2f9c9b9a22
1. Added the usual cipher suite changes for the new suite.
2. Added a build option, WOLFSSL_ALT_TEST_STRINGS, for testing
against GnuTLS. It wants to receive strings with newlines.
3. Updated the test configs for the new suite.
Tested against GnuTLS's client and server using the options:
$ gnutls-cli --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509" --x509cafile=./certs/server-ecc.pem --no-ca-verification -p 11111 localhost
$ gnutls-serv --echo --x509keyfile=./certs/ecc-key.pem --x509certfile=./certs/server-ecc.pem --port=11111 -a --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509"
To talk to GnuTLS, wolfSSL also needed the supported curves option
enabled.
210 lines
4.1 KiB
Plaintext
210 lines
4.1 KiB
Plaintext
# server TLSv1 ECDHE-ECDSA-DES3
|
|
-v 1
|
|
-l ECDHE-ECDSA-DES-CBC3-SHA
|
|
-c ./certs/server-ecc-rsa.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client TLSv1 ECDHE-ECDSA-DES3
|
|
-v 1
|
|
-l ECDHE-ECDSA-DES-CBC3-SHA
|
|
-A ./certs/ca-cert.pem
|
|
|
|
# server TLSv1 ECDHE-ECDSA-AES128
|
|
-v 1
|
|
-l ECDHE-ECDSA-AES128-SHA
|
|
-c ./certs/server-ecc.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client TLSv1 ECDHE-ECDSA-AES128
|
|
-v 1
|
|
-l ECDHE-ECDSA-AES128-SHA
|
|
-A ./certs/server-ecc.pem
|
|
|
|
# server TLSv1 ECDHE-ECDSA-AES128
|
|
-v 1
|
|
-l ECDHE-ECDSA-AES128-SHA
|
|
-c ./certs/server-ecc-rsa.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client TLSv1 ECDHE-ECDSA-AES128
|
|
-v 1
|
|
-l ECDHE-ECDSA-AES128-SHA
|
|
-A ./certs/ca-cert.pem
|
|
|
|
# server TLSv1 ECDHE-ECDSA-AES256
|
|
-v 1
|
|
-l ECDHE-ECDSA-AES256-SHA
|
|
-c ./certs/server-ecc-rsa.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client TLSv1 ECDHE-ECDSA-AES256
|
|
-v 1
|
|
-l ECDHE-ECDSA-AES256-SHA
|
|
-A ./certs/ca-cert.pem
|
|
|
|
# server TLSv1.1 ECDHE-ECDSA-DES3
|
|
-v 2
|
|
-l ECDHE-ECDSA-DES-CBC3-SHA
|
|
-c ./certs/server-ecc-rsa.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client TLSv1.1 ECDHE-ECDSA-DES3
|
|
-v 2
|
|
-l ECDHE-ECDSA-DES-CBC3-SHA
|
|
-A ./certs/ca-cert.pem
|
|
|
|
# server TLSv1.1 ECDHE-ECDSA-AES128
|
|
-v 2
|
|
-l ECDHE-ECDSA-AES128-SHA
|
|
-c ./certs/server-ecc.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client TLSv1.1 ECDHE-ECDSA-AES128
|
|
-v 2
|
|
-l ECDHE-ECDSA-AES128-SHA
|
|
-A ./certs/server-ecc.pem
|
|
|
|
# server TLSv1.1 ECDHE-ECDSA-AES128
|
|
-v 2
|
|
-l ECDHE-ECDSA-AES128-SHA
|
|
-c ./certs/server-ecc-rsa.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client TLSv1.1 ECDHE-ECDSA-AES128
|
|
-v 2
|
|
-l ECDHE-ECDSA-AES128-SHA
|
|
-A ./certs/ca-cert.pem
|
|
|
|
# server TLSv1.1 ECDHE-ECDSA-AES256
|
|
-v 2
|
|
-l ECDHE-ECDSA-AES256-SHA
|
|
-c ./certs/server-ecc-rsa.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client TLSv1.1 ECDHE-ECDSA-AES256
|
|
-v 2
|
|
-l ECDHE-ECDSA-AES256-SHA
|
|
-A ./certs/ca-cert.pem
|
|
|
|
# server TLSv1.2 ECDHE-ECDSA-DES3
|
|
-v 3
|
|
-l ECDHE-ECDSA-DES-CBC3-SHA
|
|
-c ./certs/server-ecc-rsa.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client TLSv1.2 ECDHE-ECDSA-DES3
|
|
-v 3
|
|
-l ECDHE-ECDSA-DES-CBC3-SHA
|
|
-A ./certs/ca-cert.pem
|
|
|
|
# server TLSv1.2 ECDHE-ECDSA-AES128
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-SHA
|
|
-c ./certs/server-ecc.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client TLSv1.2 ECDHE-ECDSA-AES128
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-SHA
|
|
-A ./certs/server-ecc.pem
|
|
|
|
# server TLSv1.2 ECDHE-ECDSA-AES128-SHA256
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-SHA256
|
|
-c ./certs/server-ecc-rsa.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client TLSv1.2 ECDHE-ECDSA-AES128-SHA256
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-SHA256
|
|
-A ./certs/ca-cert.pem
|
|
|
|
# server TLSv1.2 ECDHE-ECDSA-AES256
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES256-SHA
|
|
-c ./certs/server-ecc-rsa.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client TLSv1.2 ECDHE-ECDSA-AES256
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES256-SHA
|
|
-A ./certs/ca-cert.pem
|
|
|
|
# server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305
|
|
-v 3
|
|
-l ECDHE-ECDSA-CHACHA20-POLY1305
|
|
-c ./certs/server-ecc-rsa.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
|
|
-v 3
|
|
-l ECDHE-ECDSA-CHACHA20-POLY1305
|
|
-A ./certs/ca-cert.pem
|
|
|
|
# server TLSv1.2 ECDH-ECDSA-AES128-SHA256
|
|
-v 3
|
|
-l ECDH-ECDSA-AES128-SHA256
|
|
-c ./certs/server-ecc-rsa.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client TLSv1.2 ECDH-ECDSA-AES128-SHA256
|
|
-v 3
|
|
-l ECDH-ECDSA-AES128-SHA256
|
|
-A ./certs/ca-cert.pem
|
|
|
|
# server TLSv1.2 ECDH-ECDSA-AES256
|
|
-v 3
|
|
-l ECDH-ECDSA-AES256-SHA
|
|
-c ./certs/server-ecc-rsa.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client TLSv1.2 ECDH-ECDSA-AES256
|
|
-v 3
|
|
-l ECDH-ECDSA-AES256-SHA
|
|
-A ./certs/ca-cert.pem
|
|
|
|
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/server-ecc-rsa.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-A ./certs/ca-cert.pem
|
|
|
|
# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES256-GCM-SHA384
|
|
-c ./certs/server-ecc-rsa.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES256-GCM-SHA384
|
|
-A ./certs/ca-cert.pem
|
|
|
|
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-CCM
|
|
-c ./certs/server-ecc-rsa.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-CCM
|
|
-A ./certs/ca-cert.pem
|
|
|
|
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-CCM-8
|
|
-c ./certs/server-ecc-rsa.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-CCM-8
|
|
-A ./certs/ca-cert.pem
|
|
|