Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 1 | killall -q openssl ssl_server |
| 2 | |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame^] | 3 | MODES="ssl3 tls1 tls1_1 tls1_2" |
| 4 | #VERIFY="YES" |
| 5 | VERIFY="" |
| 6 | |
| 7 | if [ "X$VERIFY" = "XYES" ]; |
| 8 | then |
| 9 | P_CLIENT_ARGS="crt_file=data_files/server2.crt key_file=data_files/server2.key" |
| 10 | O_SERVER_ARGS="-verify 10" |
| 11 | fi |
Paul Bakker | 398cb51 | 2012-04-10 08:22:31 +0000 | [diff] [blame] | 12 | |
| 13 | for MODE in $MODES; |
| 14 | do |
| 15 | echo "Running for $MODE" |
| 16 | echo "-----------" |
| 17 | |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame^] | 18 | P_CIPHERS=" \ |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 19 | SSL-EDH-RSA-AES-128-SHA \ |
| 20 | SSL-EDH-RSA-AES-256-SHA \ |
| 21 | SSL-EDH-RSA-CAMELLIA-128-SHA \ |
| 22 | SSL-EDH-RSA-CAMELLIA-256-SHA \ |
| 23 | SSL-EDH-RSA-DES-168-SHA \ |
| 24 | SSL-RSA-AES-256-SHA \ |
| 25 | SSL-RSA-CAMELLIA-256-SHA \ |
| 26 | SSL-RSA-AES-128-SHA \ |
| 27 | SSL-RSA-CAMELLIA-128-SHA \ |
| 28 | SSL-RSA-DES-168-SHA \ |
| 29 | SSL-RSA-RC4-128-SHA \ |
| 30 | SSL-RSA-RC4-128-MD5 \ |
| 31 | SSL-RSA-NULL-MD5 \ |
| 32 | SSL-RSA-NULL-SHA \ |
| 33 | SSL-RSA-DES-SHA \ |
| 34 | SSL-EDH-RSA-DES-SHA \ |
| 35 | " |
| 36 | |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame^] | 37 | O_CIPHERS=" \ |
| 38 | DHE-RSA-AES128-SHA \ |
| 39 | DHE-RSA-AES256-SHA \ |
| 40 | DHE-RSA-CAMELLIA128-SHA \ |
| 41 | DHE-RSA-CAMELLIA256-SHA \ |
| 42 | EDH-RSA-DES-CBC3-SHA \ |
| 43 | AES256-SHA \ |
| 44 | CAMELLIA256-SHA \ |
| 45 | AES128-SHA \ |
| 46 | CAMELLIA128-SHA \ |
| 47 | DES-CBC3-SHA \ |
| 48 | RC4-SHA \ |
| 49 | RC4-MD5 \ |
| 50 | NULL-MD5 \ |
| 51 | NULL-SHA \ |
| 52 | DES-CBC-SHA \ |
| 53 | EDH-RSA-DES-CBC-SHA \ |
| 54 | " |
| 55 | |
| 56 | if [ "$MODE" = "tls1_2" ]; |
| 57 | then |
| 58 | P_CIPHERS="$P_CIPHERS \ |
| 59 | SSL-RSA-NULL-SHA256 \ |
| 60 | SSL-RSA-AES-128-SHA256 \ |
| 61 | SSL-EDH-RSA-AES-128-SHA256 \ |
| 62 | SSL-RSA-AES-256-SHA256 \ |
| 63 | SSL-EDH-RSA-AES-256-SHA256 \ |
| 64 | " |
| 65 | |
| 66 | O_CIPHERS="$O_CIPHERS \ |
| 67 | NULL-SHA256 \ |
| 68 | AES128-SHA256 \ |
| 69 | DHE-RSA-AES128-SHA256 \ |
| 70 | AES256-SHA256 \ |
| 71 | DHE-RSA-AES256-SHA256 \ |
| 72 | " |
| 73 | fi |
| 74 | |
| 75 | openssl s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE & |
| 76 | PROCESS_ID=$! |
| 77 | |
| 78 | sleep 1 |
| 79 | |
| 80 | for i in $P_CIPHERS; |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 81 | do |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame^] | 82 | RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i )" |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 83 | EXIT=$? |
| 84 | echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - " |
| 85 | if [ "$EXIT" = "2" ]; |
| 86 | then |
| 87 | echo Ciphersuite not supported in client |
| 88 | elif [ "$EXIT" != "0" ]; |
| 89 | then |
| 90 | echo Failed |
| 91 | echo $RESULT |
| 92 | else |
| 93 | echo Success |
| 94 | fi |
| 95 | done |
| 96 | kill $PROCESS_ID |
| 97 | |
| 98 | ../programs/ssl/ssl_server > /dev/null & |
| 99 | PROCESS_ID=$! |
| 100 | |
| 101 | sleep 1 |
| 102 | |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame^] | 103 | for i in $O_CIPHERS; |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 104 | do |
Paul Bakker | 398cb51 | 2012-04-10 08:22:31 +0000 | [diff] [blame] | 105 | RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | openssl s_client -$MODE -cipher $i 2>&1)" |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 106 | EXIT=$? |
| 107 | echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - " |
| 108 | |
| 109 | if [ "$EXIT" != "0" ]; |
| 110 | then |
| 111 | SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )" |
| 112 | if [ "X$SUPPORTED" != "X" ] |
| 113 | then |
| 114 | echo "Ciphersuite not supported in server" |
| 115 | else |
| 116 | echo Failed |
| 117 | echo $RESULT |
| 118 | fi |
| 119 | else |
| 120 | echo Success |
| 121 | fi |
| 122 | done |
| 123 | |
| 124 | kill $PROCESS_ID |
| 125 | |
| 126 | ../programs/ssl/ssl_server > /dev/null & |
| 127 | PROCESS_ID=$! |
| 128 | |
| 129 | sleep 1 |
| 130 | |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame^] | 131 | # OpenSSL does not support RFC5246 Camellia ciphers with SHA256 |
| 132 | # Add for PolarSSL only test, which does support them. |
| 133 | # |
| 134 | if [ "$MODE" = "tls1_2" ]; |
| 135 | then |
| 136 | P_CIPHERS="$P_CIPHERS \ |
| 137 | SSL-RSA-CAMELLIA-128-SHA256 \ |
| 138 | SSL-EDH-RSA-CAMELLIA-128-SHA256 \ |
| 139 | SSL-RSA-CAMELLIA-256-SHA256 \ |
| 140 | SSL-EDH-RSA-CAMELLIA-256-SHA256 \ |
| 141 | " |
| 142 | fi |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 143 | |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame^] | 144 | for i in $P_CIPHERS; |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 145 | do |
| 146 | RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i )" |
| 147 | EXIT=$? |
| 148 | echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - " |
| 149 | if [ "$EXIT" = "2" ]; |
| 150 | then |
| 151 | echo Ciphersuite not supported in client |
| 152 | elif [ "$EXIT" != "0" ]; |
| 153 | then |
| 154 | echo Failed |
| 155 | echo $RESULT |
| 156 | else |
| 157 | echo Success |
| 158 | fi |
| 159 | done |
| 160 | kill $PROCESS_ID |
| 161 | |
Paul Bakker | 398cb51 | 2012-04-10 08:22:31 +0000 | [diff] [blame] | 162 | done |
| 163 | |