tls_1_3_funcs;
extern const struct record_functions_st tls_any_funcs;
diff --git a/ssl/record/methods/ssl3_meth.c b/ssl/record/methods/ssl3_meth.c
deleted file mode 100644
index 086d8f94f8..0000000000
--- a/ssl/record/methods/ssl3_meth.c
+++ /dev/null
@@ -1,331 +0,0 @@
-/*
- * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/evp.h>
-#include <openssl/core_names.h>
-#include "internal/ssl3_cbc.h"
-#include "../../ssl_local.h"
-#include "../record_local.h"
-#include "recmethod_local.h"
-
-static int ssl3_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
- unsigned char *key, size_t keylen,
- unsigned char *iv, size_t ivlen,
- unsigned char *mackey, size_t mackeylen,
- const EVP_CIPHER *ciph,
- size_t taglen,
- int mactype,
- const EVP_MD *md,
- COMP_METHOD *comp)
-{
- EVP_CIPHER_CTX *ciph_ctx;
- int enc = (rl->direction == OSSL_RECORD_DIRECTION_WRITE) ? 1 : 0;
-
- if (md == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
- return OSSL_RECORD_RETURN_FATAL;
- }
-
- if ((rl->enc_ctx = EVP_CIPHER_CTX_new()) == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
- return OSSL_RECORD_RETURN_FATAL;
- }
- ciph_ctx = rl->enc_ctx;
-
- rl->md_ctx = EVP_MD_CTX_new();
- if (rl->md_ctx == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
- return OSSL_RECORD_RETURN_FATAL;
- }
-
- if ((md != NULL && EVP_DigestInit_ex(rl->md_ctx, md, NULL) <= 0)) {
- ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
- return OSSL_RECORD_RETURN_FATAL;
- }
-
-#ifndef OPENSSL_NO_COMP
- if (comp != NULL) {
- rl->compctx = COMP_CTX_new(comp);
- if (rl->compctx == NULL) {
- ERR_raise(ERR_LIB_SSL, SSL_R_COMPRESSION_LIBRARY_ERROR);
- return OSSL_RECORD_RETURN_FATAL;
- }
- }
-#endif
-
- if (!EVP_CipherInit_ex(ciph_ctx, ciph, NULL, key, iv, enc)) {
- ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
- return OSSL_RECORD_RETURN_FATAL;
- }
-
- if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(ciph_ctx)) != NULL
- && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md)) {
- /* ERR_raise already called */
- return OSSL_RECORD_RETURN_FATAL;
- }
-
- if (mackeylen > sizeof(rl->mac_secret)) {
- ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
- return OSSL_RECORD_RETURN_FATAL;
- }
- memcpy(rl->mac_secret, mackey, mackeylen);
-
- return OSSL_RECORD_RETURN_SUCCESS;
-}
-
-/*
- * ssl3_cipher encrypts/decrypts |n_recs| records in |inrecs|. Calls RLAYERfatal
- * on internal error, but not otherwise. It is the responsibility of the caller
- * to report a bad_record_mac
- *
- * Returns:
- * 0: if the record is publicly invalid, or an internal error
- * 1: Success or Mac-then-encrypt decryption failed (MAC will be randomised)
- */
-static int ssl3_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *inrecs,
- size_t n_recs, int sending, SSL_MAC_BUF *mac,
- size_t macsize)
-{
- TLS_RL_RECORD *rec;
- EVP_CIPHER_CTX *ds;
- size_t l, i;
- size_t bs;
- const EVP_CIPHER *enc;
- int provided;
-
- rec = inrecs;
- /*
- * We shouldn't ever be called with more than one record in the SSLv3 case
- */
- if (n_recs != 1)
- return 0;
-
- ds = rl->enc_ctx;
- if (ds == NULL || (enc = EVP_CIPHER_CTX_get0_cipher(ds)) == NULL)
- return 0;
-
- provided = (EVP_CIPHER_get0_provider(enc) != NULL);
-
- l = rec->length;
- bs = EVP_CIPHER_CTX_get_block_size(ds);
-
- if (bs == 0)
- return 0;
-
- /* COMPRESS */
-
- if ((bs != 1) && sending && !provided) {
- /*
- * We only do this for legacy ciphers. Provided ciphers add the
- * padding on the provider side.
- */
- i = bs - (l % bs);
-
- /* we need to add 'i-1' padding bytes */
- l += i;
- /*
- * the last of these zero bytes will be overwritten with the
- * padding length.
- */
- memset(&rec->input[rec->length], 0, i);
- rec->length += i;
- rec->input[l - 1] = (unsigned char)(i - 1);
- }
-
- if (!sending) {
- if (l == 0 || l % bs != 0) {
- /* Publicly invalid */
- return 0;
- }
- /* otherwise, rec->length >= bs */
- }
-
- if (provided) {
- int outlen;
-
- if (!EVP_CipherUpdate(ds, rec->data, &outlen, rec->input,
- (unsigned int)l))
- return 0;
- rec->length = outlen;
-
- if (!sending && mac != NULL) {
- /* Now get a pointer to the MAC */
- OSSL_PARAM params[2], *p = params;
-
- /* Get the MAC */
- mac->alloced = 0;
-
- *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_TLS_MAC,
- (void **)&mac->mac,
- macsize);
- *p = OSSL_PARAM_construct_end();
-
- if (!EVP_CIPHER_CTX_get_params(ds, params)) {
- /* Shouldn't normally happen */
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
- }
- }
- } else {
- if (EVP_Cipher(ds, rec->data, rec->input, (unsigned int)l) < 1) {
- /* Shouldn't happen */
- RLAYERfatal(rl, SSL_AD_BAD_RECORD_MAC, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- if (!sending)
- return ssl3_cbc_remove_padding_and_mac(&rec->length,
- rec->orig_len,
- rec->data,
- (mac != NULL) ? &mac->mac : NULL,
- (mac != NULL) ? &mac->alloced : NULL,
- bs,
- macsize,
- rl->libctx);
- }
-
- return 1;
-}
-
-static const unsigned char ssl3_pad_1[48] = {
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
-};
-
-static const unsigned char ssl3_pad_2[48] = {
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
-};
-
-static int ssl3_mac(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec, unsigned char *md,
- int sending)
-{
- unsigned char *mac_sec, *seq = rl->sequence;
- const EVP_MD_CTX *hash;
- unsigned char *p, rec_char;
- size_t md_size;
- size_t npad;
- int t;
-
- mac_sec = &(rl->mac_secret[0]);
- hash = rl->md_ctx;
-
- t = EVP_MD_CTX_get_size(hash);
- if (t <= 0)
- return 0;
- md_size = t;
- npad = (48 / md_size) * md_size;
-
- if (!sending
- && EVP_CIPHER_CTX_get_mode(rl->enc_ctx) == EVP_CIPH_CBC_MODE
- && ssl3_cbc_record_digest_supported(hash)) {
-#ifdef OPENSSL_NO_DEPRECATED_3_0
- return 0;
-#else
- /*
- * This is a CBC-encrypted record. We must avoid leaking any
- * timing-side channel information about how many blocks of data we
- * are hashing because that gives an attacker a timing-oracle.
- */
-
- /*-
- * npad is, at most, 48 bytes and that's with MD5:
- * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
- *
- * With SHA-1 (the largest hash speced for SSLv3) the hash size
- * goes up 4, but npad goes down by 8, resulting in a smaller
- * total size.
- */
- unsigned char header[75];
- size_t j = 0;
- memcpy(header + j, mac_sec, md_size);
- j += md_size;
- memcpy(header + j, ssl3_pad_1, npad);
- j += npad;
- memcpy(header + j, seq, 8);
- j += 8;
- header[j++] = rec->type;
- header[j++] = (unsigned char)(rec->length >> 8);
- header[j++] = (unsigned char)(rec->length & 0xff);
-
- /* Final param == is SSLv3 */
- if (ssl3_cbc_digest_record(EVP_MD_CTX_get0_md(hash),
- md, &md_size,
- header, rec->input,
- rec->length, rec->orig_len,
- mac_sec, md_size, 1)
- <= 0)
- return 0;
-#endif
- } else {
- unsigned int md_size_u;
- /* Chop the digest off the end :-) */
- EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
-
- if (md_ctx == NULL)
- return 0;
-
- rec_char = rec->type;
- p = md;
- s2n(rec->length, p);
- if (EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0
- || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0
- || EVP_DigestUpdate(md_ctx, ssl3_pad_1, npad) <= 0
- || EVP_DigestUpdate(md_ctx, seq, 8) <= 0
- || EVP_DigestUpdate(md_ctx, &rec_char, 1) <= 0
- || EVP_DigestUpdate(md_ctx, md, 2) <= 0
- || EVP_DigestUpdate(md_ctx, rec->input, rec->length) <= 0
- || EVP_DigestFinal_ex(md_ctx, md, NULL) <= 0
- || EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0
- || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0
- || EVP_DigestUpdate(md_ctx, ssl3_pad_2, npad) <= 0
- || EVP_DigestUpdate(md_ctx, md, md_size) <= 0
- || EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) {
- EVP_MD_CTX_free(md_ctx);
- return 0;
- }
-
- EVP_MD_CTX_free(md_ctx);
- }
-
- if (!tls_increment_sequence_ctr(rl))
- return 0;
-
- return 1;
-}
-
-const struct record_functions_st ssl_3_0_funcs = {
- ssl3_set_crypto_state,
- ssl3_cipher,
- ssl3_mac,
- tls_default_set_protocol_version,
- tls_default_read_n,
- tls_get_more_records,
- tls_default_validate_record_header,
- tls_default_post_process_record,
- tls_get_max_records_default,
- tls_write_records_default,
- /* These 2 functions are defined in tls1_meth.c */
- tls1_allocate_write_buffers,
- tls1_initialise_write_packets,
- NULL,
- tls_prepare_record_header_default,
- NULL,
- tls_prepare_for_encryption_default,
- tls_post_encryption_processing_default,
- NULL
-};
diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 4ddcb21b73..aa43dba6a4 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -1425,9 +1425,6 @@ tls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
case TLS1_VERSION:
(*retrl)->funcs = &tls_1_funcs;
break;
- case SSL3_VERSION:
- (*retrl)->funcs = &ssl_3_0_funcs;
- break;
default:
/* Should not happen */
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index bcb833406f..2f5a3945fa 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -11,205 +11,10 @@
#include <stdio.h>
#include "ssl_local.h"
#include <openssl/evp.h>
-#include <openssl/md5.h>
#include <openssl/core_names.h>
#include "internal/cryptlib.h"
#include "internal/ssl_unwrap.h"
-static int ssl3_generate_key_block(SSL_CONNECTION *s, unsigned char *km, int num)
-{
- const EVP_MD *md5 = NULL, *sha1 = NULL;
- EVP_MD_CTX *m5;
- EVP_MD_CTX *s1;
- unsigned char buf[16], smd[SHA_DIGEST_LENGTH];
- unsigned char c = 'A';
- unsigned int i, k;
- int ret = 0;
- SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
-
-#ifdef CHARSET_EBCDIC
- c = os_toascii[c]; /* 'A' in ASCII */
-#endif
- k = 0;
- md5 = EVP_MD_fetch(sctx->libctx, "MD5", sctx->propq);
- sha1 = EVP_MD_fetch(sctx->libctx, "SHA1", sctx->propq);
- m5 = EVP_MD_CTX_new();
- s1 = EVP_MD_CTX_new();
- if (md5 == NULL || sha1 == NULL || m5 == NULL || s1 == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
- goto err;
- }
- for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
- k++;
- if (k > sizeof(buf)) {
- /* bug: 'buf' is too small for this ciphersuite */
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- memset(buf, c, k);
- c++;
- if (!EVP_DigestInit_ex(s1, sha1, NULL)
- || !EVP_DigestUpdate(s1, buf, k)
- || !EVP_DigestUpdate(s1, s->session->master_key,
- s->session->master_key_length)
- || !EVP_DigestUpdate(s1, s->s3.server_random, SSL3_RANDOM_SIZE)
- || !EVP_DigestUpdate(s1, s->s3.client_random, SSL3_RANDOM_SIZE)
- || !EVP_DigestFinal_ex(s1, smd, NULL)
- || !EVP_DigestInit_ex(m5, md5, NULL)
- || !EVP_DigestUpdate(m5, s->session->master_key,
- s->session->master_key_length)
- || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- if ((int)(i + MD5_DIGEST_LENGTH) > num) {
- if (!EVP_DigestFinal_ex(m5, smd, NULL)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- memcpy(km, smd, (num - i));
- } else {
- if (!EVP_DigestFinal_ex(m5, km, NULL)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- }
-
- km += MD5_DIGEST_LENGTH;
- }
- OPENSSL_cleanse(smd, sizeof(smd));
- ret = 1;
-err:
- EVP_MD_CTX_free(m5);
- EVP_MD_CTX_free(s1);
- ssl_evp_md_free(md5);
- ssl_evp_md_free(sha1);
- return ret;
-}
-
-int ssl3_change_cipher_state(SSL_CONNECTION *s, int which)
-{
- unsigned char *p, *mac_secret;
- size_t md_len;
- unsigned char *key, *iv;
- const EVP_CIPHER *ciph;
- const SSL_COMP *comp = NULL;
- const EVP_MD *md;
- int mdi;
- size_t n, iv_len, key_len;
- int direction = (which & SSL3_CC_READ) != 0 ? OSSL_RECORD_DIRECTION_READ
- : OSSL_RECORD_DIRECTION_WRITE;
-
- ciph = s->s3.tmp.new_sym_enc;
- md = s->s3.tmp.new_hash;
- /* m == NULL will lead to a crash later */
- if (!ossl_assert(md != NULL)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-#ifndef OPENSSL_NO_COMP
- comp = s->s3.tmp.new_compression;
-#endif
-
- p = s->s3.tmp.key_block;
- mdi = EVP_MD_get_size(md);
- if (mdi <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- md_len = (size_t)mdi;
- key_len = EVP_CIPHER_get_key_length(ciph);
- iv_len = EVP_CIPHER_get_iv_length(ciph);
-
- if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
- mac_secret = &(p[0]);
- n = md_len + md_len;
- key = &(p[n]);
- n += key_len + key_len;
- iv = &(p[n]);
- n += iv_len + iv_len;
- } else {
- n = md_len;
- mac_secret = &(p[n]);
- n += md_len + key_len;
- key = &(p[n]);
- n += key_len + iv_len;
- iv = &(p[n]);
- n += iv_len;
- }
-
- if (n > s->s3.tmp.key_block_length) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- if (!ssl_set_new_record_layer(s, SSL3_VERSION,
- direction,
- OSSL_RECORD_PROTECTION_LEVEL_APPLICATION,
- NULL, 0, key, key_len, iv, iv_len, mac_secret,
- md_len, ciph, 0, NID_undef, md, comp, NULL)) {
- /* SSLfatal already called */
- goto err;
- }
-
- return 1;
-err:
- return 0;
-}
-
-int ssl3_setup_key_block(SSL_CONNECTION *s)
-{
- unsigned char *p;
- const EVP_CIPHER *c;
- const EVP_MD *hash;
- int num;
- int ret = 0;
- SSL_COMP *comp;
-
- if (s->s3.tmp.key_block_length != 0)
- return 1;
-
- if (!ssl_cipher_get_evp(SSL_CONNECTION_GET_CTX(s), s->session, &c, &hash,
- NULL, NULL, &comp, 0)) {
- /* Error is already recorded */
- SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
- return 0;
- }
-
- ssl_evp_cipher_free(s->s3.tmp.new_sym_enc);
- s->s3.tmp.new_sym_enc = c;
- ssl_evp_md_free(s->s3.tmp.new_hash);
- s->s3.tmp.new_hash = hash;
-#ifdef OPENSSL_NO_COMP
- s->s3.tmp.new_compression = NULL;
-#else
- s->s3.tmp.new_compression = comp;
-#endif
-
- num = EVP_MD_get_size(hash);
- if (num <= 0)
- return 0;
-
- num = EVP_CIPHER_get_key_length(c) + num + EVP_CIPHER_get_iv_length(c);
- num *= 2;
-
- ssl3_cleanup_key_block(s);
-
- if ((p = OPENSSL_malloc(num)) == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
- return 0;
- }
-
- s->s3.tmp.key_block_length = num;
- s->s3.tmp.key_block = p;
-
- /* Calls SSLfatal() as required */
- ret = ssl3_generate_key_block(s, p, num);
-
- return ret;
-}
-
void ssl3_cleanup_key_block(SSL_CONNECTION *s)
{
OPENSSL_clear_free(s->s3.tmp.key_block, s->s3.tmp.key_block_length);
@@ -307,199 +112,3 @@ int ssl3_digest_cached_records(SSL_CONNECTION *s, int keep)
return 1;
}
-
-void ssl3_digest_master_key_set_params(const SSL_SESSION *session,
- OSSL_PARAM params[])
-{
- int n = 0;
- params[n++] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
- (void *)session->master_key,
- session->master_key_length);
- params[n++] = OSSL_PARAM_construct_end();
-}
-
-size_t ssl3_final_finish_mac(SSL_CONNECTION *s, const char *sender, size_t len,
- unsigned char *p)
-{
- int ret;
- EVP_MD_CTX *ctx = NULL;
-
- if (!ssl3_digest_cached_records(s, 0)) {
- /* SSLfatal() already called */
- return 0;
- }
-
- if (EVP_MD_CTX_get_type(s->s3.handshake_dgst) != NID_md5_sha1) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_REQUIRED_DIGEST);
- return 0;
- }
-
- ctx = EVP_MD_CTX_new();
- if (ctx == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
- return 0;
- }
- if (!EVP_MD_CTX_copy_ex(ctx, s->s3.handshake_dgst)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- ret = 0;
- goto err;
- }
-
- ret = EVP_MD_CTX_get_size(ctx);
- if (ret < 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- ret = 0;
- goto err;
- }
-
- if (sender != NULL) {
- OSSL_PARAM digest_cmd_params[3];
-
- ssl3_digest_master_key_set_params(s->session, digest_cmd_params);
-
- if (EVP_DigestUpdate(ctx, sender, len) <= 0
- || EVP_MD_CTX_set_params(ctx, digest_cmd_params) <= 0
- || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- ret = 0;
- }
- }
-
-err:
- EVP_MD_CTX_free(ctx);
-
- return ret;
-}
-
-int ssl3_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,
- unsigned char *p,
- size_t len, size_t *secret_size)
-{
- static const unsigned char *const salt[3] = {
-#ifndef CHARSET_EBCDIC
- (const unsigned char *)"A",
- (const unsigned char *)"BB",
- (const unsigned char *)"CCC",
-#else
- (const unsigned char *)"\x41",
- (const unsigned char *)"\x42\x42",
- (const unsigned char *)"\x43\x43\x43",
-#endif
- };
- unsigned char buf[EVP_MAX_MD_SIZE];
- EVP_MD_CTX *ctx = EVP_MD_CTX_new();
- int i, ret = 1;
- unsigned int n;
- size_t ret_secret_size = 0;
-
- if (ctx == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
- return 0;
- }
- for (i = 0; i < 3; i++) {
- if (EVP_DigestInit_ex(ctx, SSL_CONNECTION_GET_CTX(s)->sha1, NULL) <= 0
- || EVP_DigestUpdate(ctx, salt[i],
- strlen((const char *)salt[i]))
- <= 0
- || EVP_DigestUpdate(ctx, p, len) <= 0
- || EVP_DigestUpdate(ctx, &(s->s3.client_random[0]),
- SSL3_RANDOM_SIZE)
- <= 0
- || EVP_DigestUpdate(ctx, &(s->s3.server_random[0]),
- SSL3_RANDOM_SIZE)
- <= 0
- || EVP_DigestFinal_ex(ctx, buf, &n) <= 0
- || EVP_DigestInit_ex(ctx, SSL_CONNECTION_GET_CTX(s)->md5, NULL) <= 0
- || EVP_DigestUpdate(ctx, p, len) <= 0
- || EVP_DigestUpdate(ctx, buf, n) <= 0
- || EVP_DigestFinal_ex(ctx, out, &n) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- ret = 0;
- break;
- }
- out += n;
- ret_secret_size += n;
- }
- EVP_MD_CTX_free(ctx);
-
- OPENSSL_cleanse(buf, sizeof(buf));
- if (ret)
- *secret_size = ret_secret_size;
- return ret;
-}
-
-int ssl3_alert_code(int code)
-{
- switch (code) {
- case SSL_AD_CLOSE_NOTIFY:
- return SSL3_AD_CLOSE_NOTIFY;
- case SSL_AD_UNEXPECTED_MESSAGE:
- return SSL3_AD_UNEXPECTED_MESSAGE;
- case SSL_AD_BAD_RECORD_MAC:
- return SSL3_AD_BAD_RECORD_MAC;
- case SSL_AD_DECRYPTION_FAILED:
- return SSL3_AD_BAD_RECORD_MAC;
- case SSL_AD_RECORD_OVERFLOW:
- return SSL3_AD_BAD_RECORD_MAC;
- case SSL_AD_DECOMPRESSION_FAILURE:
- return SSL3_AD_DECOMPRESSION_FAILURE;
- case SSL_AD_HANDSHAKE_FAILURE:
- return SSL3_AD_HANDSHAKE_FAILURE;
- case SSL_AD_NO_CERTIFICATE:
- return SSL3_AD_NO_CERTIFICATE;
- case SSL_AD_BAD_CERTIFICATE:
- return SSL3_AD_BAD_CERTIFICATE;
- case SSL_AD_UNSUPPORTED_CERTIFICATE:
- return SSL3_AD_UNSUPPORTED_CERTIFICATE;
- case SSL_AD_CERTIFICATE_REVOKED:
- return SSL3_AD_CERTIFICATE_REVOKED;
- case SSL_AD_CERTIFICATE_EXPIRED:
- return SSL3_AD_CERTIFICATE_EXPIRED;
- case SSL_AD_CERTIFICATE_UNKNOWN:
- return SSL3_AD_CERTIFICATE_UNKNOWN;
- case SSL_AD_ILLEGAL_PARAMETER:
- return SSL3_AD_ILLEGAL_PARAMETER;
- case SSL_AD_UNKNOWN_CA:
- return SSL3_AD_BAD_CERTIFICATE;
- case SSL_AD_ACCESS_DENIED:
- return SSL3_AD_HANDSHAKE_FAILURE;
- case SSL_AD_DECODE_ERROR:
- return SSL3_AD_HANDSHAKE_FAILURE;
- case SSL_AD_DECRYPT_ERROR:
- return SSL3_AD_HANDSHAKE_FAILURE;
- case SSL_AD_EXPORT_RESTRICTION:
- return SSL3_AD_HANDSHAKE_FAILURE;
- case SSL_AD_PROTOCOL_VERSION:
- return SSL3_AD_HANDSHAKE_FAILURE;
- case SSL_AD_INSUFFICIENT_SECURITY:
- return SSL3_AD_HANDSHAKE_FAILURE;
- case SSL_AD_INTERNAL_ERROR:
- return SSL3_AD_HANDSHAKE_FAILURE;
- case SSL_AD_USER_CANCELLED:
- return SSL3_AD_HANDSHAKE_FAILURE;
- case SSL_AD_NO_RENEGOTIATION:
- return -1; /* Don't send it :-) */
- case SSL_AD_UNSUPPORTED_EXTENSION:
- return SSL3_AD_HANDSHAKE_FAILURE;
- case SSL_AD_CERTIFICATE_UNOBTAINABLE:
- return SSL3_AD_HANDSHAKE_FAILURE;
- case SSL_AD_UNRECOGNIZED_NAME:
- return SSL3_AD_HANDSHAKE_FAILURE;
- case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
- return SSL3_AD_HANDSHAKE_FAILURE;
- case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
- return SSL3_AD_HANDSHAKE_FAILURE;
- case SSL_AD_UNKNOWN_PSK_IDENTITY:
- return TLS1_AD_UNKNOWN_PSK_IDENTITY;
- case SSL_AD_INAPPROPRIATE_FALLBACK:
- return TLS1_AD_INAPPROPRIATE_FALLBACK;
- case SSL_AD_NO_APPLICATION_PROTOCOL:
- return TLS1_AD_NO_APPLICATION_PROTOCOL;
- case SSL_AD_CERTIFICATE_REQUIRED:
- return SSL_AD_HANDSHAKE_FAILURE;
- case TLS13_AD_MISSING_EXTENSION:
- return SSL_AD_HANDSHAKE_FAILURE;
- default:
- return -1;
- }
-}
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 6a3b14975c..397ddf4bf5 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3735,44 +3735,6 @@ void ssl_sort_cipher_list(void)
qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
}
-static int sslcon_undefined_function_1(SSL_CONNECTION *sc, unsigned char *r,
- size_t s, const char *t, size_t u,
- const unsigned char *v, size_t w, int x)
-{
- (void)r;
- (void)s;
- (void)t;
- (void)u;
- (void)v;
- (void)w;
- (void)x;
- return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
-}
-
-const SSL3_ENC_METHOD SSLv3_enc_data = {
- ssl3_setup_key_block,
- ssl3_generate_master_secret,
- ssl3_change_cipher_state,
- ssl3_final_finish_mac,
- SSL3_MD_CLIENT_FINISHED_CONST, 4,
- SSL3_MD_SERVER_FINISHED_CONST, 4,
- ssl3_alert_code,
- sslcon_undefined_function_1,
- 0,
- ssl3_set_handshake_header,
- tls_close_construct_packet,
- ssl3_handshake_write
-};
-
-OSSL_TIME ssl3_default_timeout(void)
-{
- /*
- * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
- * http, the cache would over fill
- */
- return ossl_seconds2time(60 * 60 * 2);
-}
-
int ssl3_num_ciphers(void)
{
return SSL3_NUM_CIPHERS;
@@ -3927,7 +3889,7 @@ int ssl3_clear(SSL *s)
if (!ssl_free_wbio_buffer(sc))
return 0;
- sc->version = SSL3_VERSION;
+ sc->version = TLS1_VERSION;
#if !defined(OPENSSL_NO_NEXTPROTONEG)
OPENSSL_free(sc->ext.npn);
@@ -4980,7 +4942,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *cl
int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt)
{
- uint32_t alg_k, alg_a = 0;
+#ifndef OPENSSL_NO_GOST
+ uint32_t alg_k;
+#endif
+ uint32_t alg_a = 0;
/* If we have custom certificate types set, use them */
if (s->cert->ctype)
@@ -4988,9 +4953,9 @@ int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt)
/* Get mask of algorithms disabled by signature list */
ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
+#ifndef OPENSSL_NO_GOST
alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
-#ifndef OPENSSL_NO_GOST
if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
|| !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
@@ -5005,13 +4970,6 @@ int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt)
return 0;
#endif
- if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
- if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
- return 0;
- if (!(alg_a & SSL_aDSS)
- && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
- return 0;
- }
if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
return 0;
if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c
index ffe53bfe18..c1cb8e8bb0 100644
--- a/ssl/s3_msg.c
+++ b/ssl/s3_msg.c
@@ -51,9 +51,6 @@ int ssl3_send_alert(SSL_CONNECTION *s, int level, int desc)
desc = tls13_alert_code(desc);
else
desc = ssl->method->ssl3_enc->alert_value(desc);
- if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
- desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have
- * protocol_version alerts */
if (desc < 0)
return -1;
if (s->shutdown & SSL_SENT_SHUTDOWN && desc != SSL_AD_CLOSE_NOTIFY)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index a305c8d0d9..2bafe473fb 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -494,7 +494,7 @@ static int ssl_check_allowed_versions(int min_version, int max_version)
} else {
/* Regular TLS version checks. */
if (min_version == 0)
- min_version = SSL3_VERSION;
+ min_version = TLS1_VERSION;
if (max_version == 0)
max_version = TLS1_3_VERSION;
#ifdef OPENSSL_NO_TLS1_3
@@ -513,10 +513,6 @@ static int ssl_check_allowed_versions(int min_version, int max_version)
if (max_version == TLS1_VERSION)
max_version = SSL3_VERSION;
#endif
-#ifdef OPENSSL_NO_SSL3
- if (min_version == SSL3_VERSION)
- min_version = TLS1_VERSION;
-#endif
#ifdef OPENSSL_NO_TLS1
if (min_version == TLS1_VERSION)
min_version = TLS1_1_VERSION;
@@ -531,9 +527,6 @@ static int ssl_check_allowed_versions(int min_version, int max_version)
#endif
/* Done massaging versions; do the check. */
if (0
-#ifdef OPENSSL_NO_SSL3
- || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version)
-#endif
#ifdef OPENSSL_NO_TLS1
|| (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version)
#endif
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index ca8a8e2aca..994bfb7943 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -2297,9 +2297,6 @@ extern const unsigned char tls12downgrade[8];
extern const SSL3_ENC_METHOD ssl3_undef_enc_method;
-__owur const SSL_METHOD *sslv3_method(void);
-__owur const SSL_METHOD *sslv3_server_method(void);
-__owur const SSL_METHOD *sslv3_client_method(void);
__owur const SSL_METHOD *tlsv1_method(void);
__owur const SSL_METHOD *tlsv1_server_method(void);
__owur const SSL_METHOD *tlsv1_client_method(void);
@@ -2324,7 +2321,6 @@ extern const SSL3_ENC_METHOD TLSv1_enc_data;
extern const SSL3_ENC_METHOD TLSv1_1_enc_data;
extern const SSL3_ENC_METHOD TLSv1_2_enc_data;
extern const SSL3_ENC_METHOD TLSv1_3_enc_data;
-extern const SSL3_ENC_METHOD SSLv3_enc_data;
extern const SSL3_ENC_METHOD DTLSv1_enc_data;
extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;
@@ -2375,46 +2371,6 @@ extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;
return &func_name##_data; \
}
-#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect) \
- const SSL_METHOD *func_name(void) \
- { \
- static const SSL_METHOD func_name##_data = { \
- SSL3_VERSION, \
- SSL_METHOD_NO_FIPS | SSL_METHOD_NO_SUITEB, \
- SSL_OP_NO_SSLv3, \
- ossl_ssl_connection_new, \
- ossl_ssl_connection_free, \
- ossl_ssl_connection_reset, \
- ssl3_new, \
- ssl3_clear, \
- ssl3_free, \
- s_accept, \
- s_connect, \
- ssl3_read, \
- ssl3_peek, \
- ssl3_write, \
- ssl3_shutdown, \
- ssl3_renegotiate, \
- ssl3_renegotiate_check, \
- ssl3_read_bytes, \
- ssl3_write_bytes, \
- ssl3_dispatch_alert, \
- ssl3_ctrl, \
- ssl3_ctx_ctrl, \
- ssl3_get_cipher_by_char, \
- ssl3_put_cipher_by_char, \
- ssl3_pending, \
- ssl3_num_ciphers, \
- ssl3_get_cipher, \
- ssl3_default_timeout, \
- &SSLv3_enc_data, \
- ssl_undefined_void_function, \
- ssl3_callback_ctrl, \
- ssl3_ctx_callback_ctrl, \
- }; \
- return &func_name##_data; \
- }
-
#define IMPLEMENT_dtls1_meth_func(version, flags, mask, func_name, s_accept, \
s_connect, enc_data) \
const SSL_METHOD *func_name(void) \
@@ -2645,24 +2601,15 @@ __owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt,
size_t *len);
int ssl3_init_finished_mac(SSL_CONNECTION *s);
-__owur int ssl3_setup_key_block(SSL_CONNECTION *s);
-__owur int ssl3_change_cipher_state(SSL_CONNECTION *s, int which);
void ssl3_cleanup_key_block(SSL_CONNECTION *s);
__owur int ssl3_do_write(SSL_CONNECTION *s, uint8_t type);
int ssl3_send_alert(SSL_CONNECTION *s, int level, int desc);
-__owur int ssl3_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,
- unsigned char *p, size_t len,
- size_t *secret_size);
__owur int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt);
__owur int ssl3_num_ciphers(void);
__owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
int ssl3_renegotiate(SSL *ssl);
int ssl3_renegotiate_check(SSL *ssl, int initok);
-void ssl3_digest_master_key_set_params(const SSL_SESSION *session,
- OSSL_PARAM params[]);
__owur int ssl3_dispatch_alert(SSL *s);
-__owur size_t ssl3_final_finish_mac(SSL_CONNECTION *s, const char *sender,
- size_t slen, unsigned char *p);
__owur int ssl3_finish_mac(SSL_CONNECTION *s, const unsigned char *buf,
size_t len);
void ssl3_free_digest_list(SSL_CONNECTION *s);
@@ -2685,7 +2632,6 @@ __owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
__owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void));
__owur int ssl3_do_change_cipher_spec(SSL_CONNECTION *s);
-__owur OSSL_TIME ssl3_default_timeout(void);
__owur int ssl3_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt,
int htype);
@@ -2823,7 +2769,6 @@ __owur int tls13_export_keying_material_early(SSL_CONNECTION *s,
size_t contextlen);
__owur int tls1_alert_code(int code);
__owur int tls13_alert_code(int code);
-__owur int ssl3_alert_code(int code);
__owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CONNECTION *s);
@@ -3088,7 +3033,7 @@ long ossl_ctrl_internal(SSL *s, int cmd, long larg, void *parg, int no_quic);
* allowed but ignored under QUIC.
*/
#define OSSL_TLS1_2_OPTIONS \
- (SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | SSL_OP_ALLOW_CLIENT_RENEGOTIATION | SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION | SSL_OP_NO_COMPRESSION | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_DTLSv1 | SSL_OP_NO_DTLSv1_2 | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_CISCO_ANYCONNECT | SSL_OP_NO_RENEGOTIATION | SSL_OP_NO_EXTENDED_MASTER_SECRET | SSL_OP_NO_ENCRYPT_THEN_MAC | SSL_OP_COOKIE_EXCHANGE | SSL_OP_LEGACY_SERVER_CONNECT | SSL_OP_IGNORE_UNEXPECTED_EOF)
+ (SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | SSL_OP_ALLOW_CLIENT_RENEGOTIATION | SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION | SSL_OP_NO_COMPRESSION | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_DTLSv1 | SSL_OP_NO_DTLSv1_2 | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_CISCO_ANYCONNECT | SSL_OP_NO_RENEGOTIATION | SSL_OP_NO_EXTENDED_MASTER_SECRET | SSL_OP_NO_ENCRYPT_THEN_MAC | SSL_OP_COOKIE_EXCHANGE | SSL_OP_LEGACY_SERVER_CONNECT | SSL_OP_IGNORE_UNEXPECTED_EOF)
/* Total mask of connection-level options permitted or ignored under QUIC. */
#define OSSL_QUIC_PERMITTED_OPTIONS_CONN \
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 77cf2537be..47a0e52ea9 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -351,7 +351,6 @@ int ssl_generate_session_id(SSL_CONNECTION *s, SSL_SESSION *ss)
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
switch (s->version) {
- case SSL3_VERSION:
case TLS1_VERSION:
case TLS1_1_VERSION:
case TLS1_2_VERSION:
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 4c0d819ffe..eae6bae0f7 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -144,7 +144,7 @@ typedef struct extensions_definition_st {
static const EXTENSION_DEFINITION ext_defs[] = {
{ TLSEXT_TYPE_renegotiate,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
- | SSL_EXT_SSL3_ALLOWED | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+ | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
NULL, tls_parse_ctos_renegotiate, tls_parse_stoc_renegotiate,
tls_construct_stoc_renegotiate, tls_construct_ctos_renegotiate,
final_renegotiate },
@@ -522,8 +522,6 @@ int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx,
if ((SSL_CONNECTION_IS_DTLS(s)
&& (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0)
- || (s->version == SSL3_VERSION
- && (extctx & SSL_EXT_SSL3_ALLOWED) == 0)
/*
* Note that SSL_IS_TLS13() means "TLS 1.3 has been negotiated",
* which is never true when generating the ClientHello.
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 4da3c18117..1833a61799 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -145,10 +145,6 @@ static int use_ecc(SSL_CONNECTION *s, int min_version, int max_version)
size_t num_groups, j;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
- /* See if we support any ECC ciphersuites */
- if (s->version == SSL3_VERSION)
- return 0;
-
cipher_stack = SSL_get1_supported_ciphers(ssl);
end = sk_SSL_CIPHER_num(cipher_stack);
for (i = 0; i < end; i++) {
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index a1cbe723b6..a6723e1b66 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -55,8 +55,7 @@ static ossl_inline int received_server_cert(SSL_CONNECTION *sc)
static ossl_inline int cert_req_allowed(SSL_CONNECTION *s)
{
/* TLS does not like anon-DH with client cert */
- if ((s->version > SSL3_VERSION
- && (s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL))
+ if ((s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL)
|| (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK)))
return 0;
@@ -3182,7 +3181,7 @@ static int tls_construct_cke_rsa(SSL_CONNECTION *s, WPACKET *pkt)
}
/* Fix buf for TLS and beyond */
- if (s->version > SSL3_VERSION && !WPACKET_start_sub_packet_u16(pkt)) {
+ if (!WPACKET_start_sub_packet_u16(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -3202,7 +3201,7 @@ static int tls_construct_cke_rsa(SSL_CONNECTION *s, WPACKET *pkt)
pctx = NULL;
/* Fix buf for TLS and beyond */
- if (s->version > SSL3_VERSION && !WPACKET_close(pkt)) {
+ if (!WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -3808,18 +3807,11 @@ WORK_STATE tls_prepare_client_certificate(SSL_CONNECTION *s, WORK_STATE wst)
if (i && !ssl3_check_client_certificate(s))
i = 0;
if (i == 0) {
- if (s->version == SSL3_VERSION) {
- s->s3.tmp.cert_req = 0;
- ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);
- return WORK_FINISHED_CONTINUE;
- } else {
- s->s3.tmp.cert_req = 2;
- s->ext.compress_certificate_from_peer[0] = TLSEXT_comp_cert_none;
- if (!ssl3_digest_cached_records(s, 0)) {
- /* SSLfatal() already called */
- return WORK_ERROR;
- }
- }
+ s->s3.tmp.cert_req = 2;
+ s->ext.compress_certificate_from_peer[0] = TLSEXT_comp_cert_none;
+ if (!ssl3_digest_cached_records(s, 0))
+ /* SSLfatal() already called */
+ return WORK_ERROR;
}
if (!SSL_CONNECTION_IS_TLS13(s)
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 28dc586d34..9e0c853c0d 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -369,42 +369,20 @@ CON_FUNC_RETURN tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt)
goto err;
}
}
- if (s->version == SSL3_VERSION) {
- /*
- * Here we use EVP_DigestSignUpdate followed by EVP_DigestSignFinal
- * in order to add the EVP_CTRL_SSL3_MASTER_SECRET call between them.
- */
- if (EVP_DigestSignUpdate(mctx, hdata, hdatalen) <= 0
- || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
- (int)s->session->master_key_length,
- s->session->master_key)
- <= 0
- || EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
- goto err;
- }
- sig = OPENSSL_malloc(siglen);
- if (sig == NULL
- || EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
- goto err;
- }
- } else {
- /*
- * Here we *must* use EVP_DigestSign() because Ed25519/Ed448 does not
- * support streaming via EVP_DigestSignUpdate/EVP_DigestSignFinal
- */
- if (EVP_DigestSign(mctx, NULL, &siglen, hdata, hdatalen) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
- goto err;
- }
- sig = OPENSSL_malloc(siglen);
- if (sig == NULL
- || EVP_DigestSign(mctx, sig, &siglen, hdata, hdatalen) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
- goto err;
- }
+ /*
+ * Here we *must* use EVP_DigestSign() because Ed25519/Ed448 does not
+ * support streaming via EVP_DigestSignUpdate/EVP_DigestSignFinal
+ */
+ if (EVP_DigestSign(mctx, NULL, &siglen, hdata, hdatalen) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
+ goto err;
+ }
+ sig = OPENSSL_malloc(siglen);
+ if (sig == NULL
+ || EVP_DigestSign(mctx, sig, &siglen, hdata, hdatalen) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
+ goto err;
}
#ifndef OPENSSL_NO_GOST
@@ -567,30 +545,16 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt)
goto err;
}
}
- if (s->version == SSL3_VERSION) {
- if (EVP_DigestVerifyUpdate(mctx, hdata, hdatalen) <= 0
- || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
- (int)s->session->master_key_length,
- s->session->master_key)
- <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
- goto err;
- }
- if (EVP_DigestVerifyFinal(mctx, data, len) <= 0) {
- SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BAD_SIGNATURE);
- goto err;
- }
- } else {
- j = EVP_DigestVerify(mctx, data, len, hdata, hdatalen);
+
+ j = EVP_DigestVerify(mctx, data, len, hdata, hdatalen);
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
- /* Ignore bad signatures when fuzzing */
- if (SSL_IS_QUIC_HANDSHAKE(s))
- j = 1;
+ /* Ignore bad signatures when fuzzing */
+ if (SSL_IS_QUIC_HANDSHAKE(s))
+ j = 1;
#endif
- if (j <= 0) {
- SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BAD_SIGNATURE);
- goto err;
- }
+ if (j <= 0) {
+ SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BAD_SIGNATURE);
+ goto err;
}
/*
@@ -1859,11 +1823,6 @@ static const version_info tls_version_table[] = {
{ TLS1_VERSION, tlsv1_client_method, tlsv1_server_method },
#else
{ TLS1_VERSION, NULL, NULL },
-#endif
-#ifndef OPENSSL_NO_SSL3
- { SSL3_VERSION, sslv3_client_method, sslv3_server_method },
-#else
- { SSL3_VERSION, NULL, NULL },
#endif
{ 0, NULL, NULL },
};
@@ -2086,7 +2045,7 @@ int ssl_set_version_bound(int method_version, int version, int *bound)
return 1;
}
- valid_tls = version >= SSL3_VERSION && version <= TLS_MAX_VERSION_INTERNAL;
+ valid_tls = version > SSL3_VERSION && version <= TLS_MAX_VERSION_INTERNAL;
valid_dtls =
/* We support client side pre-standardisation version of DTLS */
(version == DTLS1_BAD_VER)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 7bf37b0689..e511da8585 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -211,30 +211,10 @@ int ossl_statem_server_read_transition(SSL_CONNECTION *s, int mt)
* If we get a CKE message after a ServerDone then either
* 1) We didn't request a Certificate
* OR
- * 2) If we did request one then
- * a) We allow no Certificate to be returned
- * AND
- * b) We are running SSL3 (in TLS1.0+ the client must return a 0
- * list if we requested a certificate)
+ * 2) We did request one and we allow no Certificate to be returned
*/
if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) {
- if (s->s3.tmp.cert_request) {
- if (s->version == SSL3_VERSION) {
- if ((s->verify_mode & SSL_VERIFY_PEER)
- && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
- /*
- * This isn't an unexpected message as such - we're just
- * not going to accept it because we require a client
- * cert.
- */
- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
- SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
- return 0;
- }
- st->hand_state = TLS_ST_SR_KEY_EXCH;
- return 1;
- }
- } else {
+ if (!s->s3.tmp.cert_request) {
st->hand_state = TLS_ST_SR_KEY_EXCH;
return 1;
}
@@ -3154,8 +3134,8 @@ static int tls_process_cke_rsa(SSL_CONNECTION *s, PACKET *pkt)
return 0;
}
- /* SSLv3 and pre-standard DTLS omit the length bytes. */
- if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) {
+ /* pre-standard DTLS omits the length bytes. */
+ if (s->version == DTLS1_BAD_VER) {
enc_premaster = *pkt;
} else {
if (!PACKET_get_length_prefixed_2(pkt, &enc_premaster)
@@ -3887,14 +3867,8 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s,
}
if (sk_X509_num(sk) <= 0) {
- /* TLS does not mind 0 certs returned */
- if (s->version == SSL3_VERSION) {
- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
- SSL_R_NO_CERTIFICATES_RETURNED);
- goto err;
- }
- /* Fail for TLS only if we required a certificate */
- else if ((s->verify_mode & SSL_VERIFY_PEER) && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
+ /* Fail only if we required a certificate */
+ if ((s->verify_mode & SSL_VERIFY_PEER) && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
SSLfatal(s, SSL_AD_CERTIFICATE_REQUIRED,
SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
goto err;
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index d29c1918e9..2e0266c94d 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -63,7 +63,6 @@ static int do_ssl_trace_list(BIO *bio, int indent,
/* Version number */
static const ssl_trace_tbl ssl_version_tbl[] = {
- { SSL3_VERSION, "SSL 3.0" },
{ TLS1_VERSION, "TLS 1.0" },
{ TLS1_1_VERSION, "TLS 1.1" },
{ TLS1_2_VERSION, "TLS 1.2" },
@@ -1184,14 +1183,9 @@ static int ssl_print_client_keyex(BIO *bio, int indent, const SSL_CONNECTION *sc
case SSL_kRSA:
case SSL_kRSAPSK:
- if (TLS1_get_version(SSL_CONNECTION_GET_SSL(sc)) == SSL3_VERSION) {
- ssl_print_hex(bio, indent + 2,
- "EncryptedPreMasterSecret", msg, msglen);
- } else {
- if (!ssl_print_hexbuf(bio, indent + 2,
- "EncryptedPreMasterSecret", 2, &msg, &msglen))
- return 0;
- }
+ if (!ssl_print_hexbuf(bio, indent + 2,
+ "EncryptedPreMasterSecret", 2, &msg, &msglen))
+ return 0;
break;
case SSL_kDHE:
diff --git a/test/README.ssltest.md b/test/README.ssltest.md
index 85a6430799..85b44dcd40 100644
--- a/test/README.ssltest.md
+++ b/test/README.ssltest.md
@@ -74,7 +74,7 @@ handshake.
another alert.)
* ExpectedProtocol - expected negotiated protocol. One of
- SSLv3, TLSv1, TLSv1.1, TLSv1.2.
+ TLSv1, TLSv1.1, TLSv1.2.
* SessionTicketExpected - whether or not a session ticket is expected
- Ignore - do not check for a session ticket (default)
diff --git a/test/helpers/ssl_test_ctx.c b/test/helpers/ssl_test_ctx.c
index 98b3ff6d63..342308c617 100644
--- a/test/helpers/ssl_test_ctx.c
+++ b/test/helpers/ssl_test_ctx.c
@@ -155,7 +155,6 @@ static const test_enum ssl_protocols[] = {
{ "TLSv1.2", TLS1_2_VERSION },
{ "TLSv1.1", TLS1_1_VERSION },
{ "TLSv1", TLS1_VERSION },
- { "SSLv3", SSL3_VERSION },
{ "DTLSv1", DTLS1_VERSION },
{ "DTLSv1.2", DTLS1_2_VERSION },
};
diff --git a/test/recipes/70-test_asyncio.t b/test/recipes/70-test_asyncio.t
index c5b39128eb..9364acf2dd 100644
--- a/test/recipes/70-test_asyncio.t
+++ b/test/recipes/70-test_asyncio.t
@@ -13,7 +13,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_asyncio");
plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
- if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
+ if alldisabled(available_protocols("tls"));
plan tests => 1;
diff --git a/test/recipes/70-test_clienthello.t b/test/recipes/70-test_clienthello.t
index 61130bd9b4..662b31dc4a 100644
--- a/test/recipes/70-test_clienthello.t
+++ b/test/recipes/70-test_clienthello.t
@@ -13,7 +13,7 @@ use OpenSSL::Test::Utils;
setup("test_clienthello");
plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
- if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
+ if alldisabled(available_protocols("tls"));
#No EC with TLSv1.3 confuses the padding calculations in this test
plan skip_all => "No EC with TLSv1.3 is not supported by this test"
diff --git a/test/recipes/70-test_recordlen.t b/test/recipes/70-test_recordlen.t
index 9adc71cb8f..4901633ce5 100644
--- a/test/recipes/70-test_recordlen.t
+++ b/test/recipes/70-test_recordlen.t
@@ -13,7 +13,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_recordlen");
plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
- if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
+ if alldisabled(available_protocols("tls"));
plan tests => 1;
diff --git a/test/recipes/70-test_renegotiation.t b/test/recipes/70-test_renegotiation.t
index 54d2cf922e..d2ff9a8ab6 100644
--- a/test/recipes/70-test_renegotiation.t
+++ b/test/recipes/70-test_renegotiation.t
@@ -28,7 +28,7 @@ plan skip_all => "$test_name needs the sock feature enabled"
if disabled("sock");
plan skip_all => "$test_name needs TLS <= 1.2 enabled"
- if alldisabled(("ssl3", "tls1", "tls1_1", "tls1_2"));
+ if alldisabled(("tls1", "tls1_1", "tls1_2"));
plan tests => 9;
diff --git a/test/recipes/70-test_servername.t b/test/recipes/70-test_servername.t
index f5ea9473c2..47b5e9dbec 100644
--- a/test/recipes/70-test_servername.t
+++ b/test/recipes/70-test_servername.t
@@ -17,7 +17,7 @@ use OpenSSL::Test::Utils qw(alldisabled available_protocols);
setup("test_servername");
plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
- if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
+ if alldisabled(available_protocols("tls"));
plan tests => 1;
diff --git a/test/recipes/70-test_sslsessiontick.t b/test/recipes/70-test_sslsessiontick.t
index 5dcdea8bc2..59bd677d53 100644
--- a/test/recipes/70-test_sslsessiontick.t
+++ b/test/recipes/70-test_sslsessiontick.t
@@ -27,8 +27,8 @@ plan skip_all => "$test_name needs the module feature enabled"
plan skip_all => "$test_name needs the sock feature enabled"
if disabled("sock");
-plan skip_all => "$test_name needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled"
- if alldisabled(("ssl3", "tls1", "tls1_1", "tls1_2"));
+plan skip_all => "$test_name needs TLSv1, TLSv1.1 or TLSv1.2 enabled"
+ if alldisabled(("tls1", "tls1_1", "tls1_2"));
sub checkmessages($$$$$$);
sub clearclient();
diff --git a/test/recipes/70-test_sslsignature.t b/test/recipes/70-test_sslsignature.t
index fdfa7f320c..0d1b3584e9 100644
--- a/test/recipes/70-test_sslsignature.t
+++ b/test/recipes/70-test_sslsignature.t
@@ -87,7 +87,7 @@ SKIP: {
SKIP: {
skip "TLS <= 1.2 disabled", 2
- if alldisabled(("ssl3", "tls1", "tls1_1", "tls1_2"));
+ if alldisabled(("tls1", "tls1_1", "tls1_2"));
#Test 3: Corrupting a CertVerify signature in <=TLSv1.2 should fail
$proxy->clear();
diff --git a/test/recipes/70-test_sslvertol.t b/test/recipes/70-test_sslvertol.t
index 8a675bf7a7..7ae56229db 100644
--- a/test/recipes/70-test_sslvertol.t
+++ b/test/recipes/70-test_sslvertol.t
@@ -93,10 +93,10 @@ SKIP: {
"Version tolerance test, max version but not TLS 1.3");
}
-#Test 3: Testing something below SSLv3 should fail. We must disable TLS 1.3
+#Test 3: Testing something below TLS1.0 should fail. We must disable TLS 1.3
#to avoid having the 'supported_versions' extension kick in and override our
#desires.
-$client_version = TLSProxy::Record::VERS_SSL_3_0 - 1;
+$client_version = TLSProxy::Record::VERS_TLS_1_0 - 1;
$proxy->clear();
$proxy->clientflags("-no_tls1_3");
$proxy->start();
@@ -104,7 +104,7 @@ my $record = pop @{$proxy->record_list};
ok((note("Record version received: ".
(defined $record ? $record->version() : "none")),
TLSProxy::Message->fail()),
- "Version tolerance test, SSL < 3.0");
+ "Version tolerance test, TLS < 1.0");
sub vers_tolerance_filter
{
@@ -119,7 +119,7 @@ sub vers_tolerance_filter
if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
#Set the client version
#Anything above the max supported version should succeed
- #Anything below SSLv3 should fail
+ #Anything below TLS1.0 should fail
$message->client_version($client_version);
$message->repack();
}
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index 44c674e467..1fd488a795 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -50,13 +50,13 @@ map { s/\^// } @conf_files if $^O eq "VMS";
# Some test results depend on the configuration of enabled protocols. We only
# verify generated sources in the default configuration.
-my $is_default_tls = (disabled("ssl3") && !disabled("tls1") &&
- !disabled("tls1_1") && !disabled("tls1_2") &&
- !disabled("tls1_3") && (!disabled("ec") || !disabled("dh")));
+my $is_default_tls = (!disabled("tls1") && !disabled("tls1_1") &&
+ !disabled("tls1_2") && !disabled("tls1_3") &&
+ (!disabled("ec") || !disabled("dh")));
my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2"));
-my @all_pre_tls1_3 = ("ssl3", "tls1", "tls1_1", "tls1_2");
+my @all_pre_tls1_3 = ("tls1", "tls1_1", "tls1_2");
my $no_tls = alldisabled(available_protocols("tls"));
my $no_tls_below1_3 = $no_tls || (disabled("tls1_2") && !disabled("tls1_3"));
if (!$no_tls && $no_tls_below1_3 && disabled("ec") && disabled("dh")) {
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index f7be2e1872..0039fe2172 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -25,10 +25,10 @@ use lib bldtop_dir('.');
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk,
- $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3,
+ $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3,
$no_dtls, $no_dtls1, $no_dtls1_2, $no_ct) =
anydisabled qw/rsa dsa dh ec psk
- ssl3 tls1 tls1_1 tls1_2 tls1_3
+ tls1 tls1_1 tls1_2 tls1_3
dtls dtls1 dtls1_2 ct/;
#If ec and dh are disabled then don't use TLSv1.3
$no_tls1_3 = 1 if (!$no_tls1_3 && $no_ec && $no_dh);
@@ -416,42 +416,25 @@ sub testssl {
subtest 'standard SSL tests' => sub {
######################################################################
- plan tests => 19;
+ plan tests => 15;
SKIP: {
- skip "SSLv3 is not supported by this OpenSSL build", 4
- if disabled("ssl3");
-
- skip "SSLv3 is not supported by the FIPS provider", 4
- if $provider eq "fips";
-
- ok(run(test([@ssltest, "-bio_pair", "-ssl3"])),
- 'test sslv3 via BIO pair');
- ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", @CA])),
- 'test sslv3 with server authentication via BIO pair');
- ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-client_auth", @CA])),
- 'test sslv3 with client authentication via BIO pair');
- ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", "-client_auth", @CA])),
- 'test sslv3 with both server and client authentication via BIO pair');
- }
-
- SKIP: {
- skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 1
+ skip "No TLS versions are supported by this OpenSSL build", 1
if $no_anytls;
ok(run(test([@ssltest, "-bio_pair"])),
- 'test sslv2/sslv3 via BIO pair');
+ 'test via BIO pair');
}
SKIP: {
- skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 14
+ skip "No TLS versions are supported by this OpenSSL build", 14
if $no_anytls;
SKIP: {
- skip "skipping test of sslv2/sslv3 w/o (EC)DHE test", 1 if $dsa_cert;
+ skip "skipping test w/o (EC)DHE test", 1 if $dsa_cert;
ok(run(test([@ssltest, "-bio_pair", "-no_dhe", "-no_ecdhe"])),
- 'test sslv2/sslv3 w/o (EC)DHE via BIO pair');
+ 'test w/o (EC)DHE via BIO pair');
}
SKIP: {
@@ -459,17 +442,17 @@ sub testssl {
if ($no_dh);
ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])),
- 'test sslv2/sslv3 with 1024bit DHE via BIO pair');
+ 'test with 1024bit DHE via BIO pair');
}
ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])),
- 'test sslv2/sslv3 with server authentication');
+ 'test with server authentication');
ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])),
- 'test sslv2/sslv3 with client authentication via BIO pair');
+ 'test with client authentication via BIO pair');
ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", @CA])),
- 'test sslv2/sslv3 with both client and server authentication via BIO pair');
+ 'test with both client and server authentication via BIO pair');
ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])),
- 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify');
+ 'test with both client and server authentication via BIO pair and app verify');
SKIP: {
skip "No IPv4 available on this machine", 4
@@ -517,7 +500,6 @@ sub testssl {
push @protocols, "-tls1_3" unless $no_tls1_3;
push @protocols, "-tls1_2" unless $no_tls1_2;
push @protocols, "-tls1" unless $no_tls1 || $provider eq "fips";
- push @protocols, "-ssl3" unless $no_ssl3 || $provider eq "fips";
my $protocolciphersuitecount = 0;
my %ciphersuites = ();
my %ciphersstatus = ();
@@ -566,9 +548,6 @@ sub testssl {
# DSA is not allowed in FIPS 140-3
note "*****SKIPPING $protocol $cipher";
ok(1);
- } elsif ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
- note "*****SKIPPING $protocol $cipher";
- ok(1);
} else {
if ($protocol eq "-tls1_3") {
$ciphersuites = $cipher;
@@ -601,18 +580,7 @@ sub testssl {
subtest 'SSL security level failure tests' => sub {
######################################################################
- plan tests => 3;
-
- SKIP: {
- skip "SSLv3 is not supported by this OpenSSL build", 1
- if disabled("ssl3");
-
- skip "SSLv3 is not supported by the FIPS provider", 1
- if $provider eq "fips";
-
- is(run(test([@ssltest, "-bio_pair", "-ssl3", "-cipher", '@SECLEVEL=1'])),
- 0, "test sslv3 fails at security level 1, expecting failure");
- }
+ plan tests => 2;
SKIP: {
skip "TLSv1.0 is not supported by this OpenSSL build", 1
diff --git a/test/recipes/90-test_fatalerr.t b/test/recipes/90-test_fatalerr.t
index a52878373e..50b7a7543b 100644
--- a/test/recipes/90-test_fatalerr.t
+++ b/test/recipes/90-test_fatalerr.t
@@ -13,7 +13,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_fatalerr");
plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
- if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
+ if alldisabled(available_protocols("tls"));
plan tests => 1;
diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t
index 9bb5c50c47..25069f7985 100644
--- a/test/recipes/90-test_sslapi.t
+++ b/test/recipes/90-test_sslapi.t
@@ -32,7 +32,7 @@ my $fipsmodcfgtmp = result_file($fipsmodcfgtmp_filename);
my $provconfnew = result_file("fips-and-base-temp.cnf");
plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
- if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
+ if alldisabled(available_protocols("tls"));
plan tests => 4;
diff --git a/test/ssl-tests/02-protocol-version.cnf b/test/ssl-tests/02-protocol-version.cnf
index ef5e994277..8fc30f9087 100644
--- a/test/ssl-tests/02-protocol-version.cnf
+++ b/test/ssl-tests/02-protocol-version.cnf
@@ -1,6 +1,6 @@
# Generated with generate_ssl_tests.pl
-num_tests = 678
+num_tests = 363
test-0 = 0-version-negotiation
test-1 = 1-version-negotiation
@@ -363,323 +363,8 @@ test-357 = 357-version-negotiation
test-358 = 358-version-negotiation
test-359 = 359-version-negotiation
test-360 = 360-version-negotiation
-test-361 = 361-version-negotiation
-test-362 = 362-version-negotiation
-test-363 = 363-version-negotiation
-test-364 = 364-version-negotiation
-test-365 = 365-version-negotiation
-test-366 = 366-version-negotiation
-test-367 = 367-version-negotiation
-test-368 = 368-version-negotiation
-test-369 = 369-version-negotiation
-test-370 = 370-version-negotiation
-test-371 = 371-version-negotiation
-test-372 = 372-version-negotiation
-test-373 = 373-version-negotiation
-test-374 = 374-version-negotiation
-test-375 = 375-version-negotiation
-test-376 = 376-version-negotiation
-test-377 = 377-version-negotiation
-test-378 = 378-version-negotiation
-test-379 = 379-version-negotiation
-test-380 = 380-version-negotiation
-test-381 = 381-version-negotiation
-test-382 = 382-version-negotiation
-test-383 = 383-version-negotiation
-test-384 = 384-version-negotiation
-test-385 = 385-version-negotiation
-test-386 = 386-version-negotiation
-test-387 = 387-version-negotiation
-test-388 = 388-version-negotiation
-test-389 = 389-version-negotiation
-test-390 = 390-version-negotiation
-test-391 = 391-version-negotiation
-test-392 = 392-version-negotiation
-test-393 = 393-version-negotiation
-test-394 = 394-version-negotiation
-test-395 = 395-version-negotiation
-test-396 = 396-version-negotiation
-test-397 = 397-version-negotiation
-test-398 = 398-version-negotiation
-test-399 = 399-version-negotiation
-test-400 = 400-version-negotiation
-test-401 = 401-version-negotiation
-test-402 = 402-version-negotiation
-test-403 = 403-version-negotiation
-test-404 = 404-version-negotiation
-test-405 = 405-version-negotiation
-test-406 = 406-version-negotiation
-test-407 = 407-version-negotiation
-test-408 = 408-version-negotiation
-test-409 = 409-version-negotiation
-test-410 = 410-version-negotiation
-test-411 = 411-version-negotiation
-test-412 = 412-version-negotiation
-test-413 = 413-version-negotiation
-test-414 = 414-version-negotiation
-test-415 = 415-version-negotiation
-test-416 = 416-version-negotiation
-test-417 = 417-version-negotiation
-test-418 = 418-version-negotiation
-test-419 = 419-version-negotiation
-test-420 = 420-version-negotiation
-test-421 = 421-version-negotiation
-test-422 = 422-version-negotiation
-test-423 = 423-version-negotiation
-test-424 = 424-version-negotiation
-test-425 = 425-version-negotiation
-test-426 = 426-version-negotiation
-test-427 = 427-version-negotiation
-test-428 = 428-version-negotiation
-test-429 = 429-version-negotiation
-test-430 = 430-version-negotiation
-test-431 = 431-version-negotiation
-test-432 = 432-version-negotiation
-test-433 = 433-version-negotiation
-test-434 = 434-version-negotiation
-test-435 = 435-version-negotiation
-test-436 = 436-version-negotiation
-test-437 = 437-version-negotiation
-test-438 = 438-version-negotiation
-test-439 = 439-version-negotiation
-test-440 = 440-version-negotiation
-test-441 = 441-version-negotiation
-test-442 = 442-version-negotiation
-test-443 = 443-version-negotiation
-test-444 = 444-version-negotiation
-test-445 = 445-version-negotiation
-test-446 = 446-version-negotiation
-test-447 = 447-version-negotiation
-test-448 = 448-version-negotiation
-test-449 = 449-version-negotiation
-test-450 = 450-version-negotiation
-test-451 = 451-version-negotiation
-test-452 = 452-version-negotiation
-test-453 = 453-version-negotiation
-test-454 = 454-version-negotiation
-test-455 = 455-version-negotiation
-test-456 = 456-version-negotiation
-test-457 = 457-version-negotiation
-test-458 = 458-version-negotiation
-test-459 = 459-version-negotiation
-test-460 = 460-version-negotiation
-test-461 = 461-version-negotiation
-test-462 = 462-version-negotiation
-test-463 = 463-version-negotiation
-test-464 = 464-version-negotiation
-test-465 = 465-version-negotiation
-test-466 = 466-version-negotiation
-test-467 = 467-version-negotiation
-test-468 = 468-version-negotiation
-test-469 = 469-version-negotiation
-test-470 = 470-version-negotiation
-test-471 = 471-version-negotiation
-test-472 = 472-version-negotiation
-test-473 = 473-version-negotiation
-test-474 = 474-version-negotiation
-test-475 = 475-version-negotiation
-test-476 = 476-version-negotiation
-test-477 = 477-version-negotiation
-test-478 = 478-version-negotiation
-test-479 = 479-version-negotiation
-test-480 = 480-version-negotiation
-test-481 = 481-version-negotiation
-test-482 = 482-version-negotiation
-test-483 = 483-version-negotiation
-test-484 = 484-version-negotiation
-test-485 = 485-version-negotiation
-test-486 = 486-version-negotiation
-test-487 = 487-version-negotiation
-test-488 = 488-version-negotiation
-test-489 = 489-version-negotiation
-test-490 = 490-version-negotiation
-test-491 = 491-version-negotiation
-test-492 = 492-version-negotiation
-test-493 = 493-version-negotiation
-test-494 = 494-version-negotiation
-test-495 = 495-version-negotiation
-test-496 = 496-version-negotiation
-test-497 = 497-version-negotiation
-test-498 = 498-version-negotiation
-test-499 = 499-version-negotiation
-test-500 = 500-version-negotiation
-test-501 = 501-version-negotiation
-test-502 = 502-version-negotiation
-test-503 = 503-version-negotiation
-test-504 = 504-version-negotiation
-test-505 = 505-version-negotiation
-test-506 = 506-version-negotiation
-test-507 = 507-version-negotiation
-test-508 = 508-version-negotiation
-test-509 = 509-version-negotiation
-test-510 = 510-version-negotiation
-test-511 = 511-version-negotiation
-test-512 = 512-version-negotiation
-test-513 = 513-version-negotiation
-test-514 = 514-version-negotiation
-test-515 = 515-version-negotiation
-test-516 = 516-version-negotiation
-test-517 = 517-version-negotiation
-test-518 = 518-version-negotiation
-test-519 = 519-version-negotiation
-test-520 = 520-version-negotiation
-test-521 = 521-version-negotiation
-test-522 = 522-version-negotiation
-test-523 = 523-version-negotiation
-test-524 = 524-version-negotiation
-test-525 = 525-version-negotiation
-test-526 = 526-version-negotiation
-test-527 = 527-version-negotiation
-test-528 = 528-version-negotiation
-test-529 = 529-version-negotiation
-test-530 = 530-version-negotiation
-test-531 = 531-version-negotiation
-test-532 = 532-version-negotiation
-test-533 = 533-version-negotiation
-test-534 = 534-version-negotiation
-test-535 = 535-version-negotiation
-test-536 = 536-version-negotiation
-test-537 = 537-version-negotiation
-test-538 = 538-version-negotiation
-test-539 = 539-version-negotiation
-test-540 = 540-version-negotiation
-test-541 = 541-version-negotiation
-test-542 = 542-version-negotiation
-test-543 = 543-version-negotiation
-test-544 = 544-version-negotiation
-test-545 = 545-version-negotiation
-test-546 = 546-version-negotiation
-test-547 = 547-version-negotiation
-test-548 = 548-version-negotiation
-test-549 = 549-version-negotiation
-test-550 = 550-version-negotiation
-test-551 = 551-version-negotiation
-test-552 = 552-version-negotiation
-test-553 = 553-version-negotiation
-test-554 = 554-version-negotiation
-test-555 = 555-version-negotiation
-test-556 = 556-version-negotiation
-test-557 = 557-version-negotiation
-test-558 = 558-version-negotiation
-test-559 = 559-version-negotiation
-test-560 = 560-version-negotiation
-test-561 = 561-version-negotiation
-test-562 = 562-version-negotiation
-test-563 = 563-version-negotiation
-test-564 = 564-version-negotiation
-test-565 = 565-version-negotiation
-test-566 = 566-version-negotiation
-test-567 = 567-version-negotiation
-test-568 = 568-version-negotiation
-test-569 = 569-version-negotiation
-test-570 = 570-version-negotiation
-test-571 = 571-version-negotiation
-test-572 = 572-version-negotiation
-test-573 = 573-version-negotiation
-test-574 = 574-version-negotiation
-test-575 = 575-version-negotiation
-test-576 = 576-version-negotiation
-test-577 = 577-version-negotiation
-test-578 = 578-version-negotiation
-test-579 = 579-version-negotiation
-test-580 = 580-version-negotiation
-test-581 = 581-version-negotiation
-test-582 = 582-version-negotiation
-test-583 = 583-version-negotiation
-test-584 = 584-version-negotiation
-test-585 = 585-version-negotiation
-test-586 = 586-version-negotiation
-test-587 = 587-version-negotiation
-test-588 = 588-version-negotiation
-test-589 = 589-version-negotiation
-test-590 = 590-version-negotiation
-test-591 = 591-version-negotiation
-test-592 = 592-version-negotiation
-test-593 = 593-version-negotiation
-test-594 = 594-version-negotiation
-test-595 = 595-version-negotiation
-test-596 = 596-version-negotiation
-test-597 = 597-version-negotiation
-test-598 = 598-version-negotiation
-test-599 = 599-version-negotiation
-test-600 = 600-version-negotiation
-test-601 = 601-version-negotiation
-test-602 = 602-version-negotiation
-test-603 = 603-version-negotiation
-test-604 = 604-version-negotiation
-test-605 = 605-version-negotiation
-test-606 = 606-version-negotiation
-test-607 = 607-version-negotiation
-test-608 = 608-version-negotiation
-test-609 = 609-version-negotiation
-test-610 = 610-version-negotiation
-test-611 = 611-version-negotiation
-test-612 = 612-version-negotiation
-test-613 = 613-version-negotiation
-test-614 = 614-version-negotiation
-test-615 = 615-version-negotiation
-test-616 = 616-version-negotiation
-test-617 = 617-version-negotiation
-test-618 = 618-version-negotiation
-test-619 = 619-version-negotiation
-test-620 = 620-version-negotiation
-test-621 = 621-version-negotiation
-test-622 = 622-version-negotiation
-test-623 = 623-version-negotiation
-test-624 = 624-version-negotiation
-test-625 = 625-version-negotiation
-test-626 = 626-version-negotiation
-test-627 = 627-version-negotiation
-test-628 = 628-version-negotiation
-test-629 = 629-version-negotiation
-test-630 = 630-version-negotiation
-test-631 = 631-version-negotiation
-test-632 = 632-version-negotiation
-test-633 = 633-version-negotiation
-test-634 = 634-version-negotiation
-test-635 = 635-version-negotiation
-test-636 = 636-version-negotiation
-test-637 = 637-version-negotiation
-test-638 = 638-version-negotiation
-test-639 = 639-version-negotiation
-test-640 = 640-version-negotiation
-test-641 = 641-version-negotiation
-test-642 = 642-version-negotiation
-test-643 = 643-version-negotiation
-test-644 = 644-version-negotiation
-test-645 = 645-version-negotiation
-test-646 = 646-version-negotiation
-test-647 = 647-version-negotiation
-test-648 = 648-version-negotiation
-test-649 = 649-version-negotiation
-test-650 = 650-version-negotiation
-test-651 = 651-version-negotiation
-test-652 = 652-version-negotiation
-test-653 = 653-version-negotiation
-test-654 = 654-version-negotiation
-test-655 = 655-version-negotiation
-test-656 = 656-version-negotiation
-test-657 = 657-version-negotiation
-test-658 = 658-version-negotiation
-test-659 = 659-version-negotiation
-test-660 = 660-version-negotiation
-test-661 = 661-version-negotiation
-test-662 = 662-version-negotiation
-test-663 = 663-version-negotiation
-test-664 = 664-version-negotiation
-test-665 = 665-version-negotiation
-test-666 = 666-version-negotiation
-test-667 = 667-version-negotiation
-test-668 = 668-version-negotiation
-test-669 = 669-version-negotiation
-test-670 = 670-version-negotiation
-test-671 = 671-version-negotiation
-test-672 = 672-version-negotiation
-test-673 = 673-version-negotiation
-test-674 = 674-version-negotiation
-test-675 = 675-version-negotiation
-test-676 = 676-ciphersuite-sanity-check-client
-test-677 = 677-ciphersuite-sanity-check-server
+test-361 = 361-ciphersuite-sanity-check-client
+test-362 = 362-ciphersuite-sanity-check-server
# ===========================================================
[0-version-negotiation]
@@ -692,17 +377,18 @@ client = 0-version-negotiation-client
[0-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[0-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-0]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -717,17 +403,18 @@ client = 1-version-negotiation-client
[1-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[1-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-1]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -742,17 +429,18 @@ client = 2-version-negotiation-client
[2-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[2-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-2]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -767,17 +455,18 @@ client = 3-version-negotiation-client
[3-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[3-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-3]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -792,17 +481,17 @@ client = 4-version-negotiation-client
[4-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[4-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-4]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -817,16 +506,19 @@ client = 5-version-negotiation-client
[5-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[5-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-5]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -841,18 +533,19 @@ client = 6-version-negotiation-client
[6-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[6-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-6]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -867,18 +560,19 @@ client = 7-version-negotiation-client
[7-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[7-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-7]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -893,18 +587,19 @@ client = 8-version-negotiation-client
[8-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[8-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-8]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -919,18 +614,18 @@ client = 9-version-negotiation-client
[9-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[9-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-9]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -945,18 +640,18 @@ client = 10-version-negotiation-client
[10-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[10-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-10]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -971,17 +666,18 @@ client = 11-version-negotiation-client
[11-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[11-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-11]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -996,18 +692,18 @@ client = 12-version-negotiation-client
[12-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[12-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-12]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -1022,18 +718,17 @@ client = 13-version-negotiation-client
[13-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[13-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-13]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -1049,17 +744,17 @@ client = 14-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[14-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-14]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -1075,17 +770,17 @@ client = 15-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[15-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-15]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -1100,17 +795,17 @@ client = 16-version-negotiation-client
[16-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[16-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-16]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -1125,18 +820,18 @@ client = 17-version-negotiation-client
[17-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[17-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-17]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -1151,18 +846,17 @@ client = 18-version-negotiation-client
[18-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[18-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-18]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
@@ -1177,18 +871,18 @@ client = 19-version-negotiation-client
[19-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[19-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-19]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -1203,17 +897,18 @@ client = 20-version-negotiation-client
[20-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[20-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-20]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -1229,17 +924,17 @@ client = 21-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[21-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-21]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -1255,17 +950,17 @@ client = 22-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[22-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-22]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -1280,17 +975,17 @@ client = 23-version-negotiation-client
[23-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[23-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-23]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -1305,18 +1000,19 @@ client = 24-version-negotiation-client
[24-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[24-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-24]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -1331,17 +1027,19 @@ client = 25-version-negotiation-client
[25-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[25-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-25]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -1356,17 +1054,19 @@ client = 26-version-negotiation-client
[26-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[26-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-26]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -1381,17 +1081,18 @@ client = 27-version-negotiation-client
[27-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[27-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-27]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -1407,17 +1108,17 @@ client = 28-version-negotiation-client
[28-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[28-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-28]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -1433,17 +1134,18 @@ client = 29-version-negotiation-client
[29-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[29-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-29]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -1459,17 +1161,18 @@ client = 30-version-negotiation-client
[30-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[30-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-30]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -1485,16 +1188,18 @@ client = 31-version-negotiation-client
[31-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[31-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-31]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -1510,18 +1215,18 @@ client = 32-version-negotiation-client
[32-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[32-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-32]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -1536,19 +1241,18 @@ client = 33-version-negotiation-client
[33-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[33-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-33]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -1563,19 +1267,18 @@ client = 34-version-negotiation-client
[34-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[34-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-34]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -1590,19 +1293,17 @@ client = 35-version-negotiation-client
[35-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[35-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-35]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -1618,18 +1319,17 @@ client = 36-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[36-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-36]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -1644,18 +1344,17 @@ client = 37-version-negotiation-client
[37-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[37-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-37]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -1671,12 +1370,11 @@ client = 38-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
-MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[38-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -1698,17 +1396,16 @@ client = 39-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[39-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-39]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -1725,17 +1422,16 @@ client = 40-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[40-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-40]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -1752,17 +1448,16 @@ client = 41-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[41-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-41]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -1778,17 +1473,16 @@ client = 42-version-negotiation-client
[42-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[42-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-42]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -1804,18 +1498,19 @@ client = 43-version-negotiation-client
[43-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[43-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-43]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -1830,18 +1525,19 @@ client = 44-version-negotiation-client
[44-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[44-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-44]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -1856,18 +1552,19 @@ client = 45-version-negotiation-client
[45-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[45-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-45]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
# ===========================================================
@@ -1882,17 +1579,19 @@ client = 46-version-negotiation-client
[46-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[46-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-46]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
# ===========================================================
@@ -1907,18 +1606,18 @@ client = 47-version-negotiation-client
[47-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[47-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-47]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
# ===========================================================
@@ -1933,18 +1632,19 @@ client = 48-version-negotiation-client
[48-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[48-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-48]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -1959,17 +1659,19 @@ client = 49-version-negotiation-client
[49-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[49-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-49]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
# ===========================================================
@@ -1985,17 +1687,18 @@ client = 50-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[50-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-50]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
# ===========================================================
@@ -2010,17 +1713,18 @@ client = 51-version-negotiation-client
[51-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[51-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-51]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
# ===========================================================
@@ -2035,17 +1739,19 @@ client = 52-version-negotiation-client
[52-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[52-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-52]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
# ===========================================================
@@ -2060,17 +1766,18 @@ client = 53-version-negotiation-client
[53-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[53-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-53]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -2086,17 +1793,17 @@ client = 54-version-negotiation-client
[54-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[54-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-54]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -2112,18 +1819,18 @@ client = 55-version-negotiation-client
[55-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[55-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-55]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -2138,18 +1845,17 @@ client = 56-version-negotiation-client
[56-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[56-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-56]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -2164,16 +1870,17 @@ client = 57-version-negotiation-client
[57-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[57-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-57]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
ExpectedResult = Success
@@ -2189,18 +1896,18 @@ client = 58-version-negotiation-client
[58-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[58-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-58]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -2215,18 +1922,17 @@ client = 59-version-negotiation-client
[59-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[59-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-59]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -2242,18 +1948,17 @@ client = 60-version-negotiation-client
[60-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[60-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-60]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -2269,18 +1974,16 @@ client = 61-version-negotiation-client
[61-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[61-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-61]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -2296,18 +1999,18 @@ client = 62-version-negotiation-client
[62-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[62-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-62]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
ExpectedResult = Success
@@ -2323,12 +2026,13 @@ client = 63-version-negotiation-client
[63-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[63-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -2349,18 +2053,18 @@ client = 64-version-negotiation-client
[64-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[64-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-64]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -2376,18 +2080,18 @@ client = 65-version-negotiation-client
[65-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[65-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-65]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -2403,18 +2107,17 @@ client = 66-version-negotiation-client
[66-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[66-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-66]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -2430,13 +2133,13 @@ client = 67-version-negotiation-client
[67-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[67-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -2457,17 +2160,18 @@ client = 68-version-negotiation-client
[68-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[68-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-68]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -2483,18 +2187,18 @@ client = 69-version-negotiation-client
[69-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[69-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-69]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -2510,18 +2214,17 @@ client = 70-version-negotiation-client
[70-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[70-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-70]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -2537,18 +2240,18 @@ client = 71-version-negotiation-client
[71-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[71-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-71]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -2564,17 +2267,18 @@ client = 72-version-negotiation-client
[72-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[72-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-72]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -2590,18 +2294,18 @@ client = 73-version-negotiation-client
[73-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[73-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-73]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -2617,17 +2321,18 @@ client = 74-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[74-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-74]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -2642,17 +2347,18 @@ client = 75-version-negotiation-client
[75-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[75-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-75]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -2667,18 +2373,17 @@ client = 76-version-negotiation-client
[76-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[76-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-76]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -2693,17 +2398,17 @@ client = 77-version-negotiation-client
[77-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[77-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-77]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -2718,17 +2423,17 @@ client = 78-version-negotiation-client
[78-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[78-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-78]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
# ===========================================================
@@ -2743,17 +2448,16 @@ client = 79-version-negotiation-client
[79-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[79-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-79]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -2769,17 +2473,15 @@ client = 80-version-negotiation-client
[80-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[80-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-80]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -2795,17 +2497,17 @@ client = 81-version-negotiation-client
[81-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[81-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-81]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
ExpectedResult = Success
@@ -2821,17 +2523,17 @@ client = 82-version-negotiation-client
[82-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[82-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-82]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -2847,11 +2549,12 @@ client = 83-version-negotiation-client
[83-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[83-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -2872,18 +2575,18 @@ client = 84-version-negotiation-client
[84-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[84-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-84]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -2898,18 +2601,16 @@ client = 85-version-negotiation-client
[85-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[85-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-85]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -2926,12 +2627,11 @@ client = 86-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[86-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -2953,12 +2653,11 @@ client = 87-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[87-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -2980,17 +2679,16 @@ client = 88-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[88-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-88]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -3006,17 +2704,16 @@ client = 89-version-negotiation-client
[89-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[89-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-89]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -3032,18 +2729,17 @@ client = 90-version-negotiation-client
[90-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[90-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-90]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -3059,18 +2755,17 @@ client = 91-version-negotiation-client
[91-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[91-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-91]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -3086,18 +2781,16 @@ client = 92-version-negotiation-client
[92-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[92-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-92]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -3114,17 +2807,16 @@ client = 93-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[93-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-93]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -3140,17 +2832,16 @@ client = 94-version-negotiation-client
[94-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[94-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-94]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -3166,18 +2857,18 @@ client = 95-version-negotiation-client
[95-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[95-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-95]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
ExpectedResult = Success
@@ -3193,18 +2884,18 @@ client = 96-version-negotiation-client
[96-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[96-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-96]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
ExpectedResult = Success
@@ -3220,18 +2911,18 @@ client = 97-version-negotiation-client
[97-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[97-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-97]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
ExpectedResult = Success
@@ -3247,17 +2938,18 @@ client = 98-version-negotiation-client
[98-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[98-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-98]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
ExpectedResult = Success
@@ -3273,18 +2965,17 @@ client = 99-version-negotiation-client
[99-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[99-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-99]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
ExpectedResult = Success
@@ -3300,18 +2991,19 @@ client = 100-version-negotiation-client
[100-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[100-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-100]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
ExpectedResult = Success
@@ -3327,17 +3019,19 @@ client = 101-version-negotiation-client
[101-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[101-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-101]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
ExpectedResult = Success
@@ -3353,18 +3047,20 @@ client = 102-version-negotiation-client
[102-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[102-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-102]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -3379,17 +3075,20 @@ client = 103-version-negotiation-client
[103-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[103-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-103]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -3404,17 +3103,19 @@ client = 104-version-negotiation-client
[104-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[104-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-104]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -3429,18 +3130,19 @@ client = 105-version-negotiation-client
[105-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[105-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-105]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -3455,18 +3157,19 @@ client = 106-version-negotiation-client
[106-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[106-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-106]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -3481,18 +3184,19 @@ client = 107-version-negotiation-client
[107-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[107-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-107]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -3507,18 +3211,18 @@ client = 108-version-negotiation-client
[108-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[108-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-108]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -3533,17 +3237,19 @@ client = 109-version-negotiation-client
[109-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[109-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-109]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -3558,13 +3264,14 @@ client = 110-version-negotiation-client
[110-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[110-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -3584,19 +3291,18 @@ client = 111-version-negotiation-client
[111-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[111-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-111]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -3611,19 +3317,19 @@ client = 112-version-negotiation-client
[112-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[112-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-112]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -3638,19 +3344,18 @@ client = 113-version-negotiation-client
[113-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[113-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-113]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -3665,18 +3370,18 @@ client = 114-version-negotiation-client
[114-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[114-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-114]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1
ExpectedResult = Success
@@ -3692,17 +3397,18 @@ client = 115-version-negotiation-client
[115-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[115-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-115]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -3718,18 +3424,18 @@ client = 116-version-negotiation-client
[116-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[116-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-116]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -3745,13 +3451,13 @@ client = 117-version-negotiation-client
[117-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[117-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -3772,18 +3478,17 @@ client = 118-version-negotiation-client
[118-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[118-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-118]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -3799,18 +3504,19 @@ client = 119-version-negotiation-client
[119-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[119-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-119]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1
ExpectedResult = Success
@@ -3826,17 +3532,19 @@ client = 120-version-negotiation-client
[120-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.1
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[120-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-120]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -3852,13 +3560,14 @@ client = 121-version-negotiation-client
[121-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[121-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -3879,18 +3588,19 @@ client = 122-version-negotiation-client
[122-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[122-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-122]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -3906,18 +3616,18 @@ client = 123-version-negotiation-client
[123-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[123-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-123]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -3933,17 +3643,19 @@ client = 124-version-negotiation-client
[124-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.1
MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[124-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-124]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -3960,17 +3672,18 @@ client = 125-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[125-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-125]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -3987,17 +3700,18 @@ client = 126-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[126-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-126]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -4013,17 +3727,18 @@ client = 127-version-negotiation-client
[127-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[127-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-127]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -4039,19 +3754,19 @@ client = 128-version-negotiation-client
[128-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[128-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-128]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -4066,18 +3781,19 @@ client = 129-version-negotiation-client
[129-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[129-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-129]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -4092,11 +3808,13 @@ client = 130-version-negotiation-client
[130-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[130-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -4116,17 +3834,19 @@ client = 131-version-negotiation-client
[131-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[131-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-131]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -4141,17 +3861,18 @@ client = 132-version-negotiation-client
[132-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[132-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-132]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -4166,16 +3887,18 @@ client = 133-version-negotiation-client
[133-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[133-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-133]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
ExpectedResult = Success
@@ -4191,16 +3914,18 @@ client = 134-version-negotiation-client
[134-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[134-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-134]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -4216,15 +3941,18 @@ client = 135-version-negotiation-client
[135-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[135-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-135]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -4240,17 +3968,19 @@ client = 136-version-negotiation-client
[136-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[136-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-136]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
# ===========================================================
@@ -4265,17 +3995,17 @@ client = 137-version-negotiation-client
[137-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[137-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-137]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -4291,17 +4021,19 @@ client = 138-version-negotiation-client
[138-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[138-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-138]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
ExpectedResult = Success
@@ -4317,17 +4049,19 @@ client = 139-version-negotiation-client
[139-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[139-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-139]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -4343,17 +4077,19 @@ client = 140-version-negotiation-client
[140-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[140-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-140]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -4369,16 +4105,19 @@ client = 141-version-negotiation-client
[141-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[141-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-141]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -4394,17 +4133,18 @@ client = 142-version-negotiation-client
[142-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[142-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-142]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -4421,11 +4161,13 @@ client = 143-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[143-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -4447,11 +4189,13 @@ client = 144-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[144-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -4473,16 +4217,18 @@ client = 145-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[145-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-145]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -4498,16 +4244,18 @@ client = 146-version-negotiation-client
[146-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[146-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-146]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -4523,17 +4271,19 @@ client = 147-version-negotiation-client
[147-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[147-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-147]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -4549,12 +4299,14 @@ client = 148-version-negotiation-client
[148-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[148-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -4575,17 +4327,18 @@ client = 149-version-negotiation-client
[149-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[149-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-149]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -4601,17 +4354,19 @@ client = 150-version-negotiation-client
[150-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[150-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-150]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -4626,18 +4381,18 @@ client = 151-version-negotiation-client
[151-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[151-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-151]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -4652,17 +4407,18 @@ client = 152-version-negotiation-client
[152-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[152-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-152]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1
ExpectedResult = Success
@@ -4678,16 +4434,18 @@ client = 153-version-negotiation-client
[153-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[153-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-153]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -4703,17 +4461,18 @@ client = 154-version-negotiation-client
[154-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[154-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-154]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -4729,11 +4488,13 @@ client = 155-version-negotiation-client
[155-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[155-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -4754,18 +4515,18 @@ client = 156-version-negotiation-client
[156-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[156-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-156]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -4781,17 +4542,19 @@ client = 157-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[157-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-157]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -4807,17 +4570,19 @@ client = 158-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[158-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-158]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -4833,17 +4598,19 @@ client = 159-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[159-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-159]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
# ===========================================================
@@ -4859,17 +4626,19 @@ client = 160-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[160-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-160]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -4884,17 +4653,19 @@ client = 161-version-negotiation-client
[161-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[161-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-161]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -4909,19 +4680,20 @@ client = 162-version-negotiation-client
[162-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[162-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-162]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -4936,19 +4708,20 @@ client = 163-version-negotiation-client
[163-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[163-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-163]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
# ===========================================================
@@ -4963,19 +4736,20 @@ client = 164-version-negotiation-client
[164-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[164-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-164]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -4990,19 +4764,19 @@ client = 165-version-negotiation-client
[165-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[165-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-165]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -5017,19 +4791,20 @@ client = 166-version-negotiation-client
[166-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[166-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-166]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
# ===========================================================
@@ -5044,18 +4819,20 @@ client = 167-version-negotiation-client
[167-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[167-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-167]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -5070,19 +4847,19 @@ client = 168-version-negotiation-client
[168-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[168-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-168]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -5097,19 +4874,20 @@ client = 169-version-negotiation-client
[169-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[169-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-169]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -5124,19 +4902,19 @@ client = 170-version-negotiation-client
[170-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[170-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-170]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -5151,19 +4929,18 @@ client = 171-version-negotiation-client
[171-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[171-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-171]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -5178,18 +4955,18 @@ client = 172-version-negotiation-client
[172-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[172-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-172]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -5204,19 +4981,18 @@ client = 173-version-negotiation-client
[173-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[173-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-173]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
# ===========================================================
@@ -5231,19 +5007,18 @@ client = 174-version-negotiation-client
[174-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[174-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-174]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -5258,19 +5033,17 @@ client = 175-version-negotiation-client
[175-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[175-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-175]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -5285,18 +5058,19 @@ client = 176-version-negotiation-client
[176-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[176-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-176]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
# ===========================================================
@@ -5311,19 +5085,19 @@ client = 177-version-negotiation-client
[177-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[177-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-177]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -5338,19 +5112,19 @@ client = 178-version-negotiation-client
[178-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[178-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-178]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
# ===========================================================
@@ -5365,18 +5139,19 @@ client = 179-version-negotiation-client
[179-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[179-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-179]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -5391,19 +5166,18 @@ client = 180-version-negotiation-client
[180-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[180-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-180]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -5418,18 +5192,19 @@ client = 181-version-negotiation-client
[181-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[181-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-181]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -5444,18 +5219,19 @@ client = 182-version-negotiation-client
[182-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[182-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-182]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
# ===========================================================
@@ -5470,18 +5246,18 @@ client = 183-version-negotiation-client
[183-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[183-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-183]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -5497,18 +5273,17 @@ client = 184-version-negotiation-client
[184-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[184-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-184]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -5525,17 +5300,17 @@ client = 185-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[185-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-185]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -5552,17 +5327,17 @@ client = 186-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[186-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-186]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -5578,17 +5353,17 @@ client = 187-version-negotiation-client
[187-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[187-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-187]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -5604,19 +5379,19 @@ client = 188-version-negotiation-client
[188-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[188-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-188]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -5631,19 +5406,17 @@ client = 189-version-negotiation-client
[189-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[189-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-189]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -5659,20 +5432,18 @@ client = 190-version-negotiation-client
[190-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[190-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-190]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ClientFail
# ===========================================================
@@ -5687,19 +5458,18 @@ client = 191-version-negotiation-client
[191-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[191-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-191]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -5715,19 +5485,18 @@ client = 192-version-negotiation-client
[192-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[192-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-192]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -5743,18 +5512,18 @@ client = 193-version-negotiation-client
[193-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[193-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-193]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -5770,19 +5539,17 @@ client = 194-version-negotiation-client
[194-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[194-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-194]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -5798,20 +5565,19 @@ client = 195-version-negotiation-client
[195-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[195-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-195]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ClientFail
# ===========================================================
@@ -5826,19 +5592,19 @@ client = 196-version-negotiation-client
[196-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[196-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-196]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -5854,19 +5620,19 @@ client = 197-version-negotiation-client
[197-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.2
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[197-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-197]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -5882,18 +5648,19 @@ client = 198-version-negotiation-client
[198-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.3
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[198-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-198]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -5909,19 +5676,19 @@ client = 199-version-negotiation-client
[199-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[199-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-199]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -5936,19 +5703,20 @@ client = 200-version-negotiation-client
[200-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[200-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-200]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -5963,19 +5731,20 @@ client = 201-version-negotiation-client
[201-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.2
MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[201-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-201]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -5990,18 +5759,20 @@ client = 202-version-negotiation-client
[202-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.3
MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[202-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-202]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -6016,19 +5787,19 @@ client = 203-version-negotiation-client
[203-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[203-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-203]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -6043,14 +5814,14 @@ client = 204-version-negotiation-client
[204-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[204-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -6070,13 +5841,14 @@ client = 205-version-negotiation-client
[205-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.3
MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[205-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -6096,14 +5868,13 @@ client = 206-version-negotiation-client
[206-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[206-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -6123,13 +5894,14 @@ client = 207-version-negotiation-client
[207-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.3
MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[207-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -6149,13 +5921,13 @@ client = 208-version-negotiation-client
[208-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[208-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -6180,14 +5952,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[209-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-209]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ClientFail
# ===========================================================
@@ -6207,8 +5978,8 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[210-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -6234,13 +6005,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[211-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-211]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -6261,13 +6032,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[212-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-212]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -6287,13 +6058,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[213-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-213]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -6309,19 +6080,19 @@ client = 214-version-negotiation-client
[214-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[214-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-214]
-ExpectedResult = ServerFail
+ExpectedResult = ClientFail
# ===========================================================
@@ -6336,19 +6107,19 @@ client = 215-version-negotiation-client
[215-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[215-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-215]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -6364,19 +6135,19 @@ client = 216-version-negotiation-client
[216-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[216-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-216]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -6392,19 +6163,19 @@ client = 217-version-negotiation-client
[217-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[217-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-217]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -6420,19 +6191,18 @@ client = 218-version-negotiation-client
[218-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[218-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-218]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -6448,13 +6218,14 @@ client = 219-version-negotiation-client
[219-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[219-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -6475,19 +6246,19 @@ client = 220-version-negotiation-client
[220-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[220-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-220]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -6503,19 +6274,19 @@ client = 221-version-negotiation-client
[221-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[221-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-221]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -6531,19 +6302,18 @@ client = 222-version-negotiation-client
[222-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[222-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-222]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -6559,19 +6329,19 @@ client = 223-version-negotiation-client
[223-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[223-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-223]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -6587,18 +6357,19 @@ client = 224-version-negotiation-client
[224-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[224-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-224]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -6614,19 +6385,18 @@ client = 225-version-negotiation-client
[225-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[225-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-225]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -6642,20 +6412,19 @@ client = 226-version-negotiation-client
[226-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[226-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-226]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -6670,20 +6439,18 @@ client = 227-version-negotiation-client
[227-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[227-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-227]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -6698,19 +6465,18 @@ client = 228-version-negotiation-client
[228-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[228-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-228]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -6725,19 +6491,19 @@ client = 229-version-negotiation-client
[229-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[229-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-229]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -6752,19 +6518,19 @@ client = 230-version-negotiation-client
[230-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[230-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-230]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
# ===========================================================
@@ -6779,18 +6545,19 @@ client = 231-version-negotiation-client
[231-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[231-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-231]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -6805,19 +6572,18 @@ client = 232-version-negotiation-client
[232-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[232-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-232]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -6832,13 +6598,14 @@ client = 233-version-negotiation-client
[233-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[233-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -6858,18 +6625,20 @@ client = 234-version-negotiation-client
[234-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[234-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-234]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
# ===========================================================
@@ -6884,18 +6653,19 @@ client = 235-version-negotiation-client
[235-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[235-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-235]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -6911,18 +6681,19 @@ client = 236-version-negotiation-client
[236-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[236-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-236]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -6938,18 +6709,18 @@ client = 237-version-negotiation-client
[237-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[237-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-237]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -6965,18 +6736,19 @@ client = 238-version-negotiation-client
[238-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[238-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-238]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -6992,12 +6764,14 @@ client = 239-version-negotiation-client
[239-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[239-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -7018,19 +6792,20 @@ client = 240-version-negotiation-client
[240-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[240-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-240]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -7045,19 +6820,18 @@ client = 241-version-negotiation-client
[241-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[241-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-241]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -7073,19 +6847,19 @@ client = 242-version-negotiation-client
[242-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[242-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-242]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -7101,19 +6875,19 @@ client = 243-version-negotiation-client
[243-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[243-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-243]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -7129,19 +6903,18 @@ client = 244-version-negotiation-client
[244-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[244-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-244]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -7157,18 +6930,19 @@ client = 245-version-negotiation-client
[245-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[245-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-245]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -7184,19 +6958,18 @@ client = 246-version-negotiation-client
[246-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[246-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-246]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -7212,20 +6985,17 @@ client = 247-version-negotiation-client
[247-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[247-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-247]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -7240,19 +7010,17 @@ client = 248-version-negotiation-client
[248-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[248-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-248]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -7268,14 +7036,12 @@ client = 249-version-negotiation-client
[249-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[249-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -7296,18 +7062,17 @@ client = 250-version-negotiation-client
[250-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[250-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-250]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -7323,19 +7088,16 @@ client = 251-version-negotiation-client
[251-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[251-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-251]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -7351,20 +7113,18 @@ client = 252-version-negotiation-client
[252-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[252-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-252]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -7379,19 +7139,18 @@ client = 253-version-negotiation-client
[253-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[253-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-253]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -7407,13 +7166,13 @@ client = 254-version-negotiation-client
[254-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[254-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -7434,19 +7193,18 @@ client = 255-version-negotiation-client
[255-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[255-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-255]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -7462,19 +7220,17 @@ client = 256-version-negotiation-client
[256-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[256-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-256]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -7490,18 +7246,18 @@ client = 257-version-negotiation-client
[257-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[257-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-257]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
@@ -7517,19 +7273,19 @@ client = 258-version-negotiation-client
[258-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[258-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-258]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
# ===========================================================
@@ -7544,18 +7300,19 @@ client = 259-version-negotiation-client
[259-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[259-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-259]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -7570,18 +7327,18 @@ client = 260-version-negotiation-client
[260-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[260-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-260]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -7596,18 +7353,18 @@ client = 261-version-negotiation-client
[261-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[261-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-261]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -7623,18 +7380,18 @@ client = 262-version-negotiation-client
[262-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[262-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-262]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -7650,18 +7407,17 @@ client = 263-version-negotiation-client
[263-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[263-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-263]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -7678,12 +7434,12 @@ client = 264-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[264-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -7704,12 +7460,12 @@ client = 265-version-negotiation-client
[265-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[265-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -7730,19 +7486,18 @@ client = 266-version-negotiation-client
[266-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[266-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-266]
-ExpectedResult = ServerFail
+ExpectedResult = ClientFail
# ===========================================================
@@ -7757,20 +7512,18 @@ client = 267-version-negotiation-client
[267-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[267-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-267]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ClientFail
# ===========================================================
@@ -7785,19 +7538,18 @@ client = 268-version-negotiation-client
[268-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[268-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-268]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -7813,14 +7565,13 @@ client = 269-version-negotiation-client
[269-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[269-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -7841,19 +7592,17 @@ client = 270-version-negotiation-client
[270-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[270-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-270]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -7869,19 +7618,19 @@ client = 271-version-negotiation-client
[271-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[271-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-271]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
+ExpectedResult = ClientFail
# ===========================================================
@@ -7896,20 +7645,19 @@ client = 272-version-negotiation-client
[272-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[272-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-272]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ClientFail
# ===========================================================
@@ -7924,19 +7672,19 @@ client = 273-version-negotiation-client
[273-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[273-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-273]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -7952,14 +7700,14 @@ client = 274-version-negotiation-client
[274-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[274-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -7980,19 +7728,18 @@ client = 275-version-negotiation-client
[275-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[275-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-275]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -8008,19 +7755,19 @@ client = 276-version-negotiation-client
[276-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[276-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-276]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
+ExpectedResult = ClientFail
# ===========================================================
@@ -8035,19 +7782,19 @@ client = 277-version-negotiation-client
[277-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[277-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-277]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -8063,14 +7810,14 @@ client = 278-version-negotiation-client
[278-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[278-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -8091,19 +7838,18 @@ client = 279-version-negotiation-client
[279-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[279-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-279]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -8119,18 +7865,19 @@ client = 280-version-negotiation-client
[280-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[280-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-280]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -8146,14 +7893,14 @@ client = 281-version-negotiation-client
[281-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[281-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -8174,19 +7921,18 @@ client = 282-version-negotiation-client
[282-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[282-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-282]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -8202,19 +7948,19 @@ client = 283-version-negotiation-client
[283-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[283-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-283]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -8229,20 +7975,18 @@ client = 284-version-negotiation-client
[284-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[284-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-284]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -8257,19 +8001,18 @@ client = 285-version-negotiation-client
[285-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[285-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-285]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -8284,12 +8027,13 @@ client = 286-version-negotiation-client
[286-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[286-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -8309,17 +8053,18 @@ client = 287-version-negotiation-client
[287-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[287-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-287]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -8335,17 +8080,18 @@ client = 288-version-negotiation-client
[288-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[288-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-288]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8361,17 +8107,17 @@ client = 289-version-negotiation-client
[289-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[289-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-289]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8387,18 +8133,19 @@ client = 290-version-negotiation-client
[290-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[290-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-290]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -8413,17 +8160,19 @@ client = 291-version-negotiation-client
[291-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[291-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-291]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -8438,18 +8187,20 @@ client = 292-version-negotiation-client
[292-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[292-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-292]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
# ===========================================================
@@ -8464,18 +8215,19 @@ client = 293-version-negotiation-client
[293-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[293-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-293]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8491,18 +8243,18 @@ client = 294-version-negotiation-client
[294-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[294-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-294]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8518,19 +8270,19 @@ client = 295-version-negotiation-client
[295-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[295-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-295]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -8545,18 +8297,19 @@ client = 296-version-negotiation-client
[296-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[296-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-296]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -8572,12 +8325,14 @@ client = 297-version-negotiation-client
[297-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[297-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -8598,18 +8353,18 @@ client = 298-version-negotiation-client
[298-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[298-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-298]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8625,18 +8380,19 @@ client = 299-version-negotiation-client
[299-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[299-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-299]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -8652,18 +8408,19 @@ client = 300-version-negotiation-client
[300-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[300-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-300]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8679,13 +8436,13 @@ client = 301-version-negotiation-client
[301-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[301-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -8706,12 +8463,14 @@ client = 302-version-negotiation-client
[302-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[302-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -8732,18 +8491,18 @@ client = 303-version-negotiation-client
[303-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[303-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-303]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8759,19 +8518,17 @@ client = 304-version-negotiation-client
[304-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[304-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-304]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -8786,19 +8543,17 @@ client = 305-version-negotiation-client
[305-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[305-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-305]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -8813,17 +8568,17 @@ client = 306-version-negotiation-client
[306-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[306-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-306]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -8839,18 +8594,17 @@ client = 307-version-negotiation-client
[307-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[307-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-307]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -8866,13 +8620,11 @@ client = 308-version-negotiation-client
[308-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[308-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -8893,18 +8645,18 @@ client = 309-version-negotiation-client
[309-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[309-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-309]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -8919,19 +8671,18 @@ client = 310-version-negotiation-client
[310-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[310-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-310]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -8946,17 +8697,18 @@ client = 311-version-negotiation-client
[311-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[311-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-311]
-ExpectedProtocol = TLSv1.3
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -8972,18 +8724,19 @@ client = 312-version-negotiation-client
[312-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[312-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-312]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -8998,18 +8751,17 @@ client = 313-version-negotiation-client
[313-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[313-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-313]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -9026,18 +8778,17 @@ client = 314-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[314-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-314]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -9053,17 +8804,17 @@ client = 315-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[315-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-315]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
@@ -9080,17 +8831,17 @@ client = 316-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[316-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-316]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -9106,17 +8857,17 @@ client = 317-version-negotiation-client
[317-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[317-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-317]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -9132,19 +8883,19 @@ client = 318-version-negotiation-client
[318-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[318-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-318]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
# ===========================================================
@@ -9159,19 +8910,18 @@ client = 319-version-negotiation-client
[319-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[319-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-319]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -9187,19 +8937,17 @@ client = 320-version-negotiation-client
[320-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[320-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-320]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -9215,19 +8963,18 @@ client = 321-version-negotiation-client
[321-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[321-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-321]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -9243,19 +8990,17 @@ client = 322-version-negotiation-client
[322-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[322-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-322]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -9271,19 +9016,18 @@ client = 323-version-negotiation-client
[323-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[323-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-323]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -9298,20 +9042,18 @@ client = 324-version-negotiation-client
[324-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[324-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-324]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -9326,20 +9068,18 @@ client = 325-version-negotiation-client
[325-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[325-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-325]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -9354,19 +9094,18 @@ client = 326-version-negotiation-client
[326-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[326-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-326]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -9382,19 +9121,17 @@ client = 327-version-negotiation-client
[327-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[327-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-327]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -9410,19 +9147,19 @@ client = 328-version-negotiation-client
[328-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[328-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-328]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -9438,13 +9175,13 @@ client = 329-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[329-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -9465,13 +9202,13 @@ client = 330-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[330-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -9492,18 +9229,19 @@ client = 331-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[331-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-331]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -9518,18 +9256,19 @@ client = 332-version-negotiation-client
[332-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[332-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-332]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -9544,14 +9283,14 @@ client = 333-version-negotiation-client
[333-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[333-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -9571,14 +9310,14 @@ client = 334-version-negotiation-client
[334-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[334-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -9598,18 +9337,20 @@ client = 335-version-negotiation-client
[335-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[335-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-335]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -9624,19 +9365,19 @@ client = 336-version-negotiation-client
[336-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[336-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-336]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -9651,13 +9392,14 @@ client = 337-version-negotiation-client
[337-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[337-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -9677,18 +9419,20 @@ client = 338-version-negotiation-client
[338-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[338-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-338]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -9703,18 +9447,18 @@ client = 339-version-negotiation-client
[339-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[339-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-339]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -9730,18 +9474,19 @@ client = 340-version-negotiation-client
[340-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[340-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-340]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -9757,18 +9502,18 @@ client = 341-version-negotiation-client
[341-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[341-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-341]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -9784,19 +9529,17 @@ client = 342-version-negotiation-client
[342-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[342-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-342]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -9811,18 +9554,17 @@ client = 343-version-negotiation-client
[343-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[343-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-343]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -9837,14 +9579,12 @@ client = 344-version-negotiation-client
[344-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[344-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -9864,19 +9604,17 @@ client = 345-version-negotiation-client
[345-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[345-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-345]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -9892,19 +9630,16 @@ client = 346-version-negotiation-client
[346-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[346-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-346]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -9920,20 +9655,18 @@ client = 347-version-negotiation-client
[347-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[347-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-347]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -9948,20 +9681,18 @@ client = 348-version-negotiation-client
[348-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[348-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-348]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -9976,19 +9707,18 @@ client = 349-version-negotiation-client
[349-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[349-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-349]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -10003,19 +9733,18 @@ client = 350-version-negotiation-client
[350-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[350-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-350]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -10031,19 +9760,17 @@ client = 351-version-negotiation-client
[351-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[351-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-351]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -10059,20 +9786,18 @@ client = 352-version-negotiation-client
[352-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[352-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-352]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -10087,20 +9812,18 @@ client = 353-version-negotiation-client
[353-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[353-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-353]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -10115,18 +9838,18 @@ client = 354-version-negotiation-client
[354-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[354-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-354]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -10142,19 +9865,17 @@ client = 355-version-negotiation-client
[355-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[355-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-355]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -10171,19 +9892,17 @@ client = 356-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[356-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-356]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
# ===========================================================
@@ -10199,18 +9918,17 @@ client = 357-version-negotiation-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[357-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-357]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -10226,18 +9944,17 @@ client = 358-version-negotiation-client
[358-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[358-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-358]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
@@ -10253,19 +9970,19 @@ client = 359-version-negotiation-client
[359-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[359-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-359]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
@@ -10280,8543 +9997,67 @@ client = 360-version-negotiation-client
[360-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[360-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-360]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[361-version-negotiation]
-ssl_conf = 361-version-negotiation-ssl
-
-[361-version-negotiation-ssl]
-server = 361-version-negotiation-server
-client = 361-version-negotiation-client
-
-[361-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[361-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-361]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[362-version-negotiation]
-ssl_conf = 362-version-negotiation-ssl
-
-[362-version-negotiation-ssl]
-server = 362-version-negotiation-server
-client = 362-version-negotiation-client
-
-[362-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[362-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-362]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[363-version-negotiation]
-ssl_conf = 363-version-negotiation-ssl
-
-[363-version-negotiation-ssl]
-server = 363-version-negotiation-server
-client = 363-version-negotiation-client
-
-[363-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+[360-version-negotiation-client]
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[363-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-363]
-ExpectedResult = ServerFail
+[test-360]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
-[364-version-negotiation]
-ssl_conf = 364-version-negotiation-ssl
+[361-ciphersuite-sanity-check-client]
+ssl_conf = 361-ciphersuite-sanity-check-client-ssl
-[364-version-negotiation-ssl]
-server = 364-version-negotiation-server
-client = 364-version-negotiation-client
+[361-ciphersuite-sanity-check-client-ssl]
+server = 361-ciphersuite-sanity-check-client-server
+client = 361-ciphersuite-sanity-check-client-client
-[364-version-negotiation-server]
+[361-ciphersuite-sanity-check-client-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[364-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
+CipherString = DEFAULT
MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-364]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[365-version-negotiation]
-ssl_conf = 365-version-negotiation-ssl
-
-[365-version-negotiation-ssl]
-server = 365-version-negotiation-server
-client = 365-version-negotiation-client
-
-[365-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[365-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+[361-ciphersuite-sanity-check-client-client]
+CipherString = AES128-SHA
+Ciphersuites =
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-365]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+[test-361]
+ExpectedResult = ClientFail
# ===========================================================
-[366-version-negotiation]
-ssl_conf = 366-version-negotiation-ssl
+[362-ciphersuite-sanity-check-server]
+ssl_conf = 362-ciphersuite-sanity-check-server-ssl
-[366-version-negotiation-ssl]
-server = 366-version-negotiation-server
-client = 366-version-negotiation-client
+[362-ciphersuite-sanity-check-server-ssl]
+server = 362-ciphersuite-sanity-check-server-server
+client = 362-ciphersuite-sanity-check-server-client
-[366-version-negotiation-server]
+[362-ciphersuite-sanity-check-server-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
+CipherString = AES128-SHA
+Ciphersuites =
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[366-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
+[362-ciphersuite-sanity-check-server-client]
+CipherString = AES128-SHA
MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-366]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[367-version-negotiation]
-ssl_conf = 367-version-negotiation-ssl
-
-[367-version-negotiation-ssl]
-server = 367-version-negotiation-server
-client = 367-version-negotiation-client
-
-[367-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[367-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-367]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[368-version-negotiation]
-ssl_conf = 368-version-negotiation-ssl
-
-[368-version-negotiation-ssl]
-server = 368-version-negotiation-server
-client = 368-version-negotiation-client
-
-[368-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[368-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-368]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[369-version-negotiation]
-ssl_conf = 369-version-negotiation-ssl
-
-[369-version-negotiation-ssl]
-server = 369-version-negotiation-server
-client = 369-version-negotiation-client
-
-[369-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[369-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-369]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[370-version-negotiation]
-ssl_conf = 370-version-negotiation-ssl
-
-[370-version-negotiation-ssl]
-server = 370-version-negotiation-server
-client = 370-version-negotiation-client
-
-[370-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[370-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-370]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[371-version-negotiation]
-ssl_conf = 371-version-negotiation-ssl
-
-[371-version-negotiation-ssl]
-server = 371-version-negotiation-server
-client = 371-version-negotiation-client
-
-[371-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[371-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-371]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[372-version-negotiation]
-ssl_conf = 372-version-negotiation-ssl
-
-[372-version-negotiation-ssl]
-server = 372-version-negotiation-server
-client = 372-version-negotiation-client
-
-[372-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[372-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-372]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[373-version-negotiation]
-ssl_conf = 373-version-negotiation-ssl
-
-[373-version-negotiation-ssl]
-server = 373-version-negotiation-server
-client = 373-version-negotiation-client
-
-[373-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[373-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-373]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[374-version-negotiation]
-ssl_conf = 374-version-negotiation-ssl
-
-[374-version-negotiation-ssl]
-server = 374-version-negotiation-server
-client = 374-version-negotiation-client
-
-[374-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[374-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-374]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[375-version-negotiation]
-ssl_conf = 375-version-negotiation-ssl
-
-[375-version-negotiation-ssl]
-server = 375-version-negotiation-server
-client = 375-version-negotiation-client
-
-[375-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[375-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-375]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[376-version-negotiation]
-ssl_conf = 376-version-negotiation-ssl
-
-[376-version-negotiation-ssl]
-server = 376-version-negotiation-server
-client = 376-version-negotiation-client
-
-[376-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[376-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-376]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[377-version-negotiation]
-ssl_conf = 377-version-negotiation-ssl
-
-[377-version-negotiation-ssl]
-server = 377-version-negotiation-server
-client = 377-version-negotiation-client
-
-[377-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[377-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-377]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[378-version-negotiation]
-ssl_conf = 378-version-negotiation-ssl
-
-[378-version-negotiation-ssl]
-server = 378-version-negotiation-server
-client = 378-version-negotiation-client
-
-[378-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[378-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-378]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[379-version-negotiation]
-ssl_conf = 379-version-negotiation-ssl
-
-[379-version-negotiation-ssl]
-server = 379-version-negotiation-server
-client = 379-version-negotiation-client
-
-[379-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[379-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-379]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[380-version-negotiation]
-ssl_conf = 380-version-negotiation-ssl
-
-[380-version-negotiation-ssl]
-server = 380-version-negotiation-server
-client = 380-version-negotiation-client
-
-[380-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[380-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-380]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[381-version-negotiation]
-ssl_conf = 381-version-negotiation-ssl
-
-[381-version-negotiation-ssl]
-server = 381-version-negotiation-server
-client = 381-version-negotiation-client
-
-[381-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[381-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-381]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[382-version-negotiation]
-ssl_conf = 382-version-negotiation-ssl
-
-[382-version-negotiation-ssl]
-server = 382-version-negotiation-server
-client = 382-version-negotiation-client
-
-[382-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[382-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-382]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[383-version-negotiation]
-ssl_conf = 383-version-negotiation-ssl
-
-[383-version-negotiation-ssl]
-server = 383-version-negotiation-server
-client = 383-version-negotiation-client
-
-[383-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[383-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-383]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[384-version-negotiation]
-ssl_conf = 384-version-negotiation-ssl
-
-[384-version-negotiation-ssl]
-server = 384-version-negotiation-server
-client = 384-version-negotiation-client
-
-[384-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[384-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-384]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[385-version-negotiation]
-ssl_conf = 385-version-negotiation-ssl
-
-[385-version-negotiation-ssl]
-server = 385-version-negotiation-server
-client = 385-version-negotiation-client
-
-[385-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[385-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-385]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[386-version-negotiation]
-ssl_conf = 386-version-negotiation-ssl
-
-[386-version-negotiation-ssl]
-server = 386-version-negotiation-server
-client = 386-version-negotiation-client
-
-[386-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[386-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-386]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[387-version-negotiation]
-ssl_conf = 387-version-negotiation-ssl
-
-[387-version-negotiation-ssl]
-server = 387-version-negotiation-server
-client = 387-version-negotiation-client
-
-[387-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[387-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-387]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[388-version-negotiation]
-ssl_conf = 388-version-negotiation-ssl
-
-[388-version-negotiation-ssl]
-server = 388-version-negotiation-server
-client = 388-version-negotiation-client
-
-[388-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[388-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-388]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[389-version-negotiation]
-ssl_conf = 389-version-negotiation-ssl
-
-[389-version-negotiation-ssl]
-server = 389-version-negotiation-server
-client = 389-version-negotiation-client
-
-[389-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[389-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-389]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[390-version-negotiation]
-ssl_conf = 390-version-negotiation-ssl
-
-[390-version-negotiation-ssl]
-server = 390-version-negotiation-server
-client = 390-version-negotiation-client
-
-[390-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[390-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-390]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[391-version-negotiation]
-ssl_conf = 391-version-negotiation-ssl
-
-[391-version-negotiation-ssl]
-server = 391-version-negotiation-server
-client = 391-version-negotiation-client
-
-[391-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[391-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-391]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[392-version-negotiation]
-ssl_conf = 392-version-negotiation-ssl
-
-[392-version-negotiation-ssl]
-server = 392-version-negotiation-server
-client = 392-version-negotiation-client
-
-[392-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[392-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-392]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[393-version-negotiation]
-ssl_conf = 393-version-negotiation-ssl
-
-[393-version-negotiation-ssl]
-server = 393-version-negotiation-server
-client = 393-version-negotiation-client
-
-[393-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[393-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-393]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[394-version-negotiation]
-ssl_conf = 394-version-negotiation-ssl
-
-[394-version-negotiation-ssl]
-server = 394-version-negotiation-server
-client = 394-version-negotiation-client
-
-[394-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[394-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-394]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[395-version-negotiation]
-ssl_conf = 395-version-negotiation-ssl
-
-[395-version-negotiation-ssl]
-server = 395-version-negotiation-server
-client = 395-version-negotiation-client
-
-[395-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[395-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-395]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[396-version-negotiation]
-ssl_conf = 396-version-negotiation-ssl
-
-[396-version-negotiation-ssl]
-server = 396-version-negotiation-server
-client = 396-version-negotiation-client
-
-[396-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[396-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-396]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[397-version-negotiation]
-ssl_conf = 397-version-negotiation-ssl
-
-[397-version-negotiation-ssl]
-server = 397-version-negotiation-server
-client = 397-version-negotiation-client
-
-[397-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[397-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-397]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[398-version-negotiation]
-ssl_conf = 398-version-negotiation-ssl
-
-[398-version-negotiation-ssl]
-server = 398-version-negotiation-server
-client = 398-version-negotiation-client
-
-[398-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[398-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-398]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[399-version-negotiation]
-ssl_conf = 399-version-negotiation-ssl
-
-[399-version-negotiation-ssl]
-server = 399-version-negotiation-server
-client = 399-version-negotiation-client
-
-[399-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[399-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-399]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[400-version-negotiation]
-ssl_conf = 400-version-negotiation-ssl
-
-[400-version-negotiation-ssl]
-server = 400-version-negotiation-server
-client = 400-version-negotiation-client
-
-[400-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[400-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-400]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[401-version-negotiation]
-ssl_conf = 401-version-negotiation-ssl
-
-[401-version-negotiation-ssl]
-server = 401-version-negotiation-server
-client = 401-version-negotiation-client
-
-[401-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[401-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-401]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[402-version-negotiation]
-ssl_conf = 402-version-negotiation-ssl
-
-[402-version-negotiation-ssl]
-server = 402-version-negotiation-server
-client = 402-version-negotiation-client
-
-[402-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[402-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-402]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[403-version-negotiation]
-ssl_conf = 403-version-negotiation-ssl
-
-[403-version-negotiation-ssl]
-server = 403-version-negotiation-server
-client = 403-version-negotiation-client
-
-[403-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[403-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-403]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[404-version-negotiation]
-ssl_conf = 404-version-negotiation-ssl
-
-[404-version-negotiation-ssl]
-server = 404-version-negotiation-server
-client = 404-version-negotiation-client
-
-[404-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[404-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-404]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[405-version-negotiation]
-ssl_conf = 405-version-negotiation-ssl
-
-[405-version-negotiation-ssl]
-server = 405-version-negotiation-server
-client = 405-version-negotiation-client
-
-[405-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[405-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-405]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[406-version-negotiation]
-ssl_conf = 406-version-negotiation-ssl
-
-[406-version-negotiation-ssl]
-server = 406-version-negotiation-server
-client = 406-version-negotiation-client
-
-[406-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[406-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-406]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[407-version-negotiation]
-ssl_conf = 407-version-negotiation-ssl
-
-[407-version-negotiation-ssl]
-server = 407-version-negotiation-server
-client = 407-version-negotiation-client
-
-[407-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[407-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-407]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[408-version-negotiation]
-ssl_conf = 408-version-negotiation-ssl
-
-[408-version-negotiation-ssl]
-server = 408-version-negotiation-server
-client = 408-version-negotiation-client
-
-[408-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[408-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-408]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[409-version-negotiation]
-ssl_conf = 409-version-negotiation-ssl
-
-[409-version-negotiation-ssl]
-server = 409-version-negotiation-server
-client = 409-version-negotiation-client
-
-[409-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[409-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-409]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[410-version-negotiation]
-ssl_conf = 410-version-negotiation-ssl
-
-[410-version-negotiation-ssl]
-server = 410-version-negotiation-server
-client = 410-version-negotiation-client
-
-[410-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[410-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-410]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[411-version-negotiation]
-ssl_conf = 411-version-negotiation-ssl
-
-[411-version-negotiation-ssl]
-server = 411-version-negotiation-server
-client = 411-version-negotiation-client
-
-[411-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[411-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-411]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[412-version-negotiation]
-ssl_conf = 412-version-negotiation-ssl
-
-[412-version-negotiation-ssl]
-server = 412-version-negotiation-server
-client = 412-version-negotiation-client
-
-[412-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[412-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-412]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[413-version-negotiation]
-ssl_conf = 413-version-negotiation-ssl
-
-[413-version-negotiation-ssl]
-server = 413-version-negotiation-server
-client = 413-version-negotiation-client
-
-[413-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[413-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-413]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[414-version-negotiation]
-ssl_conf = 414-version-negotiation-ssl
-
-[414-version-negotiation-ssl]
-server = 414-version-negotiation-server
-client = 414-version-negotiation-client
-
-[414-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[414-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-414]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[415-version-negotiation]
-ssl_conf = 415-version-negotiation-ssl
-
-[415-version-negotiation-ssl]
-server = 415-version-negotiation-server
-client = 415-version-negotiation-client
-
-[415-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[415-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-415]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[416-version-negotiation]
-ssl_conf = 416-version-negotiation-ssl
-
-[416-version-negotiation-ssl]
-server = 416-version-negotiation-server
-client = 416-version-negotiation-client
-
-[416-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[416-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-416]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[417-version-negotiation]
-ssl_conf = 417-version-negotiation-ssl
-
-[417-version-negotiation-ssl]
-server = 417-version-negotiation-server
-client = 417-version-negotiation-client
-
-[417-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[417-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-417]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[418-version-negotiation]
-ssl_conf = 418-version-negotiation-ssl
-
-[418-version-negotiation-ssl]
-server = 418-version-negotiation-server
-client = 418-version-negotiation-client
-
-[418-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[418-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-418]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[419-version-negotiation]
-ssl_conf = 419-version-negotiation-ssl
-
-[419-version-negotiation-ssl]
-server = 419-version-negotiation-server
-client = 419-version-negotiation-client
-
-[419-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[419-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-419]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[420-version-negotiation]
-ssl_conf = 420-version-negotiation-ssl
-
-[420-version-negotiation-ssl]
-server = 420-version-negotiation-server
-client = 420-version-negotiation-client
-
-[420-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[420-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-420]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[421-version-negotiation]
-ssl_conf = 421-version-negotiation-ssl
-
-[421-version-negotiation-ssl]
-server = 421-version-negotiation-server
-client = 421-version-negotiation-client
-
-[421-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[421-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-421]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[422-version-negotiation]
-ssl_conf = 422-version-negotiation-ssl
-
-[422-version-negotiation-ssl]
-server = 422-version-negotiation-server
-client = 422-version-negotiation-client
-
-[422-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[422-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-422]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[423-version-negotiation]
-ssl_conf = 423-version-negotiation-ssl
-
-[423-version-negotiation-ssl]
-server = 423-version-negotiation-server
-client = 423-version-negotiation-client
-
-[423-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[423-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-423]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[424-version-negotiation]
-ssl_conf = 424-version-negotiation-ssl
-
-[424-version-negotiation-ssl]
-server = 424-version-negotiation-server
-client = 424-version-negotiation-client
-
-[424-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[424-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-424]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[425-version-negotiation]
-ssl_conf = 425-version-negotiation-ssl
-
-[425-version-negotiation-ssl]
-server = 425-version-negotiation-server
-client = 425-version-negotiation-client
-
-[425-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[425-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-425]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[426-version-negotiation]
-ssl_conf = 426-version-negotiation-ssl
-
-[426-version-negotiation-ssl]
-server = 426-version-negotiation-server
-client = 426-version-negotiation-client
-
-[426-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[426-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-426]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[427-version-negotiation]
-ssl_conf = 427-version-negotiation-ssl
-
-[427-version-negotiation-ssl]
-server = 427-version-negotiation-server
-client = 427-version-negotiation-client
-
-[427-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[427-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-427]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[428-version-negotiation]
-ssl_conf = 428-version-negotiation-ssl
-
-[428-version-negotiation-ssl]
-server = 428-version-negotiation-server
-client = 428-version-negotiation-client
-
-[428-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[428-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-428]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[429-version-negotiation]
-ssl_conf = 429-version-negotiation-ssl
-
-[429-version-negotiation-ssl]
-server = 429-version-negotiation-server
-client = 429-version-negotiation-client
-
-[429-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[429-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-429]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[430-version-negotiation]
-ssl_conf = 430-version-negotiation-ssl
-
-[430-version-negotiation-ssl]
-server = 430-version-negotiation-server
-client = 430-version-negotiation-client
-
-[430-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[430-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-430]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[431-version-negotiation]
-ssl_conf = 431-version-negotiation-ssl
-
-[431-version-negotiation-ssl]
-server = 431-version-negotiation-server
-client = 431-version-negotiation-client
-
-[431-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[431-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-431]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[432-version-negotiation]
-ssl_conf = 432-version-negotiation-ssl
-
-[432-version-negotiation-ssl]
-server = 432-version-negotiation-server
-client = 432-version-negotiation-client
-
-[432-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[432-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-432]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[433-version-negotiation]
-ssl_conf = 433-version-negotiation-ssl
-
-[433-version-negotiation-ssl]
-server = 433-version-negotiation-server
-client = 433-version-negotiation-client
-
-[433-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[433-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-433]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[434-version-negotiation]
-ssl_conf = 434-version-negotiation-ssl
-
-[434-version-negotiation-ssl]
-server = 434-version-negotiation-server
-client = 434-version-negotiation-client
-
-[434-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[434-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-434]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[435-version-negotiation]
-ssl_conf = 435-version-negotiation-ssl
-
-[435-version-negotiation-ssl]
-server = 435-version-negotiation-server
-client = 435-version-negotiation-client
-
-[435-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[435-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-435]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[436-version-negotiation]
-ssl_conf = 436-version-negotiation-ssl
-
-[436-version-negotiation-ssl]
-server = 436-version-negotiation-server
-client = 436-version-negotiation-client
-
-[436-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[436-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-436]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[437-version-negotiation]
-ssl_conf = 437-version-negotiation-ssl
-
-[437-version-negotiation-ssl]
-server = 437-version-negotiation-server
-client = 437-version-negotiation-client
-
-[437-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[437-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-437]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[438-version-negotiation]
-ssl_conf = 438-version-negotiation-ssl
-
-[438-version-negotiation-ssl]
-server = 438-version-negotiation-server
-client = 438-version-negotiation-client
-
-[438-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[438-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-438]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[439-version-negotiation]
-ssl_conf = 439-version-negotiation-ssl
-
-[439-version-negotiation-ssl]
-server = 439-version-negotiation-server
-client = 439-version-negotiation-client
-
-[439-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[439-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-439]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[440-version-negotiation]
-ssl_conf = 440-version-negotiation-ssl
-
-[440-version-negotiation-ssl]
-server = 440-version-negotiation-server
-client = 440-version-negotiation-client
-
-[440-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[440-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-440]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[441-version-negotiation]
-ssl_conf = 441-version-negotiation-ssl
-
-[441-version-negotiation-ssl]
-server = 441-version-negotiation-server
-client = 441-version-negotiation-client
-
-[441-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[441-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-441]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[442-version-negotiation]
-ssl_conf = 442-version-negotiation-ssl
-
-[442-version-negotiation-ssl]
-server = 442-version-negotiation-server
-client = 442-version-negotiation-client
-
-[442-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[442-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-442]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[443-version-negotiation]
-ssl_conf = 443-version-negotiation-ssl
-
-[443-version-negotiation-ssl]
-server = 443-version-negotiation-server
-client = 443-version-negotiation-client
-
-[443-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[443-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-443]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[444-version-negotiation]
-ssl_conf = 444-version-negotiation-ssl
-
-[444-version-negotiation-ssl]
-server = 444-version-negotiation-server
-client = 444-version-negotiation-client
-
-[444-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[444-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-444]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[445-version-negotiation]
-ssl_conf = 445-version-negotiation-ssl
-
-[445-version-negotiation-ssl]
-server = 445-version-negotiation-server
-client = 445-version-negotiation-client
-
-[445-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[445-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-445]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[446-version-negotiation]
-ssl_conf = 446-version-negotiation-ssl
-
-[446-version-negotiation-ssl]
-server = 446-version-negotiation-server
-client = 446-version-negotiation-client
-
-[446-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[446-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-446]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[447-version-negotiation]
-ssl_conf = 447-version-negotiation-ssl
-
-[447-version-negotiation-ssl]
-server = 447-version-negotiation-server
-client = 447-version-negotiation-client
-
-[447-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[447-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-447]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[448-version-negotiation]
-ssl_conf = 448-version-negotiation-ssl
-
-[448-version-negotiation-ssl]
-server = 448-version-negotiation-server
-client = 448-version-negotiation-client
-
-[448-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[448-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-448]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[449-version-negotiation]
-ssl_conf = 449-version-negotiation-ssl
-
-[449-version-negotiation-ssl]
-server = 449-version-negotiation-server
-client = 449-version-negotiation-client
-
-[449-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[449-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-449]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[450-version-negotiation]
-ssl_conf = 450-version-negotiation-ssl
-
-[450-version-negotiation-ssl]
-server = 450-version-negotiation-server
-client = 450-version-negotiation-client
-
-[450-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[450-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-450]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[451-version-negotiation]
-ssl_conf = 451-version-negotiation-ssl
-
-[451-version-negotiation-ssl]
-server = 451-version-negotiation-server
-client = 451-version-negotiation-client
-
-[451-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[451-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-451]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[452-version-negotiation]
-ssl_conf = 452-version-negotiation-ssl
-
-[452-version-negotiation-ssl]
-server = 452-version-negotiation-server
-client = 452-version-negotiation-client
-
-[452-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[452-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-452]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[453-version-negotiation]
-ssl_conf = 453-version-negotiation-ssl
-
-[453-version-negotiation-ssl]
-server = 453-version-negotiation-server
-client = 453-version-negotiation-client
-
-[453-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[453-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-453]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[454-version-negotiation]
-ssl_conf = 454-version-negotiation-ssl
-
-[454-version-negotiation-ssl]
-server = 454-version-negotiation-server
-client = 454-version-negotiation-client
-
-[454-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[454-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-454]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[455-version-negotiation]
-ssl_conf = 455-version-negotiation-ssl
-
-[455-version-negotiation-ssl]
-server = 455-version-negotiation-server
-client = 455-version-negotiation-client
-
-[455-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[455-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-455]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[456-version-negotiation]
-ssl_conf = 456-version-negotiation-ssl
-
-[456-version-negotiation-ssl]
-server = 456-version-negotiation-server
-client = 456-version-negotiation-client
-
-[456-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[456-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-456]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[457-version-negotiation]
-ssl_conf = 457-version-negotiation-ssl
-
-[457-version-negotiation-ssl]
-server = 457-version-negotiation-server
-client = 457-version-negotiation-client
-
-[457-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[457-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-457]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[458-version-negotiation]
-ssl_conf = 458-version-negotiation-ssl
-
-[458-version-negotiation-ssl]
-server = 458-version-negotiation-server
-client = 458-version-negotiation-client
-
-[458-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[458-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-458]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[459-version-negotiation]
-ssl_conf = 459-version-negotiation-ssl
-
-[459-version-negotiation-ssl]
-server = 459-version-negotiation-server
-client = 459-version-negotiation-client
-
-[459-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[459-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-459]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[460-version-negotiation]
-ssl_conf = 460-version-negotiation-ssl
-
-[460-version-negotiation-ssl]
-server = 460-version-negotiation-server
-client = 460-version-negotiation-client
-
-[460-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[460-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-460]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[461-version-negotiation]
-ssl_conf = 461-version-negotiation-ssl
-
-[461-version-negotiation-ssl]
-server = 461-version-negotiation-server
-client = 461-version-negotiation-client
-
-[461-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[461-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-461]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[462-version-negotiation]
-ssl_conf = 462-version-negotiation-ssl
-
-[462-version-negotiation-ssl]
-server = 462-version-negotiation-server
-client = 462-version-negotiation-client
-
-[462-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[462-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-462]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[463-version-negotiation]
-ssl_conf = 463-version-negotiation-ssl
-
-[463-version-negotiation-ssl]
-server = 463-version-negotiation-server
-client = 463-version-negotiation-client
-
-[463-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[463-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-463]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[464-version-negotiation]
-ssl_conf = 464-version-negotiation-ssl
-
-[464-version-negotiation-ssl]
-server = 464-version-negotiation-server
-client = 464-version-negotiation-client
-
-[464-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[464-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-464]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[465-version-negotiation]
-ssl_conf = 465-version-negotiation-ssl
-
-[465-version-negotiation-ssl]
-server = 465-version-negotiation-server
-client = 465-version-negotiation-client
-
-[465-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[465-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-465]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[466-version-negotiation]
-ssl_conf = 466-version-negotiation-ssl
-
-[466-version-negotiation-ssl]
-server = 466-version-negotiation-server
-client = 466-version-negotiation-client
-
-[466-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[466-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-466]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[467-version-negotiation]
-ssl_conf = 467-version-negotiation-ssl
-
-[467-version-negotiation-ssl]
-server = 467-version-negotiation-server
-client = 467-version-negotiation-client
-
-[467-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[467-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-467]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[468-version-negotiation]
-ssl_conf = 468-version-negotiation-ssl
-
-[468-version-negotiation-ssl]
-server = 468-version-negotiation-server
-client = 468-version-negotiation-client
-
-[468-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[468-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-468]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[469-version-negotiation]
-ssl_conf = 469-version-negotiation-ssl
-
-[469-version-negotiation-ssl]
-server = 469-version-negotiation-server
-client = 469-version-negotiation-client
-
-[469-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[469-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-469]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[470-version-negotiation]
-ssl_conf = 470-version-negotiation-ssl
-
-[470-version-negotiation-ssl]
-server = 470-version-negotiation-server
-client = 470-version-negotiation-client
-
-[470-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[470-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-470]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[471-version-negotiation]
-ssl_conf = 471-version-negotiation-ssl
-
-[471-version-negotiation-ssl]
-server = 471-version-negotiation-server
-client = 471-version-negotiation-client
-
-[471-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[471-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-471]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[472-version-negotiation]
-ssl_conf = 472-version-negotiation-ssl
-
-[472-version-negotiation-ssl]
-server = 472-version-negotiation-server
-client = 472-version-negotiation-client
-
-[472-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[472-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-472]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[473-version-negotiation]
-ssl_conf = 473-version-negotiation-ssl
-
-[473-version-negotiation-ssl]
-server = 473-version-negotiation-server
-client = 473-version-negotiation-client
-
-[473-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[473-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-473]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[474-version-negotiation]
-ssl_conf = 474-version-negotiation-ssl
-
-[474-version-negotiation-ssl]
-server = 474-version-negotiation-server
-client = 474-version-negotiation-client
-
-[474-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[474-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-474]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[475-version-negotiation]
-ssl_conf = 475-version-negotiation-ssl
-
-[475-version-negotiation-ssl]
-server = 475-version-negotiation-server
-client = 475-version-negotiation-client
-
-[475-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[475-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-475]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[476-version-negotiation]
-ssl_conf = 476-version-negotiation-ssl
-
-[476-version-negotiation-ssl]
-server = 476-version-negotiation-server
-client = 476-version-negotiation-client
-
-[476-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[476-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-476]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[477-version-negotiation]
-ssl_conf = 477-version-negotiation-ssl
-
-[477-version-negotiation-ssl]
-server = 477-version-negotiation-server
-client = 477-version-negotiation-client
-
-[477-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[477-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-477]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[478-version-negotiation]
-ssl_conf = 478-version-negotiation-ssl
-
-[478-version-negotiation-ssl]
-server = 478-version-negotiation-server
-client = 478-version-negotiation-client
-
-[478-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[478-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-478]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[479-version-negotiation]
-ssl_conf = 479-version-negotiation-ssl
-
-[479-version-negotiation-ssl]
-server = 479-version-negotiation-server
-client = 479-version-negotiation-client
-
-[479-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[479-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-479]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[480-version-negotiation]
-ssl_conf = 480-version-negotiation-ssl
-
-[480-version-negotiation-ssl]
-server = 480-version-negotiation-server
-client = 480-version-negotiation-client
-
-[480-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[480-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-480]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[481-version-negotiation]
-ssl_conf = 481-version-negotiation-ssl
-
-[481-version-negotiation-ssl]
-server = 481-version-negotiation-server
-client = 481-version-negotiation-client
-
-[481-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[481-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-481]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[482-version-negotiation]
-ssl_conf = 482-version-negotiation-ssl
-
-[482-version-negotiation-ssl]
-server = 482-version-negotiation-server
-client = 482-version-negotiation-client
-
-[482-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[482-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-482]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[483-version-negotiation]
-ssl_conf = 483-version-negotiation-ssl
-
-[483-version-negotiation-ssl]
-server = 483-version-negotiation-server
-client = 483-version-negotiation-client
-
-[483-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[483-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-483]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[484-version-negotiation]
-ssl_conf = 484-version-negotiation-ssl
-
-[484-version-negotiation-ssl]
-server = 484-version-negotiation-server
-client = 484-version-negotiation-client
-
-[484-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[484-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-484]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[485-version-negotiation]
-ssl_conf = 485-version-negotiation-ssl
-
-[485-version-negotiation-ssl]
-server = 485-version-negotiation-server
-client = 485-version-negotiation-client
-
-[485-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[485-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-485]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[486-version-negotiation]
-ssl_conf = 486-version-negotiation-ssl
-
-[486-version-negotiation-ssl]
-server = 486-version-negotiation-server
-client = 486-version-negotiation-client
-
-[486-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[486-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-486]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[487-version-negotiation]
-ssl_conf = 487-version-negotiation-ssl
-
-[487-version-negotiation-ssl]
-server = 487-version-negotiation-server
-client = 487-version-negotiation-client
-
-[487-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[487-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-487]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[488-version-negotiation]
-ssl_conf = 488-version-negotiation-ssl
-
-[488-version-negotiation-ssl]
-server = 488-version-negotiation-server
-client = 488-version-negotiation-client
-
-[488-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[488-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-488]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[489-version-negotiation]
-ssl_conf = 489-version-negotiation-ssl
-
-[489-version-negotiation-ssl]
-server = 489-version-negotiation-server
-client = 489-version-negotiation-client
-
-[489-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[489-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-489]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[490-version-negotiation]
-ssl_conf = 490-version-negotiation-ssl
-
-[490-version-negotiation-ssl]
-server = 490-version-negotiation-server
-client = 490-version-negotiation-client
-
-[490-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[490-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-490]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[491-version-negotiation]
-ssl_conf = 491-version-negotiation-ssl
-
-[491-version-negotiation-ssl]
-server = 491-version-negotiation-server
-client = 491-version-negotiation-client
-
-[491-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[491-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-491]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[492-version-negotiation]
-ssl_conf = 492-version-negotiation-ssl
-
-[492-version-negotiation-ssl]
-server = 492-version-negotiation-server
-client = 492-version-negotiation-client
-
-[492-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[492-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-492]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[493-version-negotiation]
-ssl_conf = 493-version-negotiation-ssl
-
-[493-version-negotiation-ssl]
-server = 493-version-negotiation-server
-client = 493-version-negotiation-client
-
-[493-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[493-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-493]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[494-version-negotiation]
-ssl_conf = 494-version-negotiation-ssl
-
-[494-version-negotiation-ssl]
-server = 494-version-negotiation-server
-client = 494-version-negotiation-client
-
-[494-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[494-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-494]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[495-version-negotiation]
-ssl_conf = 495-version-negotiation-ssl
-
-[495-version-negotiation-ssl]
-server = 495-version-negotiation-server
-client = 495-version-negotiation-client
-
-[495-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[495-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-495]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[496-version-negotiation]
-ssl_conf = 496-version-negotiation-ssl
-
-[496-version-negotiation-ssl]
-server = 496-version-negotiation-server
-client = 496-version-negotiation-client
-
-[496-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[496-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-496]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[497-version-negotiation]
-ssl_conf = 497-version-negotiation-ssl
-
-[497-version-negotiation-ssl]
-server = 497-version-negotiation-server
-client = 497-version-negotiation-client
-
-[497-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[497-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-497]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[498-version-negotiation]
-ssl_conf = 498-version-negotiation-ssl
-
-[498-version-negotiation-ssl]
-server = 498-version-negotiation-server
-client = 498-version-negotiation-client
-
-[498-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[498-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-498]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[499-version-negotiation]
-ssl_conf = 499-version-negotiation-ssl
-
-[499-version-negotiation-ssl]
-server = 499-version-negotiation-server
-client = 499-version-negotiation-client
-
-[499-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[499-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-499]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[500-version-negotiation]
-ssl_conf = 500-version-negotiation-ssl
-
-[500-version-negotiation-ssl]
-server = 500-version-negotiation-server
-client = 500-version-negotiation-client
-
-[500-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[500-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-500]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[501-version-negotiation]
-ssl_conf = 501-version-negotiation-ssl
-
-[501-version-negotiation-ssl]
-server = 501-version-negotiation-server
-client = 501-version-negotiation-client
-
-[501-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[501-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-501]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[502-version-negotiation]
-ssl_conf = 502-version-negotiation-ssl
-
-[502-version-negotiation-ssl]
-server = 502-version-negotiation-server
-client = 502-version-negotiation-client
-
-[502-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[502-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-502]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[503-version-negotiation]
-ssl_conf = 503-version-negotiation-ssl
-
-[503-version-negotiation-ssl]
-server = 503-version-negotiation-server
-client = 503-version-negotiation-client
-
-[503-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[503-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-503]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[504-version-negotiation]
-ssl_conf = 504-version-negotiation-ssl
-
-[504-version-negotiation-ssl]
-server = 504-version-negotiation-server
-client = 504-version-negotiation-client
-
-[504-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[504-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-504]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[505-version-negotiation]
-ssl_conf = 505-version-negotiation-ssl
-
-[505-version-negotiation-ssl]
-server = 505-version-negotiation-server
-client = 505-version-negotiation-client
-
-[505-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[505-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-505]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[506-version-negotiation]
-ssl_conf = 506-version-negotiation-ssl
-
-[506-version-negotiation-ssl]
-server = 506-version-negotiation-server
-client = 506-version-negotiation-client
-
-[506-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[506-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-506]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[507-version-negotiation]
-ssl_conf = 507-version-negotiation-ssl
-
-[507-version-negotiation-ssl]
-server = 507-version-negotiation-server
-client = 507-version-negotiation-client
-
-[507-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[507-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-507]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[508-version-negotiation]
-ssl_conf = 508-version-negotiation-ssl
-
-[508-version-negotiation-ssl]
-server = 508-version-negotiation-server
-client = 508-version-negotiation-client
-
-[508-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[508-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-508]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[509-version-negotiation]
-ssl_conf = 509-version-negotiation-ssl
-
-[509-version-negotiation-ssl]
-server = 509-version-negotiation-server
-client = 509-version-negotiation-client
-
-[509-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[509-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-509]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[510-version-negotiation]
-ssl_conf = 510-version-negotiation-ssl
-
-[510-version-negotiation-ssl]
-server = 510-version-negotiation-server
-client = 510-version-negotiation-client
-
-[510-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[510-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-510]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[511-version-negotiation]
-ssl_conf = 511-version-negotiation-ssl
-
-[511-version-negotiation-ssl]
-server = 511-version-negotiation-server
-client = 511-version-negotiation-client
-
-[511-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[511-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-511]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[512-version-negotiation]
-ssl_conf = 512-version-negotiation-ssl
-
-[512-version-negotiation-ssl]
-server = 512-version-negotiation-server
-client = 512-version-negotiation-client
-
-[512-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[512-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-512]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[513-version-negotiation]
-ssl_conf = 513-version-negotiation-ssl
-
-[513-version-negotiation-ssl]
-server = 513-version-negotiation-server
-client = 513-version-negotiation-client
-
-[513-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[513-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-513]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[514-version-negotiation]
-ssl_conf = 514-version-negotiation-ssl
-
-[514-version-negotiation-ssl]
-server = 514-version-negotiation-server
-client = 514-version-negotiation-client
-
-[514-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[514-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-514]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[515-version-negotiation]
-ssl_conf = 515-version-negotiation-ssl
-
-[515-version-negotiation-ssl]
-server = 515-version-negotiation-server
-client = 515-version-negotiation-client
-
-[515-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[515-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-515]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[516-version-negotiation]
-ssl_conf = 516-version-negotiation-ssl
-
-[516-version-negotiation-ssl]
-server = 516-version-negotiation-server
-client = 516-version-negotiation-client
-
-[516-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[516-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-516]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[517-version-negotiation]
-ssl_conf = 517-version-negotiation-ssl
-
-[517-version-negotiation-ssl]
-server = 517-version-negotiation-server
-client = 517-version-negotiation-client
-
-[517-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[517-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-517]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[518-version-negotiation]
-ssl_conf = 518-version-negotiation-ssl
-
-[518-version-negotiation-ssl]
-server = 518-version-negotiation-server
-client = 518-version-negotiation-client
-
-[518-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[518-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-518]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[519-version-negotiation]
-ssl_conf = 519-version-negotiation-ssl
-
-[519-version-negotiation-ssl]
-server = 519-version-negotiation-server
-client = 519-version-negotiation-client
-
-[519-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[519-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-519]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[520-version-negotiation]
-ssl_conf = 520-version-negotiation-ssl
-
-[520-version-negotiation-ssl]
-server = 520-version-negotiation-server
-client = 520-version-negotiation-client
-
-[520-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[520-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-520]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[521-version-negotiation]
-ssl_conf = 521-version-negotiation-ssl
-
-[521-version-negotiation-ssl]
-server = 521-version-negotiation-server
-client = 521-version-negotiation-client
-
-[521-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[521-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-521]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[522-version-negotiation]
-ssl_conf = 522-version-negotiation-ssl
-
-[522-version-negotiation-ssl]
-server = 522-version-negotiation-server
-client = 522-version-negotiation-client
-
-[522-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[522-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-522]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[523-version-negotiation]
-ssl_conf = 523-version-negotiation-ssl
-
-[523-version-negotiation-ssl]
-server = 523-version-negotiation-server
-client = 523-version-negotiation-client
-
-[523-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[523-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-523]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[524-version-negotiation]
-ssl_conf = 524-version-negotiation-ssl
-
-[524-version-negotiation-ssl]
-server = 524-version-negotiation-server
-client = 524-version-negotiation-client
-
-[524-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[524-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-524]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[525-version-negotiation]
-ssl_conf = 525-version-negotiation-ssl
-
-[525-version-negotiation-ssl]
-server = 525-version-negotiation-server
-client = 525-version-negotiation-client
-
-[525-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[525-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-525]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[526-version-negotiation]
-ssl_conf = 526-version-negotiation-ssl
-
-[526-version-negotiation-ssl]
-server = 526-version-negotiation-server
-client = 526-version-negotiation-client
-
-[526-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[526-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-526]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[527-version-negotiation]
-ssl_conf = 527-version-negotiation-ssl
-
-[527-version-negotiation-ssl]
-server = 527-version-negotiation-server
-client = 527-version-negotiation-client
-
-[527-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[527-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-527]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[528-version-negotiation]
-ssl_conf = 528-version-negotiation-ssl
-
-[528-version-negotiation-ssl]
-server = 528-version-negotiation-server
-client = 528-version-negotiation-client
-
-[528-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[528-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-528]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[529-version-negotiation]
-ssl_conf = 529-version-negotiation-ssl
-
-[529-version-negotiation-ssl]
-server = 529-version-negotiation-server
-client = 529-version-negotiation-client
-
-[529-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[529-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-529]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[530-version-negotiation]
-ssl_conf = 530-version-negotiation-ssl
-
-[530-version-negotiation-ssl]
-server = 530-version-negotiation-server
-client = 530-version-negotiation-client
-
-[530-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[530-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-530]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[531-version-negotiation]
-ssl_conf = 531-version-negotiation-ssl
-
-[531-version-negotiation-ssl]
-server = 531-version-negotiation-server
-client = 531-version-negotiation-client
-
-[531-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[531-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-531]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[532-version-negotiation]
-ssl_conf = 532-version-negotiation-ssl
-
-[532-version-negotiation-ssl]
-server = 532-version-negotiation-server
-client = 532-version-negotiation-client
-
-[532-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[532-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-532]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[533-version-negotiation]
-ssl_conf = 533-version-negotiation-ssl
-
-[533-version-negotiation-ssl]
-server = 533-version-negotiation-server
-client = 533-version-negotiation-client
-
-[533-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[533-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-533]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[534-version-negotiation]
-ssl_conf = 534-version-negotiation-ssl
-
-[534-version-negotiation-ssl]
-server = 534-version-negotiation-server
-client = 534-version-negotiation-client
-
-[534-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[534-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-534]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[535-version-negotiation]
-ssl_conf = 535-version-negotiation-ssl
-
-[535-version-negotiation-ssl]
-server = 535-version-negotiation-server
-client = 535-version-negotiation-client
-
-[535-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[535-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-535]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[536-version-negotiation]
-ssl_conf = 536-version-negotiation-ssl
-
-[536-version-negotiation-ssl]
-server = 536-version-negotiation-server
-client = 536-version-negotiation-client
-
-[536-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[536-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-536]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[537-version-negotiation]
-ssl_conf = 537-version-negotiation-ssl
-
-[537-version-negotiation-ssl]
-server = 537-version-negotiation-server
-client = 537-version-negotiation-client
-
-[537-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[537-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-537]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[538-version-negotiation]
-ssl_conf = 538-version-negotiation-ssl
-
-[538-version-negotiation-ssl]
-server = 538-version-negotiation-server
-client = 538-version-negotiation-client
-
-[538-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[538-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-538]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[539-version-negotiation]
-ssl_conf = 539-version-negotiation-ssl
-
-[539-version-negotiation-ssl]
-server = 539-version-negotiation-server
-client = 539-version-negotiation-client
-
-[539-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[539-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-539]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[540-version-negotiation]
-ssl_conf = 540-version-negotiation-ssl
-
-[540-version-negotiation-ssl]
-server = 540-version-negotiation-server
-client = 540-version-negotiation-client
-
-[540-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[540-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-540]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[541-version-negotiation]
-ssl_conf = 541-version-negotiation-ssl
-
-[541-version-negotiation-ssl]
-server = 541-version-negotiation-server
-client = 541-version-negotiation-client
-
-[541-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[541-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-541]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[542-version-negotiation]
-ssl_conf = 542-version-negotiation-ssl
-
-[542-version-negotiation-ssl]
-server = 542-version-negotiation-server
-client = 542-version-negotiation-client
-
-[542-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[542-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-542]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[543-version-negotiation]
-ssl_conf = 543-version-negotiation-ssl
-
-[543-version-negotiation-ssl]
-server = 543-version-negotiation-server
-client = 543-version-negotiation-client
-
-[543-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[543-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-543]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[544-version-negotiation]
-ssl_conf = 544-version-negotiation-ssl
-
-[544-version-negotiation-ssl]
-server = 544-version-negotiation-server
-client = 544-version-negotiation-client
-
-[544-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[544-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-544]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[545-version-negotiation]
-ssl_conf = 545-version-negotiation-ssl
-
-[545-version-negotiation-ssl]
-server = 545-version-negotiation-server
-client = 545-version-negotiation-client
-
-[545-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[545-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-545]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[546-version-negotiation]
-ssl_conf = 546-version-negotiation-ssl
-
-[546-version-negotiation-ssl]
-server = 546-version-negotiation-server
-client = 546-version-negotiation-client
-
-[546-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[546-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-546]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[547-version-negotiation]
-ssl_conf = 547-version-negotiation-ssl
-
-[547-version-negotiation-ssl]
-server = 547-version-negotiation-server
-client = 547-version-negotiation-client
-
-[547-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[547-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-547]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[548-version-negotiation]
-ssl_conf = 548-version-negotiation-ssl
-
-[548-version-negotiation-ssl]
-server = 548-version-negotiation-server
-client = 548-version-negotiation-client
-
-[548-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[548-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-548]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[549-version-negotiation]
-ssl_conf = 549-version-negotiation-ssl
-
-[549-version-negotiation-ssl]
-server = 549-version-negotiation-server
-client = 549-version-negotiation-client
-
-[549-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[549-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-549]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[550-version-negotiation]
-ssl_conf = 550-version-negotiation-ssl
-
-[550-version-negotiation-ssl]
-server = 550-version-negotiation-server
-client = 550-version-negotiation-client
-
-[550-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[550-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-550]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[551-version-negotiation]
-ssl_conf = 551-version-negotiation-ssl
-
-[551-version-negotiation-ssl]
-server = 551-version-negotiation-server
-client = 551-version-negotiation-client
-
-[551-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[551-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-551]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[552-version-negotiation]
-ssl_conf = 552-version-negotiation-ssl
-
-[552-version-negotiation-ssl]
-server = 552-version-negotiation-server
-client = 552-version-negotiation-client
-
-[552-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[552-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-552]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[553-version-negotiation]
-ssl_conf = 553-version-negotiation-ssl
-
-[553-version-negotiation-ssl]
-server = 553-version-negotiation-server
-client = 553-version-negotiation-client
-
-[553-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[553-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-553]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[554-version-negotiation]
-ssl_conf = 554-version-negotiation-ssl
-
-[554-version-negotiation-ssl]
-server = 554-version-negotiation-server
-client = 554-version-negotiation-client
-
-[554-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[554-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-554]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[555-version-negotiation]
-ssl_conf = 555-version-negotiation-ssl
-
-[555-version-negotiation-ssl]
-server = 555-version-negotiation-server
-client = 555-version-negotiation-client
-
-[555-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[555-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-555]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[556-version-negotiation]
-ssl_conf = 556-version-negotiation-ssl
-
-[556-version-negotiation-ssl]
-server = 556-version-negotiation-server
-client = 556-version-negotiation-client
-
-[556-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[556-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-556]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[557-version-negotiation]
-ssl_conf = 557-version-negotiation-ssl
-
-[557-version-negotiation-ssl]
-server = 557-version-negotiation-server
-client = 557-version-negotiation-client
-
-[557-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[557-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-557]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[558-version-negotiation]
-ssl_conf = 558-version-negotiation-ssl
-
-[558-version-negotiation-ssl]
-server = 558-version-negotiation-server
-client = 558-version-negotiation-client
-
-[558-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[558-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-558]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[559-version-negotiation]
-ssl_conf = 559-version-negotiation-ssl
-
-[559-version-negotiation-ssl]
-server = 559-version-negotiation-server
-client = 559-version-negotiation-client
-
-[559-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[559-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-559]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[560-version-negotiation]
-ssl_conf = 560-version-negotiation-ssl
-
-[560-version-negotiation-ssl]
-server = 560-version-negotiation-server
-client = 560-version-negotiation-client
-
-[560-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[560-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-560]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[561-version-negotiation]
-ssl_conf = 561-version-negotiation-ssl
-
-[561-version-negotiation-ssl]
-server = 561-version-negotiation-server
-client = 561-version-negotiation-client
-
-[561-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[561-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-561]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[562-version-negotiation]
-ssl_conf = 562-version-negotiation-ssl
-
-[562-version-negotiation-ssl]
-server = 562-version-negotiation-server
-client = 562-version-negotiation-client
-
-[562-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[562-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-562]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[563-version-negotiation]
-ssl_conf = 563-version-negotiation-ssl
-
-[563-version-negotiation-ssl]
-server = 563-version-negotiation-server
-client = 563-version-negotiation-client
-
-[563-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[563-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-563]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[564-version-negotiation]
-ssl_conf = 564-version-negotiation-ssl
-
-[564-version-negotiation-ssl]
-server = 564-version-negotiation-server
-client = 564-version-negotiation-client
-
-[564-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[564-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-564]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[565-version-negotiation]
-ssl_conf = 565-version-negotiation-ssl
-
-[565-version-negotiation-ssl]
-server = 565-version-negotiation-server
-client = 565-version-negotiation-client
-
-[565-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[565-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-565]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[566-version-negotiation]
-ssl_conf = 566-version-negotiation-ssl
-
-[566-version-negotiation-ssl]
-server = 566-version-negotiation-server
-client = 566-version-negotiation-client
-
-[566-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[566-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-566]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[567-version-negotiation]
-ssl_conf = 567-version-negotiation-ssl
-
-[567-version-negotiation-ssl]
-server = 567-version-negotiation-server
-client = 567-version-negotiation-client
-
-[567-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[567-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-567]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[568-version-negotiation]
-ssl_conf = 568-version-negotiation-ssl
-
-[568-version-negotiation-ssl]
-server = 568-version-negotiation-server
-client = 568-version-negotiation-client
-
-[568-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[568-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-568]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[569-version-negotiation]
-ssl_conf = 569-version-negotiation-ssl
-
-[569-version-negotiation-ssl]
-server = 569-version-negotiation-server
-client = 569-version-negotiation-client
-
-[569-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[569-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-569]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[570-version-negotiation]
-ssl_conf = 570-version-negotiation-ssl
-
-[570-version-negotiation-ssl]
-server = 570-version-negotiation-server
-client = 570-version-negotiation-client
-
-[570-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[570-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-570]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[571-version-negotiation]
-ssl_conf = 571-version-negotiation-ssl
-
-[571-version-negotiation-ssl]
-server = 571-version-negotiation-server
-client = 571-version-negotiation-client
-
-[571-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[571-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-571]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[572-version-negotiation]
-ssl_conf = 572-version-negotiation-ssl
-
-[572-version-negotiation-ssl]
-server = 572-version-negotiation-server
-client = 572-version-negotiation-client
-
-[572-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[572-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-572]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[573-version-negotiation]
-ssl_conf = 573-version-negotiation-ssl
-
-[573-version-negotiation-ssl]
-server = 573-version-negotiation-server
-client = 573-version-negotiation-client
-
-[573-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[573-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-573]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[574-version-negotiation]
-ssl_conf = 574-version-negotiation-ssl
-
-[574-version-negotiation-ssl]
-server = 574-version-negotiation-server
-client = 574-version-negotiation-client
-
-[574-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[574-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-574]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[575-version-negotiation]
-ssl_conf = 575-version-negotiation-ssl
-
-[575-version-negotiation-ssl]
-server = 575-version-negotiation-server
-client = 575-version-negotiation-client
-
-[575-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[575-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-575]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[576-version-negotiation]
-ssl_conf = 576-version-negotiation-ssl
-
-[576-version-negotiation-ssl]
-server = 576-version-negotiation-server
-client = 576-version-negotiation-client
-
-[576-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[576-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-576]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[577-version-negotiation]
-ssl_conf = 577-version-negotiation-ssl
-
-[577-version-negotiation-ssl]
-server = 577-version-negotiation-server
-client = 577-version-negotiation-client
-
-[577-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[577-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-577]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[578-version-negotiation]
-ssl_conf = 578-version-negotiation-ssl
-
-[578-version-negotiation-ssl]
-server = 578-version-negotiation-server
-client = 578-version-negotiation-client
-
-[578-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[578-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-578]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[579-version-negotiation]
-ssl_conf = 579-version-negotiation-ssl
-
-[579-version-negotiation-ssl]
-server = 579-version-negotiation-server
-client = 579-version-negotiation-client
-
-[579-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[579-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-579]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[580-version-negotiation]
-ssl_conf = 580-version-negotiation-ssl
-
-[580-version-negotiation-ssl]
-server = 580-version-negotiation-server
-client = 580-version-negotiation-client
-
-[580-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[580-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-580]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[581-version-negotiation]
-ssl_conf = 581-version-negotiation-ssl
-
-[581-version-negotiation-ssl]
-server = 581-version-negotiation-server
-client = 581-version-negotiation-client
-
-[581-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[581-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-581]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[582-version-negotiation]
-ssl_conf = 582-version-negotiation-ssl
-
-[582-version-negotiation-ssl]
-server = 582-version-negotiation-server
-client = 582-version-negotiation-client
-
-[582-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[582-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-582]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[583-version-negotiation]
-ssl_conf = 583-version-negotiation-ssl
-
-[583-version-negotiation-ssl]
-server = 583-version-negotiation-server
-client = 583-version-negotiation-client
-
-[583-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[583-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-583]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[584-version-negotiation]
-ssl_conf = 584-version-negotiation-ssl
-
-[584-version-negotiation-ssl]
-server = 584-version-negotiation-server
-client = 584-version-negotiation-client
-
-[584-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[584-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-584]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[585-version-negotiation]
-ssl_conf = 585-version-negotiation-ssl
-
-[585-version-negotiation-ssl]
-server = 585-version-negotiation-server
-client = 585-version-negotiation-client
-
-[585-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[585-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-585]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[586-version-negotiation]
-ssl_conf = 586-version-negotiation-ssl
-
-[586-version-negotiation-ssl]
-server = 586-version-negotiation-server
-client = 586-version-negotiation-client
-
-[586-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[586-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-586]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[587-version-negotiation]
-ssl_conf = 587-version-negotiation-ssl
-
-[587-version-negotiation-ssl]
-server = 587-version-negotiation-server
-client = 587-version-negotiation-client
-
-[587-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[587-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-587]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[588-version-negotiation]
-ssl_conf = 588-version-negotiation-ssl
-
-[588-version-negotiation-ssl]
-server = 588-version-negotiation-server
-client = 588-version-negotiation-client
-
-[588-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[588-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-588]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[589-version-negotiation]
-ssl_conf = 589-version-negotiation-ssl
-
-[589-version-negotiation-ssl]
-server = 589-version-negotiation-server
-client = 589-version-negotiation-client
-
-[589-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[589-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-589]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[590-version-negotiation]
-ssl_conf = 590-version-negotiation-ssl
-
-[590-version-negotiation-ssl]
-server = 590-version-negotiation-server
-client = 590-version-negotiation-client
-
-[590-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[590-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-590]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[591-version-negotiation]
-ssl_conf = 591-version-negotiation-ssl
-
-[591-version-negotiation-ssl]
-server = 591-version-negotiation-server
-client = 591-version-negotiation-client
-
-[591-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[591-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-591]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[592-version-negotiation]
-ssl_conf = 592-version-negotiation-ssl
-
-[592-version-negotiation-ssl]
-server = 592-version-negotiation-server
-client = 592-version-negotiation-client
-
-[592-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[592-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-592]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[593-version-negotiation]
-ssl_conf = 593-version-negotiation-ssl
-
-[593-version-negotiation-ssl]
-server = 593-version-negotiation-server
-client = 593-version-negotiation-client
-
-[593-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[593-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-593]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[594-version-negotiation]
-ssl_conf = 594-version-negotiation-ssl
-
-[594-version-negotiation-ssl]
-server = 594-version-negotiation-server
-client = 594-version-negotiation-client
-
-[594-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[594-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-594]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[595-version-negotiation]
-ssl_conf = 595-version-negotiation-ssl
-
-[595-version-negotiation-ssl]
-server = 595-version-negotiation-server
-client = 595-version-negotiation-client
-
-[595-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[595-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-595]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[596-version-negotiation]
-ssl_conf = 596-version-negotiation-ssl
-
-[596-version-negotiation-ssl]
-server = 596-version-negotiation-server
-client = 596-version-negotiation-client
-
-[596-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[596-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-596]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[597-version-negotiation]
-ssl_conf = 597-version-negotiation-ssl
-
-[597-version-negotiation-ssl]
-server = 597-version-negotiation-server
-client = 597-version-negotiation-client
-
-[597-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[597-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-597]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[598-version-negotiation]
-ssl_conf = 598-version-negotiation-ssl
-
-[598-version-negotiation-ssl]
-server = 598-version-negotiation-server
-client = 598-version-negotiation-client
-
-[598-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[598-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-598]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[599-version-negotiation]
-ssl_conf = 599-version-negotiation-ssl
-
-[599-version-negotiation-ssl]
-server = 599-version-negotiation-server
-client = 599-version-negotiation-client
-
-[599-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[599-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-599]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[600-version-negotiation]
-ssl_conf = 600-version-negotiation-ssl
-
-[600-version-negotiation-ssl]
-server = 600-version-negotiation-server
-client = 600-version-negotiation-client
-
-[600-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[600-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-600]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[601-version-negotiation]
-ssl_conf = 601-version-negotiation-ssl
-
-[601-version-negotiation-ssl]
-server = 601-version-negotiation-server
-client = 601-version-negotiation-client
-
-[601-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[601-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-601]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[602-version-negotiation]
-ssl_conf = 602-version-negotiation-ssl
-
-[602-version-negotiation-ssl]
-server = 602-version-negotiation-server
-client = 602-version-negotiation-client
-
-[602-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[602-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-602]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[603-version-negotiation]
-ssl_conf = 603-version-negotiation-ssl
-
-[603-version-negotiation-ssl]
-server = 603-version-negotiation-server
-client = 603-version-negotiation-client
-
-[603-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[603-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-603]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[604-version-negotiation]
-ssl_conf = 604-version-negotiation-ssl
-
-[604-version-negotiation-ssl]
-server = 604-version-negotiation-server
-client = 604-version-negotiation-client
-
-[604-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[604-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-604]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[605-version-negotiation]
-ssl_conf = 605-version-negotiation-ssl
-
-[605-version-negotiation-ssl]
-server = 605-version-negotiation-server
-client = 605-version-negotiation-client
-
-[605-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[605-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-605]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[606-version-negotiation]
-ssl_conf = 606-version-negotiation-ssl
-
-[606-version-negotiation-ssl]
-server = 606-version-negotiation-server
-client = 606-version-negotiation-client
-
-[606-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[606-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-606]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[607-version-negotiation]
-ssl_conf = 607-version-negotiation-ssl
-
-[607-version-negotiation-ssl]
-server = 607-version-negotiation-server
-client = 607-version-negotiation-client
-
-[607-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[607-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-607]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[608-version-negotiation]
-ssl_conf = 608-version-negotiation-ssl
-
-[608-version-negotiation-ssl]
-server = 608-version-negotiation-server
-client = 608-version-negotiation-client
-
-[608-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[608-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-608]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[609-version-negotiation]
-ssl_conf = 609-version-negotiation-ssl
-
-[609-version-negotiation-ssl]
-server = 609-version-negotiation-server
-client = 609-version-negotiation-client
-
-[609-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[609-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-609]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[610-version-negotiation]
-ssl_conf = 610-version-negotiation-ssl
-
-[610-version-negotiation-ssl]
-server = 610-version-negotiation-server
-client = 610-version-negotiation-client
-
-[610-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[610-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-610]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[611-version-negotiation]
-ssl_conf = 611-version-negotiation-ssl
-
-[611-version-negotiation-ssl]
-server = 611-version-negotiation-server
-client = 611-version-negotiation-client
-
-[611-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[611-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-611]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[612-version-negotiation]
-ssl_conf = 612-version-negotiation-ssl
-
-[612-version-negotiation-ssl]
-server = 612-version-negotiation-server
-client = 612-version-negotiation-client
-
-[612-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[612-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-612]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[613-version-negotiation]
-ssl_conf = 613-version-negotiation-ssl
-
-[613-version-negotiation-ssl]
-server = 613-version-negotiation-server
-client = 613-version-negotiation-client
-
-[613-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[613-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-613]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[614-version-negotiation]
-ssl_conf = 614-version-negotiation-ssl
-
-[614-version-negotiation-ssl]
-server = 614-version-negotiation-server
-client = 614-version-negotiation-client
-
-[614-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[614-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-614]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[615-version-negotiation]
-ssl_conf = 615-version-negotiation-ssl
-
-[615-version-negotiation-ssl]
-server = 615-version-negotiation-server
-client = 615-version-negotiation-client
-
-[615-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[615-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-615]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[616-version-negotiation]
-ssl_conf = 616-version-negotiation-ssl
-
-[616-version-negotiation-ssl]
-server = 616-version-negotiation-server
-client = 616-version-negotiation-client
-
-[616-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[616-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-616]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[617-version-negotiation]
-ssl_conf = 617-version-negotiation-ssl
-
-[617-version-negotiation-ssl]
-server = 617-version-negotiation-server
-client = 617-version-negotiation-client
-
-[617-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[617-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-617]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[618-version-negotiation]
-ssl_conf = 618-version-negotiation-ssl
-
-[618-version-negotiation-ssl]
-server = 618-version-negotiation-server
-client = 618-version-negotiation-client
-
-[618-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[618-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-618]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[619-version-negotiation]
-ssl_conf = 619-version-negotiation-ssl
-
-[619-version-negotiation-ssl]
-server = 619-version-negotiation-server
-client = 619-version-negotiation-client
-
-[619-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[619-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-619]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[620-version-negotiation]
-ssl_conf = 620-version-negotiation-ssl
-
-[620-version-negotiation-ssl]
-server = 620-version-negotiation-server
-client = 620-version-negotiation-client
-
-[620-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[620-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-620]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[621-version-negotiation]
-ssl_conf = 621-version-negotiation-ssl
-
-[621-version-negotiation-ssl]
-server = 621-version-negotiation-server
-client = 621-version-negotiation-client
-
-[621-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[621-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-621]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[622-version-negotiation]
-ssl_conf = 622-version-negotiation-ssl
-
-[622-version-negotiation-ssl]
-server = 622-version-negotiation-server
-client = 622-version-negotiation-client
-
-[622-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[622-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-622]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[623-version-negotiation]
-ssl_conf = 623-version-negotiation-ssl
-
-[623-version-negotiation-ssl]
-server = 623-version-negotiation-server
-client = 623-version-negotiation-client
-
-[623-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[623-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-623]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[624-version-negotiation]
-ssl_conf = 624-version-negotiation-ssl
-
-[624-version-negotiation-ssl]
-server = 624-version-negotiation-server
-client = 624-version-negotiation-client
-
-[624-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[624-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-624]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[625-version-negotiation]
-ssl_conf = 625-version-negotiation-ssl
-
-[625-version-negotiation-ssl]
-server = 625-version-negotiation-server
-client = 625-version-negotiation-client
-
-[625-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[625-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-625]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[626-version-negotiation]
-ssl_conf = 626-version-negotiation-ssl
-
-[626-version-negotiation-ssl]
-server = 626-version-negotiation-server
-client = 626-version-negotiation-client
-
-[626-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[626-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-626]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[627-version-negotiation]
-ssl_conf = 627-version-negotiation-ssl
-
-[627-version-negotiation-ssl]
-server = 627-version-negotiation-server
-client = 627-version-negotiation-client
-
-[627-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[627-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-627]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[628-version-negotiation]
-ssl_conf = 628-version-negotiation-ssl
-
-[628-version-negotiation-ssl]
-server = 628-version-negotiation-server
-client = 628-version-negotiation-client
-
-[628-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[628-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-628]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[629-version-negotiation]
-ssl_conf = 629-version-negotiation-ssl
-
-[629-version-negotiation-ssl]
-server = 629-version-negotiation-server
-client = 629-version-negotiation-client
-
-[629-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[629-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-629]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[630-version-negotiation]
-ssl_conf = 630-version-negotiation-ssl
-
-[630-version-negotiation-ssl]
-server = 630-version-negotiation-server
-client = 630-version-negotiation-client
-
-[630-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[630-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-630]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[631-version-negotiation]
-ssl_conf = 631-version-negotiation-ssl
-
-[631-version-negotiation-ssl]
-server = 631-version-negotiation-server
-client = 631-version-negotiation-client
-
-[631-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[631-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-631]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[632-version-negotiation]
-ssl_conf = 632-version-negotiation-ssl
-
-[632-version-negotiation-ssl]
-server = 632-version-negotiation-server
-client = 632-version-negotiation-client
-
-[632-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[632-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-632]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[633-version-negotiation]
-ssl_conf = 633-version-negotiation-ssl
-
-[633-version-negotiation-ssl]
-server = 633-version-negotiation-server
-client = 633-version-negotiation-client
-
-[633-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[633-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-633]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[634-version-negotiation]
-ssl_conf = 634-version-negotiation-ssl
-
-[634-version-negotiation-ssl]
-server = 634-version-negotiation-server
-client = 634-version-negotiation-client
-
-[634-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[634-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-634]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[635-version-negotiation]
-ssl_conf = 635-version-negotiation-ssl
-
-[635-version-negotiation-ssl]
-server = 635-version-negotiation-server
-client = 635-version-negotiation-client
-
-[635-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[635-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-635]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[636-version-negotiation]
-ssl_conf = 636-version-negotiation-ssl
-
-[636-version-negotiation-ssl]
-server = 636-version-negotiation-server
-client = 636-version-negotiation-client
-
-[636-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[636-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-636]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[637-version-negotiation]
-ssl_conf = 637-version-negotiation-ssl
-
-[637-version-negotiation-ssl]
-server = 637-version-negotiation-server
-client = 637-version-negotiation-client
-
-[637-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[637-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-637]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[638-version-negotiation]
-ssl_conf = 638-version-negotiation-ssl
-
-[638-version-negotiation-ssl]
-server = 638-version-negotiation-server
-client = 638-version-negotiation-client
-
-[638-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[638-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-638]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[639-version-negotiation]
-ssl_conf = 639-version-negotiation-ssl
-
-[639-version-negotiation-ssl]
-server = 639-version-negotiation-server
-client = 639-version-negotiation-client
-
-[639-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[639-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-639]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[640-version-negotiation]
-ssl_conf = 640-version-negotiation-ssl
-
-[640-version-negotiation-ssl]
-server = 640-version-negotiation-server
-client = 640-version-negotiation-client
-
-[640-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[640-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-640]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[641-version-negotiation]
-ssl_conf = 641-version-negotiation-ssl
-
-[641-version-negotiation-ssl]
-server = 641-version-negotiation-server
-client = 641-version-negotiation-client
-
-[641-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[641-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-641]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[642-version-negotiation]
-ssl_conf = 642-version-negotiation-ssl
-
-[642-version-negotiation-ssl]
-server = 642-version-negotiation-server
-client = 642-version-negotiation-client
-
-[642-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[642-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-642]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[643-version-negotiation]
-ssl_conf = 643-version-negotiation-ssl
-
-[643-version-negotiation-ssl]
-server = 643-version-negotiation-server
-client = 643-version-negotiation-client
-
-[643-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[643-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-643]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[644-version-negotiation]
-ssl_conf = 644-version-negotiation-ssl
-
-[644-version-negotiation-ssl]
-server = 644-version-negotiation-server
-client = 644-version-negotiation-client
-
-[644-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[644-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-644]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[645-version-negotiation]
-ssl_conf = 645-version-negotiation-ssl
-
-[645-version-negotiation-ssl]
-server = 645-version-negotiation-server
-client = 645-version-negotiation-client
-
-[645-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[645-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-645]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[646-version-negotiation]
-ssl_conf = 646-version-negotiation-ssl
-
-[646-version-negotiation-ssl]
-server = 646-version-negotiation-server
-client = 646-version-negotiation-client
-
-[646-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[646-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-646]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[647-version-negotiation]
-ssl_conf = 647-version-negotiation-ssl
-
-[647-version-negotiation-ssl]
-server = 647-version-negotiation-server
-client = 647-version-negotiation-client
-
-[647-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[647-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-647]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[648-version-negotiation]
-ssl_conf = 648-version-negotiation-ssl
-
-[648-version-negotiation-ssl]
-server = 648-version-negotiation-server
-client = 648-version-negotiation-client
-
-[648-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[648-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-648]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[649-version-negotiation]
-ssl_conf = 649-version-negotiation-ssl
-
-[649-version-negotiation-ssl]
-server = 649-version-negotiation-server
-client = 649-version-negotiation-client
-
-[649-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[649-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-649]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[650-version-negotiation]
-ssl_conf = 650-version-negotiation-ssl
-
-[650-version-negotiation-ssl]
-server = 650-version-negotiation-server
-client = 650-version-negotiation-client
-
-[650-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[650-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-650]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[651-version-negotiation]
-ssl_conf = 651-version-negotiation-ssl
-
-[651-version-negotiation-ssl]
-server = 651-version-negotiation-server
-client = 651-version-negotiation-client
-
-[651-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[651-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-651]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[652-version-negotiation]
-ssl_conf = 652-version-negotiation-ssl
-
-[652-version-negotiation-ssl]
-server = 652-version-negotiation-server
-client = 652-version-negotiation-client
-
-[652-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[652-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-652]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[653-version-negotiation]
-ssl_conf = 653-version-negotiation-ssl
-
-[653-version-negotiation-ssl]
-server = 653-version-negotiation-server
-client = 653-version-negotiation-client
-
-[653-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[653-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-653]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[654-version-negotiation]
-ssl_conf = 654-version-negotiation-ssl
-
-[654-version-negotiation-ssl]
-server = 654-version-negotiation-server
-client = 654-version-negotiation-client
-
-[654-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[654-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-654]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[655-version-negotiation]
-ssl_conf = 655-version-negotiation-ssl
-
-[655-version-negotiation-ssl]
-server = 655-version-negotiation-server
-client = 655-version-negotiation-client
-
-[655-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[655-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-655]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[656-version-negotiation]
-ssl_conf = 656-version-negotiation-ssl
-
-[656-version-negotiation-ssl]
-server = 656-version-negotiation-server
-client = 656-version-negotiation-client
-
-[656-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[656-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-656]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[657-version-negotiation]
-ssl_conf = 657-version-negotiation-ssl
-
-[657-version-negotiation-ssl]
-server = 657-version-negotiation-server
-client = 657-version-negotiation-client
-
-[657-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[657-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-657]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[658-version-negotiation]
-ssl_conf = 658-version-negotiation-ssl
-
-[658-version-negotiation-ssl]
-server = 658-version-negotiation-server
-client = 658-version-negotiation-client
-
-[658-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[658-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-658]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[659-version-negotiation]
-ssl_conf = 659-version-negotiation-ssl
-
-[659-version-negotiation-ssl]
-server = 659-version-negotiation-server
-client = 659-version-negotiation-client
-
-[659-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[659-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-659]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[660-version-negotiation]
-ssl_conf = 660-version-negotiation-ssl
-
-[660-version-negotiation-ssl]
-server = 660-version-negotiation-server
-client = 660-version-negotiation-client
-
-[660-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[660-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-660]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[661-version-negotiation]
-ssl_conf = 661-version-negotiation-ssl
-
-[661-version-negotiation-ssl]
-server = 661-version-negotiation-server
-client = 661-version-negotiation-client
-
-[661-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[661-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-661]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[662-version-negotiation]
-ssl_conf = 662-version-negotiation-ssl
-
-[662-version-negotiation-ssl]
-server = 662-version-negotiation-server
-client = 662-version-negotiation-client
-
-[662-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[662-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-662]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[663-version-negotiation]
-ssl_conf = 663-version-negotiation-ssl
-
-[663-version-negotiation-ssl]
-server = 663-version-negotiation-server
-client = 663-version-negotiation-client
-
-[663-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[663-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-663]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[664-version-negotiation]
-ssl_conf = 664-version-negotiation-ssl
-
-[664-version-negotiation-ssl]
-server = 664-version-negotiation-server
-client = 664-version-negotiation-client
-
-[664-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[664-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-664]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[665-version-negotiation]
-ssl_conf = 665-version-negotiation-ssl
-
-[665-version-negotiation-ssl]
-server = 665-version-negotiation-server
-client = 665-version-negotiation-client
-
-[665-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[665-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-665]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[666-version-negotiation]
-ssl_conf = 666-version-negotiation-ssl
-
-[666-version-negotiation-ssl]
-server = 666-version-negotiation-server
-client = 666-version-negotiation-client
-
-[666-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[666-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-666]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[667-version-negotiation]
-ssl_conf = 667-version-negotiation-ssl
-
-[667-version-negotiation-ssl]
-server = 667-version-negotiation-server
-client = 667-version-negotiation-client
-
-[667-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[667-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-667]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[668-version-negotiation]
-ssl_conf = 668-version-negotiation-ssl
-
-[668-version-negotiation-ssl]
-server = 668-version-negotiation-server
-client = 668-version-negotiation-client
-
-[668-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[668-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-668]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[669-version-negotiation]
-ssl_conf = 669-version-negotiation-ssl
-
-[669-version-negotiation-ssl]
-server = 669-version-negotiation-server
-client = 669-version-negotiation-client
-
-[669-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[669-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-669]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[670-version-negotiation]
-ssl_conf = 670-version-negotiation-ssl
-
-[670-version-negotiation-ssl]
-server = 670-version-negotiation-server
-client = 670-version-negotiation-client
-
-[670-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[670-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-670]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[671-version-negotiation]
-ssl_conf = 671-version-negotiation-ssl
-
-[671-version-negotiation-ssl]
-server = 671-version-negotiation-server
-client = 671-version-negotiation-client
-
-[671-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[671-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-671]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[672-version-negotiation]
-ssl_conf = 672-version-negotiation-ssl
-
-[672-version-negotiation-ssl]
-server = 672-version-negotiation-server
-client = 672-version-negotiation-client
-
-[672-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[672-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-672]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[673-version-negotiation]
-ssl_conf = 673-version-negotiation-ssl
-
-[673-version-negotiation-ssl]
-server = 673-version-negotiation-server
-client = 673-version-negotiation-client
-
-[673-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[673-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-673]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[674-version-negotiation]
-ssl_conf = 674-version-negotiation-ssl
-
-[674-version-negotiation-ssl]
-server = 674-version-negotiation-server
-client = 674-version-negotiation-client
-
-[674-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[674-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-674]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[675-version-negotiation]
-ssl_conf = 675-version-negotiation-ssl
-
-[675-version-negotiation-ssl]
-server = 675-version-negotiation-server
-client = 675-version-negotiation-client
-
-[675-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[675-version-negotiation-client]
-CipherString = DEFAULT:@SECLEVEL=0
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-675]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[676-ciphersuite-sanity-check-client]
-ssl_conf = 676-ciphersuite-sanity-check-client-ssl
-
-[676-ciphersuite-sanity-check-client-ssl]
-server = 676-ciphersuite-sanity-check-client-server
-client = 676-ciphersuite-sanity-check-client-client
-
-[676-ciphersuite-sanity-check-client-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[676-ciphersuite-sanity-check-client-client]
-CipherString = AES128-SHA
-Ciphersuites =
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-676]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[677-ciphersuite-sanity-check-server]
-ssl_conf = 677-ciphersuite-sanity-check-server-ssl
-
-[677-ciphersuite-sanity-check-server-ssl]
-server = 677-ciphersuite-sanity-check-server-server
-client = 677-ciphersuite-sanity-check-server-client
-
-[677-ciphersuite-sanity-check-server-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = AES128-SHA
-Ciphersuites =
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[677-ciphersuite-sanity-check-server-client]
-CipherString = AES128-SHA
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-677]
+[test-362]
ExpectedResult = ServerFail
diff --git a/test/ssl-tests/04-client_auth.cnf.in b/test/ssl-tests/04-client_auth.cnf.in
index ba170bbfb8..9337b91b8a 100644
--- a/test/ssl-tests/04-client_auth.cnf.in
+++ b/test/ssl-tests/04-client_auth.cnf.in
@@ -21,8 +21,8 @@ if ($fips_mode) {
@protocols = (undef, "TLSv1.2", "DTLSv1.2");
push @is_disabled, anydisabled("tls1_2", "dtls1_2");
} else {
- @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "DTLSv1", "DTLSv1.2");
- push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "dtls1", "dtls1_2");
+ @protocols = (undef, "TLSv1", "TLSv1.1", "TLSv1.2", "DTLSv1", "DTLSv1.2");
+ push @is_disabled, anydisabled("tls1", "tls1_1", "tls1_2", "dtls1", "dtls1_2");
}
our @tests = ();
@@ -47,11 +47,7 @@ sub generate_tests() {
my $method;
my $sctpenabled = 0;
if (!$is_disabled[$_]) {
- if ($protocol_name eq "SSLv3") {
- $caalert = "BadCertificate";
- } else {
- $caalert = "UnknownCA";
- }
+ $caalert = "UnknownCA";
if ($protocol_name =~ m/^DTLS/) {
$method = "DTLS";
$sctpenabled = 1 if !disabled("sctp");
diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm
index 4e4ce365d6..4a5522fc4c 100644
--- a/test/ssl-tests/protocol_version.pm
+++ b/test/ssl-tests/protocol_version.pm
@@ -20,15 +20,15 @@ use OpenSSL::Test;
use OpenSSL::Test::Utils qw/anydisabled alldisabled disabled/;
setup("no_test_here");
-my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3");
+my @tls_protocols = ("TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3");
my @tls_protocols_fips = ("TLSv1.2", "TLSv1.3");
# undef stands for "no limit".
-my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3");
+my @min_tls_protocols = (undef, "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3");
my @min_tls_protocols_fips = (undef, "TLSv1.2", "TLSv1.3");
-my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3", undef);
+my @max_tls_protocols = ("TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3", undef);
my @max_tls_protocols_fips = ("TLSv1.2", "TLSv1.3", undef);
-my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3");
+my @is_tls_disabled = anydisabled("tls1", "tls1_1", "tls1_2", "tls1_3");
my @is_tls_disabled_fips = anydisabled("tls1_2", "tls1_3");
my $min_tls_enabled; my $max_tls_enabled;
@@ -107,7 +107,7 @@ sub no_tests {
return disabled("dtls1_2");
}
return $dtls ? alldisabled("dtls1", "dtls1_2") :
- alldisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3");
+ alldisabled("tls1", "tls1_1", "tls1_2", "tls1_3");
}
sub generate_version_tests {
diff --git a/test/ssl_ctx_test.c b/test/ssl_ctx_test.c
index dd075acd9b..796472f0cb 100644
--- a/test/ssl_ctx_test.c
+++ b/test/ssl_ctx_test.c
@@ -33,13 +33,12 @@ typedef struct {
static const version_test version_testdata[] = {
/* proto min max ok expected min expected max */
{ PROTO_TLS, 0, 0, 1, 1, 0, 0 },
- { PROTO_TLS, SSL3_VERSION, TLS1_3_VERSION, 1, 1, SSL3_VERSION, TLS1_3_VERSION },
{ PROTO_TLS, TLS1_VERSION, TLS1_3_VERSION, 1, 1, TLS1_VERSION, TLS1_3_VERSION },
{ PROTO_TLS, TLS1_VERSION, TLS1_2_VERSION, 1, 1, TLS1_VERSION, TLS1_2_VERSION },
{ PROTO_TLS, TLS1_2_VERSION, TLS1_2_VERSION, 1, 1, TLS1_2_VERSION, TLS1_2_VERSION },
{ PROTO_TLS, TLS1_2_VERSION, TLS1_1_VERSION, 1, 1, TLS1_2_VERSION, TLS1_1_VERSION },
- { PROTO_TLS, SSL3_VERSION - 1, TLS1_3_VERSION, 0, 1, 0, TLS1_3_VERSION },
- { PROTO_TLS, SSL3_VERSION, TLS1_3_VERSION + 1, 1, 0, SSL3_VERSION, 0 },
+ { PROTO_TLS, SSL3_VERSION, TLS1_3_VERSION, 0, 1, 0, TLS1_3_VERSION },
+ { PROTO_TLS, TLS1_VERSION, TLS1_3_VERSION + 1, 1, 0, TLS1_VERSION, 0 },
#ifndef OPENSSL_NO_DTLS
{ PROTO_TLS, DTLS1_VERSION, DTLS1_2_VERSION, 1, 1, 0, 0 },
#endif
diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c
index 909a33e6ed..ea3c204026 100644
--- a/test/ssl_old_test.c
+++ b/test/ssl_old_test.c
@@ -655,9 +655,6 @@ static void sv_usage(void)
#ifndef OPENSSL_NO_PSK
fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
#endif
-#ifndef OPENSSL_NO_SSL3
- fprintf(stderr, " -ssl3 - use SSLv3\n");
-#endif
#ifndef OPENSSL_NO_TLS1
fprintf(stderr, " -tls1 - use TLSv1\n");
#endif
@@ -814,7 +811,6 @@ static int protocol_from_string(const char *value)
int version;
};
static const struct protocol_versions versions[] = {
- { "ssl3", SSL3_VERSION },
{ "tls1", TLS1_VERSION },
{ "tls1.1", TLS1_1_VERSION },
{ "tls1.2", TLS1_2_VERSION },
@@ -898,7 +894,7 @@ int main(int argc, char *argv[])
BIO_IPV6 } bio_type
= BIO_MEM;
int force = 0;
- int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_1 = 0, tls1_2 = 0, ssl3 = 0;
+ int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_1 = 0, tls1_2 = 0;
int ret = EXIT_FAILURE;
int client_auth = 0;
int server_auth = 0, i;
@@ -1028,8 +1024,6 @@ int main(int argc, char *argv[])
tls1_1 = 1;
} else if (strcmp(*argv, "-tls1") == 0) {
tls1 = 1;
- } else if (strcmp(*argv, "-ssl3") == 0) {
- ssl3 = 1;
} else if (strcmp(*argv, "-dtls1") == 0) {
dtls1 = 1;
} else if (strcmp(*argv, "-dtls12") == 0) {
@@ -1246,19 +1240,14 @@ int main(int argc, char *argv[])
goto end;
}
- if (ssl3 + tls1 + tls1_1 + tls1_2 + dtls + dtls1 + dtls12 > 1) {
- fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1 or -dtls12 should "
+ if (tls1 + tls1_1 + tls1_2 + dtls + dtls1 + dtls12 > 1) {
+ fprintf(stderr, "At most one of -tls1, -tls1_1, -tls1_2, -dtls, -dtls1 or -dtls12 should "
"be requested.\n");
goto end;
}
-#ifdef OPENSSL_NO_SSL3
- if (ssl3)
- no_protocol = 1;
- else
-#endif
#ifdef OPENSSL_NO_TLS1
- if (tls1)
+ if (tls1)
no_protocol = 1;
else
#endif
@@ -1296,11 +1285,11 @@ int main(int argc, char *argv[])
goto end;
}
- if (!ssl3 && !tls1 && !tls1_1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1
+ if (!tls1 && !tls1_1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1
&& !reuse && !force) {
fprintf(stderr, "This case cannot work. Use -f to perform "
"the test anyway (and\n-d to see what happens), "
- "or add one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n"
+ "or add one of -tls1, -tls1_1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n"
"to avoid protocol mismatch.\n");
goto end;
}
@@ -1344,10 +1333,7 @@ int main(int argc, char *argv[])
#ifndef OPENSSL_NO_TLS
meth = TLS_method();
- if (ssl3) {
- min_version = SSL3_VERSION;
- max_version = SSL3_VERSION;
- } else if (tls1) {
+ if (tls1) {
min_version = TLS1_VERSION;
max_version = TLS1_VERSION;
} else if (tls1_1) {
diff --git a/test/sslapitest.c b/test/sslapitest.c
index d7d1ebc602..a758ae263a 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -1606,12 +1606,7 @@ static int test_large_app_data(int tst)
#endif
case 4:
-#ifndef OPENSSL_NO_SSL3
- prot = SSL3_VERSION;
- break;
-#else
return TEST_skip("SSL 3 not supported");
-#endif
case 5:
#ifndef OPENSSL_NO_DTLS1_2
@@ -12050,9 +12045,6 @@ static int check_version_string(SSL *s, int version)
const char *verstr = NULL;
switch (version) {
- case SSL3_VERSION:
- verstr = "SSLv3";
- break;
case TLS1_VERSION:
verstr = "TLSv1";
break;
@@ -12090,11 +12082,6 @@ static int test_version(int idx)
const SSL_METHOD *clientmeth = TLS_client_method();
switch (idx) {
-#if !defined(OPENSSL_NO_SSL3)
- case 0:
- version = SSL3_VERSION;
- break;
-#endif
#if !defined(OPENSSL_NO_TLS1)
case 1:
version = TLS1_VERSION;
@@ -12131,8 +12118,7 @@ static int test_version(int idx)
}
if (is_fips
- && (version == SSL3_VERSION
- || version == TLS1_VERSION
+ && (version == TLS1_VERSION
|| version == DTLS1_VERSION)) {
TEST_skip("Protocol version not supported with FIPS");
return 1;