projects / BoarSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Initial commit.
[BoarSSL] / conf / bearssl.json
1 {
2 "commandFile" : "../build/brssl",
3 "commandArgs" : "twrch {0}",
4 "chainRSA" : "conf/rsacert.pem",
5 "skeyRSA" : "conf/rsakey.pem",
6 "chainEC" : "conf/eccert.pem",
7 "skeyEC" : "conf/eckey.pem",
8 "noCloseNotify" : false,
9 "versions" : [
10 "TLS10", "TLS11", "TLS12"
11 ],
12 "cipherSuites" : [
13 "ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
14 "ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
15 "ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
16 "ECDHE_RSA_WITH_AES_128_GCM_SHA256",
17 "ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
18 "ECDHE_RSA_WITH_AES_256_GCM_SHA384",
19 "ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
20 "ECDHE_RSA_WITH_AES_128_CBC_SHA256",
21 "ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
22 "ECDHE_RSA_WITH_AES_256_CBC_SHA384",
23 "ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
24 "ECDHE_RSA_WITH_AES_128_CBC_SHA",
25 "ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
26 "ECDHE_RSA_WITH_AES_256_CBC_SHA",
27
28 "ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
29 "ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
30 "ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
31 "ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
32 "ECDH_ECDSA_WITH_AES_128_CBC_SHA",
33 "ECDH_ECDSA_WITH_AES_256_CBC_SHA",
34
35 "RSA_WITH_AES_128_GCM_SHA256",
36 "RSA_WITH_AES_256_GCM_SHA384",
37 "RSA_WITH_AES_128_CBC_SHA256",
38 "RSA_WITH_AES_256_CBC_SHA256",
39 "RSA_WITH_AES_128_CBC_SHA",
40 "RSA_WITH_AES_256_CBC_SHA",
41 "RSA_WITH_3DES_EDE_CBC_SHA",
42
43 "ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
44 "ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
45 "ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"
46 ],
47 "hashAndSigns" : [
48 "RSA_SHA256",
49 "RSA_SHA224",
50 "RSA_SHA384",
51 "RSA_SHA512",
52 "RSA_SHA1",
53 "ECDSA_SHA256",
54 "ECDSA_SHA224",
55 "ECDSA_SHA384",
56 "ECDSA_SHA512",
57 "ECDSA_SHA1"
58 ],
59 "curves" : [
60 "Curve25519",
61 "NIST_P256",
62 "NIST_P384",
63 "NIST_P521"
64 ],
65 "tests" : [
66 {
67 "name" : "peerClose",
68 "comment" : "The peer should initiate a clean close",
69 "askClose" : "true"
70 },
71 {
72 "name" : "renegotiateNormal",
73 "comment" : "Normal renegotiation triggered from our side",
74 "renegotiate" : "true"
75 },
76 {
77 "name" : "peerRenegotiateNormal",
78 "comment" : "Normal renegotiation triggered by the peer",
79 "askRenegotiate" : "true"
80 },
81 {
82 "name" : "noSecureReneg",
83 "comment" : "Not sending secure renegotiation; renegotiation attempts should be rejected by the peer.",
84 "renegotiate" : "false",
85 "quirks" : {
86 "noSecureReneg" : "true"
87 }
88 },
89 {
90 "name" : "forceEmptySecureReneg",
91 "comment" : "Forcing empty Secure Renegotiation extension. This should be OK for first handshake, then fail during renegotiation.",
92 "renegotiate" : "true",
93 "expectedExitCode" : 1,
94 "expectedFailure" : "Unexpected transport closure",
95 "quirks" : {
96 "forceEmptySecureReneg" : "true"
97 }
98 },
99 {
100 "name" : "forceNonEmptySecureReneg",
101 "comment" : "A non-empty Secure Renegotiation extension is sent during the first handshake. The peer should call foul play and abort.",
102 "expectedExitCode" : 1,
103 "expectedFailure" : "Unexpected transport closure",
104 "quirks" : {
105 "forceNonEmptySecureReneg" : "true"
106 }
107 },
108 {
109 "name" : "alterNonEmptySecureReneg",
110 "comment" : "The Secure Renegotiation extension contents are altered during second handshake (but the length is preserved). The peer should abort.",
111 "renegotiate" : "true",
112 "expectedExitCode" : 1,
113 "expectedFailure" : "Unexpected transport closure",
114 "quirks" : {
115 "alterNonEmptySecureReneg" : "true"
116 }
117 },
118 {
119 "name" : "oversizedSecureReneg",
120 "comment" : "The Secure Renegotiation extension contents are much bigger than normal. The peer should abort.",
121 "expectedExitCode" : 1,
122 "expectedFailure" : "Unexpected transport closure",
123 "quirks" : {
124 "oversizedSecureReneg" : "true"
125 }
126 },
127 {
128 "name" : "recordSplitHalf",
129 "comment" : "All records of length 2 or more are split into two halves.",
130 "quirks" : {
131 "recordSplitMode" : "half:20,21,22,23"
132 }
133 },
134 {
135 "name" : "recordSplitZeroBefore",
136 "comment" : "All records are preceded with a zero-length record.",
137 "quirks" : {
138 "recordSplitMode" : "zero_before:20,21,22,23"
139 }
140 },
141 {
142 "name" : "recordSplitZeroHalf",
143 "comment" : "All records of length 2 or more are split into two halves, and a zero-length record is inserted between the two halves..",
144 "quirks" : {
145 "recordSplitMode" : "zero_half:20,21,22,23"
146 }
147 },
148 {
149 "name" : "recordSplitOneStart",
150 "comment" : "The first byte of each record of length 2 or more is separated into its own record.",
151 "quirks" : {
152 "recordSplitMode" : "one_start:20,21,22,23"
153 }
154 },
155 {
156 "name" : "recordSplitOneEnd",
157 "comment" : "The last byte of each record of length 2 or more is separated into its own record.",
158 "quirks" : {
159 "recordSplitMode" : "one_end:20,21,22,23"
160 }
161 },
162 {
163 "name" : "recordSplitMultiOne",
164 "comment" : "All records are split into individual records of length 1.",
165 "quirks" : {
166 "recordSplitMode" : "multi_one:20,21,22,23"
167 }
168 },
169 {
170 "name" : "emptyHandshake1",
171 "comment" : "An extra empty handshake message is inserted before the first application data record.",
172 "quirks" : {
173 "thresholdZeroHandshake" : 1
174 }
175 },
176 {
177 "name" : "emptyHandshake2",
178 "comment" : "An extra empty handshake message is inserted before the second application data record.",
179 "quirks" : {
180 "thresholdZeroHandshake" : 2
181 }
182 },
183 {
184 "name" : "emptyAppData1",
185 "comment" : "An extra empty handshake message is inserted before the first handshake record.",
186 "quirks" : {
187 "thresholdZeroAppData" : 1
188 }
189 },
190 {
191 "name" : "emptyAppData2",
192 "comment" : "An extra empty handshake message is inserted before the second handshake record.",
193 "quirks" : {
194 "thresholdZeroAppData" : 2
195 }
196 },
197 {
198 "name" : "extraServerExtension",
199 "comment" : "An extra extension is added in the ServerHello. Client should reject it. BearSSL closes the connection, so the server gets an unexpected transport closure.",
200 "clientOnly" : "true",
201 "expectedExitCode" : 1,
202 "expectedFailure" : "Unexpected transport closure",
203 "quirks" : {
204 "sendExtraExtension" : "0xA7C0"
205 }
206 },
207 {
208 "name" : "extraClientExtension",
209 "comment" : "An extra extension is added in the ClientHello. Server should ignore it.",
210 "serverOnly" : "true",
211 "quirks" : {
212 "sendExtraExtension" : "0xA7C0"
213 }
214 },
215 {
216 "name" : "reconnectSelf",
217 "comment" : "Connection is closed and reconnection is performed; the session should be resumed.",
218 "reconnect" : "self"
219 },
220 {
221 "name" : "reconnectPeer",
222 "comment" : "Peer is tasked with closing then reconnecting; the session should be resumed.",
223 "reconnect" : "peer"
224 },
225 {
226 "name" : "reconnectSelfForgetSelf",
227 "comment" : "Connection is closed and reconnection is performed. Previous session if forgotten on our part.",
228 "reconnect" : "self",
229 "forget" : "self"
230 },
231 {
232 "name" : "reconnectSelfForgetPeer",
233 "comment" : "Peer should forget session. Then we close and reconnect.",
234 "reconnect" : "self",
235 "forget" : "peer"
236 },
237 {
238 "name" : "reconnectPeerForgetSelf",
239 "comment" : "We forget the session. Peer should close and reconnect.",
240 "reconnect" : "peer",
241 "forget" : "self"
242 },
243 {
244 "name" : "reconnectPeerForgetPeer",
245 "comment" : "Peer should forget session. Peer should close and reconnect.",
246 "reconnect" : "peer",
247 "forget" : "peer"
248 }
249 ]
250 }
Unnamed repository; edit this file 'description' to name the repository.