3865N/A * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 0N/A * published by the Free Software Foundation. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * Test that all ciphersuites work in all versions and all client 0N/A * authentication types. The way this is setup the server is stateless and 0N/A * all checking is done on the client side. 0N/A * The test is multithreaded to speed it up, especially on multiprocessor 0N/A * machines. To simplify debugging, run with -DnumThreads=1. 0N/A * @author Andreas Sterbenz 0N/A // use any available port for the server socket 0N/A // assume that if we do not read anything for 20 seconds, something 0N/A // 2nd newline in a row, end of request 3865N/A // cipher suites supported since TLS 1.2 3865N/A CS_01(
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
0x0303,
0xFFFF),
3865N/A CS_02(
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
0x0303,
0xFFFF),
3865N/A CS_03(
"TLS_RSA_WITH_AES_256_CBC_SHA256",
0x0303,
0xFFFF),
3865N/A CS_04(
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
0x0303,
0xFFFF),
3865N/A CS_05(
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
0x0303,
0xFFFF),
3865N/A CS_06(
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
0x0303,
0xFFFF),
3865N/A CS_07(
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
0x0303,
0xFFFF),
3865N/A CS_08(
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
0x0303,
0xFFFF),
3865N/A CS_09(
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
0x0303,
0xFFFF),
3865N/A CS_10(
"TLS_RSA_WITH_AES_128_CBC_SHA256",
0x0303,
0xFFFF),
3865N/A CS_11(
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
0x0303,
0xFFFF),
3865N/A CS_12(
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
0x0303,
0xFFFF),
3865N/A CS_13(
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
0x0303,
0xFFFF),
3865N/A CS_14(
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
0x0303,
0xFFFF),
3865N/A CS_15(
"TLS_DH_anon_WITH_AES_256_CBC_SHA256",
0x0303,
0xFFFF),
3865N/A CS_16(
"TLS_DH_anon_WITH_AES_128_CBC_SHA256",
0x0303,
0xFFFF),
3865N/A // cipher suites obsoleted since TLS 1.2 3865N/A CS_51(
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
0x0000,
0x0303),
3865N/A CS_52(
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
0x0000,
0x0303),
3865N/A CS_53(
"SSL_DH_anon_WITH_DES_CBC_SHA",
0x0000,
0x0303),
3865N/A // cipher suites obsoleted since TLS 1.1 3865N/A CS_60(
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
0x0000,
0x0302),
3865N/A CS_61(
"SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
0x0000,
0x0302),
3865N/A CS_62(
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
0x0000,
0x0302),
3865N/A CS_63(
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
0x0000,
0x0302),
3865N/A CS_64(
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
0x0000,
0x0302),
3865N/A CS_65(
"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
0x0000,
0x0302),
3865N/A CS_66(
"TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
0x0000,
0x0302),
3865N/A CS_67(
"TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
0x0000,
0x0302),
3865N/A CS_68(
"TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
0x0000,
0x0302),
3865N/A CS_69(
"TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
0x0000,
0x0302),
3865N/A // ignore TLS_EMPTY_RENEGOTIATION_INFO_SCSV always 3865N/A CS_99(
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
0xFFFF,
0x0000);
3865N/A // supported since protocol version 3865N/A // obsoleted since protocol version 3865N/A return true;
// unlikely to happen 0N/A // no client with anonymous ciphersuites 0N/A "' completed successfully");
0N/A // for some reason, ${test.src} has a different value when the 0N/A // test is called from the script and when it is called directly... 2998N/A // skip kerberos cipher suites 2998N/A // skip SSLv2Hello protocol 2998N/A // ignore exportable cipher suite for TLSv1.1 3002N/A // ignore obsoleted cipher suite for the specified protocol 3002N/A // ignore unsupported cipher suite for the specified protocol 0N/A// we currently don't do any chain verification. we assume that works ok 0N/A// and we can speed up the test. we could also just add a plain certificate 0N/A// chain comparision with our trusted certificates.