From 58093c8bec6a410e6f7bbdccf1abd1fa01574b93 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 28 Jun 2018 13:22:05 +0300 Subject: [PATCH] Add ECC extensions test in ssl-opts.sh Add test to verify if an ecc based extension exists or not if an ecc based ciphersuite is used or not. --- tests/ssl-opt.sh | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9faeb6703..7fade04ec 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4551,6 +4551,40 @@ run_test "SSL async private: renegotiation: server-initiated; decrypt" \ -s "Async decrypt callback: using key slot " \ -s "Async resume (slot [0-9]): decrypt done, status=0" +# Tests for ECC extensions (rfc 4492) + +run_test "Force a non ECC ciphersuite in the client side" \ + "$P_SRV debug_level=3" \ + "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + 0 \ + -C "client hello, adding supported_elliptic_curves extension" \ + -C "client hello, adding supported_point_formats extension" \ + -S "found supported elliptic curves extension" \ + -S "found supported point formats extension" + +run_test "Force a non ECC ciphersuite in the server side" \ + "$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + "$P_CLI debug_level=3" \ + 0 \ + -C "found supported_point_formats extension" \ + -S "server hello, supported_point_formats extension" + +run_test "Force an ECC ciphersuite in the client side" \ + "$P_SRV debug_level=3" \ + "$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ + 0 \ + -c "client hello, adding supported_elliptic_curves extension" \ + -c "client hello, adding supported_point_formats extension" \ + -s "found supported elliptic curves extension" \ + -s "found supported point formats extension" + +run_test "Force an ECC ciphersuite in the server side" \ + "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ + "$P_CLI debug_level=3" \ + 0 \ + -c "found supported_point_formats extension" \ + -s "server hello, supported_point_formats extension" + # Tests for DTLS HelloVerifyRequest run_test "DTLS cookie: enabled" \