_ Git - BoarSSL/blob - conf/bearssl.json

   1 {
   2   "commandFile" : "../build/brssl",
   3   "commandArgs" : "twrch {0}",
   4   "chainRSA" : "conf/rsacert.pem",
   5   "skeyRSA" : "conf/rsakey.pem",
   6   "chainEC" : "conf/eccert.pem",
   7   "skeyEC" : "conf/eckey.pem",
   8   "noCloseNotify" : false,
   9   "versions" : [
  10     "TLS10", "TLS11", "TLS12"
  11   ],
  12   "cipherSuites" : [
  13     "ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
  14     "ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
  15     "ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
  16     "ECDHE_RSA_WITH_AES_128_GCM_SHA256",
  17     "ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
  18     "ECDHE_RSA_WITH_AES_256_GCM_SHA384",
  19     "ECDHE_ECDSA_WITH_AES_128_CCM",
  20     "ECDHE_ECDSA_WITH_AES_256_CCM",
  21     "ECDHE_ECDSA_WITH_AES_128_CCM_8",
  22     "ECDHE_ECDSA_WITH_AES_256_CCM_8",
  23     "ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
  24     "ECDHE_RSA_WITH_AES_128_CBC_SHA256",
  25     "ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
  26     "ECDHE_RSA_WITH_AES_256_CBC_SHA384",
  27     "ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
  28     "ECDHE_RSA_WITH_AES_128_CBC_SHA",
  29     "ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
  30     "ECDHE_RSA_WITH_AES_256_CBC_SHA",
  31
  32     "ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
  33     "ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
  34     "ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
  35     "ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
  36     "ECDH_ECDSA_WITH_AES_128_CBC_SHA",
  37     "ECDH_ECDSA_WITH_AES_256_CBC_SHA",
  38
  39     "RSA_WITH_AES_128_GCM_SHA256",
  40     "RSA_WITH_AES_256_GCM_SHA384",
  41     "RSA_WITH_AES_128_CCM",
  42     "RSA_WITH_AES_256_CCM",
  43     "RSA_WITH_AES_128_CCM_8",
  44     "RSA_WITH_AES_256_CCM_8",
  45     "RSA_WITH_AES_128_CBC_SHA256",
  46     "RSA_WITH_AES_256_CBC_SHA256",
  47     "RSA_WITH_AES_128_CBC_SHA",
  48     "RSA_WITH_AES_256_CBC_SHA",
  49     "RSA_WITH_3DES_EDE_CBC_SHA",
  50
  51     "ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
  52     "ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
  53     "ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"
  54   ],
  55   "hashAndSigns" : [
  56     "RSA_SHA256",
  57     "RSA_SHA224",
  58     "RSA_SHA384",
  59     "RSA_SHA512",
  60     "RSA_SHA1",
  61     "ECDSA_SHA256",
  62     "ECDSA_SHA224",
  63     "ECDSA_SHA384",
  64     "ECDSA_SHA512",
  65     "ECDSA_SHA1"
  66   ],
  67   "curves" : [
  68     "Curve25519",
  69     "NIST_P256",
  70     "NIST_P384",
  71     "NIST_P521"
  72   ],
  73   "tests" : [
  74     {
  75       "name" : "peerClose",
  76       "comment" : "The peer should initiate a clean close",
  77       "askClose" : "true"
  78     },
  79     {
  80       "name" : "renegotiateNormal",
  81       "comment" : "Normal renegotiation triggered from our side",
  82       "renegotiate" : "true"
  83     },
  84     {
  85       "name" : "peerRenegotiateNormal",
  86       "comment" : "Normal renegotiation triggered by the peer",
  87       "askRenegotiate" : "true"
  88     },
  89     {
  90       "name" : "noSecureReneg",
  91       "comment" : "Not sending secure renegotiation; renegotiation attempts should be rejected by the peer.",
  92       "renegotiate" : "false",
  93       "quirks" : {
  94         "noSecureReneg" : "true"
  95       }
  96     },
  97     {
  98       "name" : "forceEmptySecureReneg",
  99       "comment" : "Forcing empty Secure Renegotiation extension. This should be OK for first handshake, then fail during renegotiation.",
 100       "renegotiate" : "true",
 101       "expectedExitCode" : 1,
 102       "expectedFailure" : "Unexpected transport closure",
 103       "quirks" : {
 104         "forceEmptySecureReneg" : "true"
 105       }
 106     },
 107     {
 108       "name" : "forceNonEmptySecureReneg",
 109       "comment" : "A non-empty Secure Renegotiation extension is sent during the first handshake. The peer should call foul play and abort.",
 110       "expectedExitCode" : 1,
 111       "expectedFailure" : "Unexpected transport closure",
 112       "quirks" : {
 113         "forceNonEmptySecureReneg" : "true"
 114       }
 115     },
 116     {
 117       "name" : "alterNonEmptySecureReneg",
 118       "comment" : "The Secure Renegotiation extension contents are altered during second handshake (but the length is preserved). The peer should abort.",
 119       "renegotiate" : "true",
 120       "expectedExitCode" : 1,
 121       "expectedFailure" : "Unexpected transport closure",
 122       "quirks" : {
 123         "alterNonEmptySecureReneg" : "true"
 124       }
 125     },
 126     {
 127       "name" : "oversizedSecureReneg",
 128       "comment" : "The Secure Renegotiation extension contents are much bigger than normal. The peer should abort.",
 129       "expectedExitCode" : 1,
 130       "expectedFailure" : "Unexpected transport closure",
 131       "quirks" : {
 132         "oversizedSecureReneg" : "true"
 133       }
 134     },
 135     {
 136       "name" : "recordSplitHalf",
 137       "comment" : "All records of length 2 or more are split into two halves.",
 138       "quirks" : {
 139         "recordSplitMode" : "half:20,21,22,23"
 140       }
 141     },
 142     {
 143       "name" : "recordSplitZeroBefore",
 144       "comment" : "All records are preceded with a zero-length record.",
 145       "quirks" : {
 146         "recordSplitMode" : "zero_before:20,21,22,23"
 147       }
 148     },
 149     {
 150       "name" : "recordSplitZeroHalf",
 151       "comment" : "All records of length 2 or more are split into two halves, and a zero-length record is inserted between the two halves..",
 152       "quirks" : {
 153         "recordSplitMode" : "zero_half:20,21,22,23"
 154       }
 155     },
 156     {
 157       "name" : "recordSplitOneStart",
 158       "comment" : "The first byte of each record of length 2 or more is separated into its own record.",
 159       "quirks" : {
 160         "recordSplitMode" : "one_start:20,21,22,23"
 161       }
 162     },
 163     {
 164       "name" : "recordSplitOneEnd",
 165       "comment" : "The last byte of each record of length 2 or more is separated into its own record.",
 166       "quirks" : {
 167         "recordSplitMode" : "one_end:20,21,22,23"
 168       }
 169     },
 170     {
 171       "name" : "recordSplitMultiOne",
 172       "comment" : "All records are split into individual records of length 1.",
 173       "quirks" : {
 174         "recordSplitMode" : "multi_one:20,21,22,23"
 175       }
 176     },
 177     {
 178       "name" : "emptyHandshake1",
 179       "comment" : "An extra empty handshake message is inserted before the first application data record.",
 180       "quirks" : {
 181         "thresholdZeroHandshake" : 1
 182       }
 183     },
 184     {
 185       "name" : "emptyHandshake2",
 186       "comment" : "An extra empty handshake message is inserted before the second application data record.",
 187       "quirks" : {
 188         "thresholdZeroHandshake" : 2
 189       }
 190     },
 191     {
 192       "name" : "emptyAppData1",
 193       "comment" : "An extra empty handshake message is inserted before the first handshake record.",
 194       "quirks" : {
 195         "thresholdZeroAppData" : 1
 196       }
 197     },
 198     {
 199       "name" : "emptyAppData2",
 200       "comment" : "An extra empty handshake message is inserted before the second handshake record.",
 201       "quirks" : {
 202         "thresholdZeroAppData" : 2
 203       }
 204     },
 205     {
 206       "name" : "extraServerExtension",
 207       "comment" : "An extra extension is added in the ServerHello. Client should reject it. BearSSL closes the connection, so the server gets an unexpected transport closure.",
 208       "clientOnly" : "true",
 209       "expectedExitCode" : 1,
 210       "expectedFailure" : "Unexpected transport closure",
 211       "quirks" : {
 212         "sendExtraExtension" : "0xA7C0"
 213       }
 214     },
 215     {
 216       "name" : "extraClientExtension",
 217       "comment" : "An extra extension is added in the ClientHello. Server should ignore it.",
 218       "serverOnly" : "true",
 219       "quirks" : {
 220         "sendExtraExtension" : "0xA7C0"
 221       }
 222     },
 223     {
 224       "name" : "reconnectSelf",
 225       "comment" : "Connection is closed and reconnection is performed; the session should be resumed.",
 226       "reconnect" : "self"
 227     },
 228     {
 229       "name" : "reconnectPeer",
 230       "comment" : "Peer is tasked with closing then reconnecting; the session should be resumed.",
 231       "reconnect" : "peer"
 232     },
 233     {
 234       "name" : "reconnectSelfForgetSelf",
 235       "comment" : "Connection is closed and reconnection is performed. Previous session if forgotten on our part.",
 236       "reconnect" : "self",
 237       "forget" : "self"
 238     },
 239     {
 240       "name" : "reconnectSelfForgetPeer",
 241       "comment" : "Peer should forget session. Then we close and reconnect.",
 242       "reconnect" : "self",
 243       "forget" : "peer"
 244     },
 245     {
 246       "name" : "reconnectPeerForgetSelf",
 247       "comment" : "We forget the session. Peer should close and reconnect.",
 248       "reconnect" : "peer",
 249       "forget" : "self"
 250     },
 251     {
 252       "name" : "reconnectPeerForgetPeer",
 253       "comment" : "Peer should forget session. Peer should close and reconnect.",
 254       "reconnect" : "peer",
 255       "forget" : "peer"
 256     },
 257     {
 258       "name" : "tls12SuiteWithOlder",
 259       "comment" : "Server selects a TLS-1.2 specific cipher suite with TLS-1.1; the client should refuse.",
 260       "clientOnly" : "true",
 261       "expectedExitCode" : 1,
 262       "expectedFailure" : "Unexpected transport closure",
 263       "quirks" : {
 264         "forceVersion" : "TLS11",
 265         "forceTls12CipherSuite" : "true"
 266       }
 267     }
 268   ]
 269 }