root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

28-seclevel.cnf.in: Enable some groups required for high SECLEVELs 

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26801)
This commit is contained in:
Tomas Mraz 2025-02-21 17:09:22 +01:00
parent 5a9966dd3a
commit bcc364896e
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
test/ssl-tests/28-seclevel.cnf
View File

@ -43,10 +43,12 @@ client = 1-SECLEVEL 4 with ED448 key-client
[1-SECLEVEL 4 with ED448 key-server] [1-SECLEVEL 4 with ED448 key-server]
Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
CipherString = DEFAULT:@SECLEVEL=4 CipherString = DEFAULT:@SECLEVEL=4
Groups = ?X448:?secp521r1
PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
[1-SECLEVEL 4 with ED448 key-client] [1-SECLEVEL 4 with ED448 key-client]
CipherString = DEFAULT:@SECLEVEL=4 CipherString = DEFAULT:@SECLEVEL=4
Groups = ?X448:?secp521r1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
VerifyMode = Peer VerifyMode = Peer
@ -66,10 +68,12 @@ client = 2-SECLEVEL 5 server with ED448 key-client
[2-SECLEVEL 5 server with ED448 key-server] [2-SECLEVEL 5 server with ED448 key-server]
Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
CipherString = DEFAULT:@SECLEVEL=5 CipherString = DEFAULT:@SECLEVEL=5
Groups = ?X448:?secp521r1
PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
[2-SECLEVEL 5 server with ED448 key-client] [2-SECLEVEL 5 server with ED448 key-client]
CipherString = DEFAULT:@SECLEVEL=4 CipherString = DEFAULT:@SECLEVEL=4
Groups = ?X448:?secp521r1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
VerifyMode = Peer VerifyMode = Peer
@ -89,10 +93,12 @@ client = 3-SECLEVEL 5 client with ED448 key-client
[3-SECLEVEL 5 client with ED448 key-server] [3-SECLEVEL 5 client with ED448 key-server]
Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
CipherString = DEFAULT:@SECLEVEL=4 CipherString = DEFAULT:@SECLEVEL=4
Groups = ?X448:?secp521r1
PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
[3-SECLEVEL 5 client with ED448 key-client] [3-SECLEVEL 5 client with ED448 key-client]
CipherString = DEFAULT:@SECLEVEL=5 CipherString = DEFAULT:@SECLEVEL=5
Groups = ?X448:?secp521r1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
VerifyMode = Peer VerifyMode = Peer

6
test/ssl-tests/28-seclevel.cnf.in
View File

@ -27,9 +27,11 @@ our @tests_ec = (
{ {
name => "SECLEVEL 4 with ED448 key", name => "SECLEVEL 4 with ED448 key",
server => { "CipherString" => "DEFAULT:\@SECLEVEL=4", server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
"Groups" => "?X448:?secp521r1",
"Certificate" => test_pem("server-ed448-cert.pem"), "Certificate" => test_pem("server-ed448-cert.pem"),
"PrivateKey" => test_pem("server-ed448-key.pem") }, "PrivateKey" => test_pem("server-ed448-key.pem") },
client => { "CipherString" => "DEFAULT:\@SECLEVEL=4", client => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
"Groups" => "?X448:?secp521r1",
"VerifyCAFile" => test_pem("root-ed448-cert.pem") }, "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
test => { "ExpectedResult" => "Success" }, test => { "ExpectedResult" => "Success" },
}, },
@ -40,9 +42,11 @@ our @tests_ec = (
# the order will be reversed and it will instead fail to load the key. # the order will be reversed and it will instead fail to load the key.
name => "SECLEVEL 5 server with ED448 key", name => "SECLEVEL 5 server with ED448 key",
server => { "CipherString" => "DEFAULT:\@SECLEVEL=5", server => { "CipherString" => "DEFAULT:\@SECLEVEL=5",
"Groups" => "?X448:?secp521r1",
"Certificate" => test_pem("server-ed448-cert.pem"), "Certificate" => test_pem("server-ed448-cert.pem"),
"PrivateKey" => test_pem("server-ed448-key.pem") }, "PrivateKey" => test_pem("server-ed448-key.pem") },
client => { "CipherString" => "DEFAULT:\@SECLEVEL=4", client => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
"Groups" => "?X448:?secp521r1",
"VerifyCAFile" => test_pem("root-ed448-cert.pem") }, "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
test => { "ExpectedResult" => "ServerFail" }, test => { "ExpectedResult" => "ServerFail" },
}, },
@ -51,9 +55,11 @@ our @tests_ec = (
# doesn't have a usable signature algorithm for the certificate. # doesn't have a usable signature algorithm for the certificate.
name => "SECLEVEL 5 client with ED448 key", name => "SECLEVEL 5 client with ED448 key",
server => { "CipherString" => "DEFAULT:\@SECLEVEL=4", server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
"Groups" => "?X448:?secp521r1",
"Certificate" => test_pem("server-ed448-cert.pem"), "Certificate" => test_pem("server-ed448-cert.pem"),
"PrivateKey" => test_pem("server-ed448-key.pem") }, "PrivateKey" => test_pem("server-ed448-key.pem") },
client => { "CipherString" => "DEFAULT:\@SECLEVEL=5", client => { "CipherString" => "DEFAULT:\@SECLEVEL=5",
"Groups" => "?X448:?secp521r1",
"VerifyCAFile" => test_pem("root-ed448-cert.pem") }, "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
test => { "ExpectedResult" => "ServerFail" }, test => { "ExpectedResult" => "ServerFail" },
} }