Paul Bakker | accd4eb | 2013-07-19 13:41:51 +0200 | [diff] [blame] | 1 | #!/bin/bash |
| 2 | |
Paul Bakker | 645ce3a | 2012-10-31 12:32:41 +0000 | [diff] [blame] | 3 | killall -q openssl ssl_server ssl_server2 |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 4 | |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame] | 5 | MODES="ssl3 tls1 tls1_1 tls1_2" |
Paul Bakker | 1eeceae | 2012-11-23 14:25:34 +0100 | [diff] [blame] | 6 | VERIFIES="NO YES" |
Paul Bakker | 0c93d12 | 2012-09-13 14:26:09 +0000 | [diff] [blame] | 7 | OPENSSL=openssl |
Paul Bakker | accd4eb | 2013-07-19 13:41:51 +0200 | [diff] [blame] | 8 | FILTER="" |
| 9 | VERBOSE="" |
| 10 | |
| 11 | # Parse arguments |
| 12 | # |
| 13 | until [ -z "$1" ] |
| 14 | do |
| 15 | case "$1" in |
| 16 | -f|--filter) |
| 17 | # Filter ciphersuites |
| 18 | shift |
| 19 | FILTER=$1 |
| 20 | ;; |
Paul Bakker | 524691c | 2013-07-25 17:01:20 +0200 | [diff] [blame] | 21 | -m|--modes) |
| 22 | # Perform modes |
| 23 | shift |
| 24 | MODES=$1 |
| 25 | ;; |
Paul Bakker | accd4eb | 2013-07-19 13:41:51 +0200 | [diff] [blame] | 26 | -v|--verbose) |
| 27 | # Set verbosity |
| 28 | shift |
| 29 | VERBOSE=1 |
| 30 | ;; |
| 31 | -h|--help) |
| 32 | # print help |
| 33 | echo "Usage: $0" |
Paul Bakker | 524691c | 2013-07-25 17:01:20 +0200 | [diff] [blame] | 34 | echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)" |
Paul Bakker | accd4eb | 2013-07-19 13:41:51 +0200 | [diff] [blame] | 35 | echo -e " -h|--help\t\tPrint this help." |
Paul Bakker | 524691c | 2013-07-25 17:01:20 +0200 | [diff] [blame] | 36 | echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")" |
Paul Bakker | accd4eb | 2013-07-19 13:41:51 +0200 | [diff] [blame] | 37 | echo -e " -v|--verbose\t\tSet verbose output." |
| 38 | exit 1 |
| 39 | ;; |
| 40 | *) |
| 41 | # print error |
| 42 | echo "Unknown argument: '$1'" |
| 43 | exit 1 |
| 44 | ;; |
| 45 | esac |
| 46 | shift |
| 47 | done |
| 48 | |
| 49 | log () { |
| 50 | if [ "X" != "X$VERBOSE" ]; then |
| 51 | echo "$@" |
| 52 | fi |
| 53 | } |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame] | 54 | |
Paul Bakker | 1eeceae | 2012-11-23 14:25:34 +0100 | [diff] [blame] | 55 | for VERIFY in $VERIFIES; |
| 56 | do |
Paul Bakker | 7e5e7ca | 2013-04-17 19:27:58 +0200 | [diff] [blame] | 57 | P_SERVER_ARGS="psk=6162636465666768696a6b6c6d6e6f70" |
| 58 | P_CLIENT_ARGS="psk=6162636465666768696a6b6c6d6e6f70" |
| 59 | O_SERVER_ARGS="-psk 6162636465666768696a6b6c6d6e6f70" |
| 60 | O_CLIENT_ARGS="-psk 6162636465666768696a6b6c6d6e6f70" |
| 61 | |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame] | 62 | if [ "X$VERIFY" = "XYES" ]; |
| 63 | then |
Paul Bakker | 7e5e7ca | 2013-04-17 19:27:58 +0200 | [diff] [blame] | 64 | P_SERVER_ARGS="$P_SERVER_ARGS auth_mode=required crt_file=data_files/server1.crt key_file=data_files/server1.key ca_file=data_files/test-ca.crt" |
| 65 | P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key ca_file=data_files/test-ca.crt" |
| 66 | O_SERVER_ARGS="$O_SERVER_ARGS -verify 10 -CAfile data_files/test-ca.crt -cert data_files/server1.crt -key data_files/server1.key" |
| 67 | O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server2.crt -key data_files/server2.key -CAfile data_files/test-ca.crt" |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame] | 68 | fi |
Paul Bakker | 398cb51 | 2012-04-10 08:22:31 +0000 | [diff] [blame] | 69 | |
| 70 | for MODE in $MODES; |
| 71 | do |
Paul Bakker | 1eeceae | 2012-11-23 14:25:34 +0100 | [diff] [blame] | 72 | echo "Running for $MODE (Verify: $VERIFY)" |
Paul Bakker | 398cb51 | 2012-04-10 08:22:31 +0000 | [diff] [blame] | 73 | echo "-----------" |
| 74 | |
Paul Bakker | 645ce3a | 2012-10-31 12:32:41 +0000 | [diff] [blame] | 75 | P_CIPHERS=" \ |
| 76 | TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ |
| 77 | TLS-DHE-RSA-WITH-AES-256-CBC-SHA \ |
| 78 | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \ |
| 79 | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \ |
| 80 | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \ |
| 81 | TLS-RSA-WITH-AES-256-CBC-SHA \ |
| 82 | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \ |
| 83 | TLS-RSA-WITH-AES-128-CBC-SHA \ |
| 84 | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \ |
| 85 | TLS-RSA-WITH-3DES-EDE-CBC-SHA \ |
| 86 | TLS-RSA-WITH-RC4-128-SHA \ |
| 87 | TLS-RSA-WITH-RC4-128-MD5 \ |
Paul Bakker | accd4eb | 2013-07-19 13:41:51 +0200 | [diff] [blame] | 88 | TLS-RSA-EXPORT-WITH-RC4-40-MD5 \ |
Paul Bakker | 645ce3a | 2012-10-31 12:32:41 +0000 | [diff] [blame] | 89 | TLS-RSA-WITH-NULL-MD5 \ |
| 90 | TLS-RSA-WITH-NULL-SHA \ |
| 91 | TLS-RSA-WITH-DES-CBC-SHA \ |
| 92 | TLS-DHE-RSA-WITH-DES-CBC-SHA \ |
Paul Bakker | 41c83d3 | 2013-03-20 14:39:14 +0100 | [diff] [blame] | 93 | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \ |
| 94 | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \ |
| 95 | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \ |
| 96 | TLS-ECDHE-RSA-WITH-RC4-128-SHA \ |
Paul Bakker | 41c83d3 | 2013-03-20 14:39:14 +0100 | [diff] [blame] | 97 | TLS-ECDHE-RSA-WITH-NULL-SHA \ |
Paul Bakker | 7e5e7ca | 2013-04-17 19:27:58 +0200 | [diff] [blame] | 98 | TLS-PSK-WITH-RC4-128-SHA \ |
| 99 | TLS-PSK-WITH-3DES-EDE-CBC-SHA \ |
| 100 | TLS-PSK-WITH-AES-128-CBC-SHA \ |
| 101 | TLS-PSK-WITH-AES-256-CBC-SHA \ |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 102 | " |
| 103 | |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame] | 104 | O_CIPHERS=" \ |
| 105 | DHE-RSA-AES128-SHA \ |
| 106 | DHE-RSA-AES256-SHA \ |
| 107 | DHE-RSA-CAMELLIA128-SHA \ |
| 108 | DHE-RSA-CAMELLIA256-SHA \ |
| 109 | EDH-RSA-DES-CBC3-SHA \ |
| 110 | AES256-SHA \ |
| 111 | CAMELLIA256-SHA \ |
| 112 | AES128-SHA \ |
| 113 | CAMELLIA128-SHA \ |
| 114 | DES-CBC3-SHA \ |
| 115 | RC4-SHA \ |
| 116 | RC4-MD5 \ |
Paul Bakker | accd4eb | 2013-07-19 13:41:51 +0200 | [diff] [blame] | 117 | EXP-RC4-MD5 \ |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame] | 118 | NULL-MD5 \ |
| 119 | NULL-SHA \ |
| 120 | DES-CBC-SHA \ |
| 121 | EDH-RSA-DES-CBC-SHA \ |
Paul Bakker | 41c83d3 | 2013-03-20 14:39:14 +0100 | [diff] [blame] | 122 | ECDHE-RSA-AES256-SHA \ |
| 123 | ECDHE-RSA-AES128-SHA \ |
| 124 | ECDHE-RSA-DES-CBC3-SHA \ |
| 125 | ECDHE-RSA-RC4-SHA \ |
| 126 | ECDHE-RSA-NULL-SHA \ |
Paul Bakker | 7e5e7ca | 2013-04-17 19:27:58 +0200 | [diff] [blame] | 127 | PSK-RC4-SHA \ |
| 128 | PSK-3DES-EDE-CBC-SHA \ |
| 129 | PSK-AES128-CBC-SHA \ |
| 130 | PSK-AES256-CBC-SHA |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame] | 131 | " |
| 132 | |
Paul Bakker | 0c93d12 | 2012-09-13 14:26:09 +0000 | [diff] [blame] | 133 | # Also add SHA256 ciphersuites |
| 134 | # |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame] | 135 | if [ "$MODE" = "tls1_2" ]; |
| 136 | then |
Paul Bakker | 1eeceae | 2012-11-23 14:25:34 +0100 | [diff] [blame] | 137 | P_CIPHERS="$P_CIPHERS \ |
| 138 | TLS-RSA-WITH-NULL-SHA256 \ |
| 139 | TLS-RSA-WITH-AES-128-CBC-SHA256 \ |
| 140 | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \ |
| 141 | TLS-RSA-WITH-AES-256-CBC-SHA256 \ |
| 142 | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \ |
Paul Bakker | 27714b1 | 2013-04-07 23:07:12 +0200 | [diff] [blame] | 143 | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \ |
| 144 | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \ |
Paul Bakker | 1eeceae | 2012-11-23 14:25:34 +0100 | [diff] [blame] | 145 | " |
| 146 | |
| 147 | O_CIPHERS="$O_CIPHERS \ |
| 148 | NULL-SHA256 \ |
| 149 | AES128-SHA256 \ |
| 150 | DHE-RSA-AES128-SHA256 \ |
| 151 | AES256-SHA256 \ |
| 152 | DHE-RSA-AES256-SHA256 \ |
Paul Bakker | a54e493 | 2013-03-20 15:31:54 +0100 | [diff] [blame] | 153 | ECDHE-RSA-AES128-SHA256 \ |
| 154 | ECDHE-RSA-AES256-SHA384 \ |
Paul Bakker | 1eeceae | 2012-11-23 14:25:34 +0100 | [diff] [blame] | 155 | " |
| 156 | |
Paul Bakker | 645ce3a | 2012-10-31 12:32:41 +0000 | [diff] [blame] | 157 | P_CIPHERS="$P_CIPHERS \ |
| 158 | TLS-RSA-WITH-AES-128-GCM-SHA256 \ |
| 159 | TLS-RSA-WITH-AES-256-GCM-SHA384 \ |
| 160 | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \ |
| 161 | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \ |
Paul Bakker | a54e493 | 2013-03-20 15:31:54 +0100 | [diff] [blame] | 162 | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ |
| 163 | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \ |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame] | 164 | " |
| 165 | |
| 166 | O_CIPHERS="$O_CIPHERS \ |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 167 | AES128-GCM-SHA256 \ |
| 168 | DHE-RSA-AES128-GCM-SHA256 \ |
| 169 | AES256-GCM-SHA384 \ |
| 170 | DHE-RSA-AES256-GCM-SHA384 \ |
Paul Bakker | a54e493 | 2013-03-20 15:31:54 +0100 | [diff] [blame] | 171 | ECDHE-RSA-AES128-GCM-SHA256 \ |
| 172 | ECDHE-RSA-AES256-GCM-SHA384 \ |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame] | 173 | " |
| 174 | fi |
| 175 | |
Paul Bakker | accd4eb | 2013-07-19 13:41:51 +0200 | [diff] [blame] | 176 | filter() |
| 177 | { |
| 178 | LIST=$1 |
| 179 | FILTER=$2 |
| 180 | |
| 181 | NEW_LIST="" |
| 182 | |
| 183 | for i in $LIST; |
| 184 | do |
| 185 | NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )" |
| 186 | done |
| 187 | |
| 188 | echo "$NEW_LIST" |
| 189 | } |
| 190 | |
| 191 | # Filter ciphersuites |
| 192 | if [ "X" != "X$FILTER" ]; |
| 193 | then |
| 194 | O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" ) |
| 195 | P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" ) |
| 196 | fi |
| 197 | |
| 198 | |
| 199 | log "$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE" |
Paul Bakker | 0c93d12 | 2012-09-13 14:26:09 +0000 | [diff] [blame] | 200 | $OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE & |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame] | 201 | PROCESS_ID=$! |
| 202 | |
| 203 | sleep 1 |
| 204 | |
| 205 | for i in $P_CIPHERS; |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 206 | do |
Paul Bakker | accd4eb | 2013-07-19 13:41:51 +0200 | [diff] [blame] | 207 | log "../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE" |
Paul Bakker | 89fe7f4 | 2013-06-29 16:18:10 +0200 | [diff] [blame] | 208 | RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE )" |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 209 | EXIT=$? |
| 210 | echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - " |
| 211 | if [ "$EXIT" = "2" ]; |
| 212 | then |
| 213 | echo Ciphersuite not supported in client |
| 214 | elif [ "$EXIT" != "0" ]; |
| 215 | then |
| 216 | echo Failed |
| 217 | echo $RESULT |
| 218 | else |
| 219 | echo Success |
| 220 | fi |
| 221 | done |
| 222 | kill $PROCESS_ID |
Paul Bakker | accd4eb | 2013-07-19 13:41:51 +0200 | [diff] [blame] | 223 | wait $PROCESS_ID 2>/dev/null |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 224 | |
Paul Bakker | accd4eb | 2013-07-19 13:41:51 +0200 | [diff] [blame] | 225 | log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null" |
Paul Bakker | 89fe7f4 | 2013-06-29 16:18:10 +0200 | [diff] [blame] | 226 | ../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null & |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 227 | PROCESS_ID=$! |
| 228 | |
| 229 | sleep 1 |
| 230 | |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame] | 231 | for i in $O_CIPHERS; |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 232 | do |
Paul Bakker | accd4eb | 2013-07-19 13:41:51 +0200 | [diff] [blame] | 233 | log "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS" |
Paul Bakker | 1eeceae | 2012-11-23 14:25:34 +0100 | [diff] [blame] | 234 | RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )" |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 235 | EXIT=$? |
| 236 | echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - " |
| 237 | |
| 238 | if [ "$EXIT" != "0" ]; |
| 239 | then |
| 240 | SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )" |
| 241 | if [ "X$SUPPORTED" != "X" ] |
| 242 | then |
| 243 | echo "Ciphersuite not supported in server" |
| 244 | else |
| 245 | echo Failed |
Paul Bakker | 1eeceae | 2012-11-23 14:25:34 +0100 | [diff] [blame] | 246 | echo ../programs/ssl/ssl_server2 $P_SERVER_ARGS |
| 247 | echo $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 248 | echo $RESULT |
| 249 | fi |
| 250 | else |
| 251 | echo Success |
| 252 | fi |
| 253 | done |
| 254 | |
| 255 | kill $PROCESS_ID |
Paul Bakker | accd4eb | 2013-07-19 13:41:51 +0200 | [diff] [blame] | 256 | wait $PROCESS_ID 2>/dev/null |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 257 | |
Paul Bakker | accd4eb | 2013-07-19 13:41:51 +0200 | [diff] [blame] | 258 | log "../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE" |
Paul Bakker | 89fe7f4 | 2013-06-29 16:18:10 +0200 | [diff] [blame] | 259 | ../programs/ssl/ssl_server2 $P_SERVER_ARGS force_version=$MODE > /dev/null & |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 260 | PROCESS_ID=$! |
| 261 | |
| 262 | sleep 1 |
| 263 | |
Paul Bakker | 27714b1 | 2013-04-07 23:07:12 +0200 | [diff] [blame] | 264 | # OpenSSL does not support RFC5246 and RFC6367 Camellia ciphers with SHA256 |
| 265 | # or SHA384 |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame] | 266 | # Add for PolarSSL only test, which does support them. |
| 267 | # |
| 268 | if [ "$MODE" = "tls1_2" ]; |
| 269 | then |
Paul Bakker | 645ce3a | 2012-10-31 12:32:41 +0000 | [diff] [blame] | 270 | P_CIPHERS="$P_CIPHERS \ |
| 271 | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ |
| 272 | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ |
| 273 | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ |
| 274 | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ |
Paul Bakker | 27714b1 | 2013-04-07 23:07:12 +0200 | [diff] [blame] | 275 | TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ |
| 276 | TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \ |
Paul Bakker | 40afb4b | 2013-04-19 22:03:30 +0200 | [diff] [blame] | 277 | TLS-PSK-WITH-AES-128-CBC-SHA256 \ |
| 278 | TLS-PSK-WITH-AES-256-CBC-SHA384 \ |
| 279 | TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \ |
| 280 | TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ |
| 281 | TLS-PSK-WITH-AES-128-GCM-SHA256 \ |
| 282 | TLS-PSK-WITH-AES-256-GCM-SHA384 \ |
| 283 | TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \ |
| 284 | TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \ |
| 285 | TLS-PSK-WITH-NULL-SHA256 \ |
| 286 | TLS-PSK-WITH-NULL-SHA384 \ |
| 287 | TLS-DHE-PSK-WITH-NULL-SHA256 \ |
| 288 | TLS-DHE-PSK-WITH-NULL-SHA384 \ |
Paul Bakker | 0f2f0bf | 2013-07-26 15:03:31 +0200 | [diff] [blame] | 289 | TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ |
| 290 | TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ |
| 291 | TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ |
| 292 | TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame] | 293 | " |
| 294 | fi |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 295 | |
Paul Bakker | 48f7a5d | 2013-04-19 14:30:58 +0200 | [diff] [blame] | 296 | # OpenSSL does not support DHE-PSK ciphers |
| 297 | # Add for PolarSSL only test, which does support them. |
| 298 | # |
| 299 | P_CIPHERS="$P_CIPHERS \ |
| 300 | TLS-DHE-PSK-WITH-RC4-128-SHA \ |
| 301 | TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \ |
| 302 | TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ |
| 303 | TLS-DHE-PSK-WITH-AES-256-CBC-SHA \ |
Paul Bakker | a1bf92d | 2013-04-19 19:48:45 +0200 | [diff] [blame] | 304 | TLS-PSK-WITH-NULL-SHA \ |
| 305 | TLS-DHE-PSK-WITH-NULL-SHA \ |
Paul Bakker | 48f7a5d | 2013-04-19 14:30:58 +0200 | [diff] [blame] | 306 | " |
| 307 | |
Paul Bakker | accd4eb | 2013-07-19 13:41:51 +0200 | [diff] [blame] | 308 | # Filter ciphersuites |
| 309 | if [ "X" != "X$FILTER" ]; |
| 310 | then |
| 311 | O_CIPHERS=$( filter "$O_CIPHERS" "$FILTER" ) |
| 312 | P_CIPHERS=$( filter "$P_CIPHERS" "$FILTER" ) |
| 313 | fi |
| 314 | |
Paul Bakker | 10cd225 | 2012-04-12 21:26:34 +0000 | [diff] [blame] | 315 | for i in $P_CIPHERS; |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 316 | do |
Paul Bakker | accd4eb | 2013-07-19 13:41:51 +0200 | [diff] [blame] | 317 | log "../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS" |
Paul Bakker | 89fe7f4 | 2013-06-29 16:18:10 +0200 | [diff] [blame] | 318 | RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS )" |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 319 | EXIT=$? |
| 320 | echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - " |
| 321 | if [ "$EXIT" = "2" ]; |
| 322 | then |
| 323 | echo Ciphersuite not supported in client |
| 324 | elif [ "$EXIT" != "0" ]; |
| 325 | then |
| 326 | echo Failed |
| 327 | echo $RESULT |
| 328 | else |
| 329 | echo Success |
| 330 | fi |
| 331 | done |
| 332 | kill $PROCESS_ID |
Paul Bakker | accd4eb | 2013-07-19 13:41:51 +0200 | [diff] [blame] | 333 | wait $PROCESS_ID 2>/dev/null |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 334 | |
Paul Bakker | 398cb51 | 2012-04-10 08:22:31 +0000 | [diff] [blame] | 335 | done |
Paul Bakker | 1eeceae | 2012-11-23 14:25:34 +0100 | [diff] [blame] | 336 | done |