2 * Copyright (c) 2012,2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
27 #include <Security/SecureTransportPriv.h>
28 #include <AssertMacros.h>
29 #include <utilities/SecCFRelease.h>
31 #include "ssl-utils.h"
33 #include "cipherSpecs.h"
34 #import "STLegacyTests.h"
36 #pragma clang diagnostic push
37 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
39 @implementation STLegacyTests (sslciphers)
41 static int test_GetSupportedCiphers(SSLContextRef ssl, bool server)
43 size_t max_ciphers = 0;
45 SSLCipherSuite *ciphers = NULL;
47 require_noerr(SSLGetNumberSupportedCiphers(ssl, &max_ciphers), out);
49 size_t size = max_ciphers * sizeof (SSLCipherSuite);
50 ciphers = (SSLCipherSuite *) malloc(size);
52 require_string(ciphers, out, "out of memory");
53 memset(ciphers, 0xff, size);
55 size_t num_ciphers = max_ciphers;
56 require_noerr(SSLGetSupportedCiphers(ssl, ciphers, &num_ciphers), out);
58 for (size_t i = 0; i < num_ciphers; i++) {
59 require(ciphers[i]!=(SSLCipherSuite)(-1), out);
66 if(ciphers) free(ciphers);
71 static OSStatus SocketWrite(SSLConnectionRef conn, const void *data, size_t *length)
73 return errSSLWouldBlock;
76 static OSStatus SocketRead(SSLConnectionRef conn, void *data, size_t *length)
78 return errSSLWouldBlock;
83 static const SSLCipherSuite legacy_ciphersuites[] = {
84 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
85 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
86 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
87 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
88 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
89 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
90 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
91 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
92 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
93 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
94 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
95 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
96 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
97 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
98 TLS_RSA_WITH_AES_256_GCM_SHA384,
99 TLS_RSA_WITH_AES_128_GCM_SHA256,
100 TLS_RSA_WITH_AES_256_CBC_SHA256,
101 TLS_RSA_WITH_AES_128_CBC_SHA256,
102 TLS_RSA_WITH_AES_256_CBC_SHA,
103 TLS_RSA_WITH_AES_128_CBC_SHA,
104 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
107 const SSLCipherSuite legacy_DHE_ciphersuites[] = {
108 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
109 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
110 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
111 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
112 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
113 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
114 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
115 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
116 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
117 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
118 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
119 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
120 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
121 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
122 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
123 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
124 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
125 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
126 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
127 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
128 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
129 TLS_RSA_WITH_AES_256_GCM_SHA384,
130 TLS_RSA_WITH_AES_128_GCM_SHA256,
131 TLS_RSA_WITH_AES_256_CBC_SHA256,
132 TLS_RSA_WITH_AES_128_CBC_SHA256,
133 TLS_RSA_WITH_AES_256_CBC_SHA,
134 TLS_RSA_WITH_AES_128_CBC_SHA,
135 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
140 const SSLCipherSuite standard_ciphersuites[] = {
141 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
142 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
143 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
144 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
145 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
146 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
147 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
148 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
149 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
150 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
151 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
152 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
153 TLS_RSA_WITH_AES_256_GCM_SHA384,
154 TLS_RSA_WITH_AES_128_GCM_SHA256,
155 TLS_RSA_WITH_AES_256_CBC_SHA256,
156 TLS_RSA_WITH_AES_128_CBC_SHA256,
157 TLS_RSA_WITH_AES_256_CBC_SHA,
158 TLS_RSA_WITH_AES_128_CBC_SHA,
161 const SSLCipherSuite default_ciphersuites[] = {
162 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
163 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
164 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
165 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
166 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
167 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
168 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
169 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
170 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
171 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
172 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
173 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
174 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
175 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
176 TLS_RSA_WITH_AES_256_GCM_SHA384,
177 TLS_RSA_WITH_AES_128_GCM_SHA256,
178 TLS_RSA_WITH_AES_256_CBC_SHA256,
179 TLS_RSA_WITH_AES_128_CBC_SHA256,
180 TLS_RSA_WITH_AES_256_CBC_SHA,
181 TLS_RSA_WITH_AES_128_CBC_SHA,
182 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
185 const SSLCipherSuite ATSv1_ciphersuites[] = {
186 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
187 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
188 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
189 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
190 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
191 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
192 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
193 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
194 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
195 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
196 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
197 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
200 const SSLCipherSuite ATSv1_noPFS_ciphersuites[] = {
201 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
202 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
203 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
204 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
205 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
206 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
207 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
208 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
209 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
210 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
211 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
212 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
214 TLS_RSA_WITH_AES_256_GCM_SHA384,
215 TLS_RSA_WITH_AES_128_GCM_SHA256,
216 TLS_RSA_WITH_AES_256_CBC_SHA256,
217 TLS_RSA_WITH_AES_128_CBC_SHA256,
218 TLS_RSA_WITH_AES_256_CBC_SHA,
219 TLS_RSA_WITH_AES_128_CBC_SHA,
222 const SSLCipherSuite TLSv1_RC4_fallback_ciphersuites[] = {
223 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
224 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
225 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
226 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
227 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
228 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
229 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
230 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
231 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
232 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
233 TLS_RSA_WITH_AES_256_CBC_SHA256,
234 TLS_RSA_WITH_AES_128_CBC_SHA256,
235 TLS_RSA_WITH_AES_256_CBC_SHA,
236 TLS_RSA_WITH_AES_128_CBC_SHA,
237 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
240 const SSLCipherSuite TLSv1_fallback_ciphersuites[] = {
241 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
242 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
243 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
244 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
245 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
246 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
247 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
248 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
249 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
250 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
251 TLS_RSA_WITH_AES_256_CBC_SHA256,
252 TLS_RSA_WITH_AES_128_CBC_SHA256,
253 TLS_RSA_WITH_AES_256_CBC_SHA,
254 TLS_RSA_WITH_AES_128_CBC_SHA,
255 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
258 const SSLCipherSuite anonymous_ciphersuites[] = {
259 TLS_ECDH_anon_WITH_AES_256_CBC_SHA,
260 TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
261 TLS_DH_anon_WITH_AES_256_CBC_SHA256,
262 TLS_DH_anon_WITH_AES_256_CBC_SHA,
263 TLS_DH_anon_WITH_AES_128_CBC_SHA256,
264 TLS_DH_anon_WITH_AES_128_CBC_SHA
268 static int test_GetEnabledCiphers(SSLContextRef ssl, unsigned expected_num_ciphers, const SSLCipherSuite *expected_ciphers)
273 SSLCipherSuite *ciphers = NULL;
275 require_noerr(SSLSetIOFuncs(ssl, &SocketRead, &SocketWrite), out);
276 require_noerr(SSLSetConnection(ssl, NULL), out);
278 require_noerr(SSLGetNumberEnabledCiphers(ssl, &num_ciphers), out);
279 require_string(num_ciphers==expected_num_ciphers, out, "wrong ciphersuites number");
281 size = num_ciphers * sizeof (SSLCipherSuite);
282 ciphers = (SSLCipherSuite *) malloc(size);
283 require_string(ciphers, out, "out of memory");
284 memset(ciphers, 0xff, size);
286 require_noerr(SSLGetEnabledCiphers(ssl, ciphers, &num_ciphers), out);
287 require_string(memcmp(ciphers, expected_ciphers, size)==0, out, "wrong ciphersuites");
292 require(SSLHandshake(ssl) == errSSLWouldBlock, out);
294 require_noerr(SSLGetNumberEnabledCiphers(ssl, &num_ciphers), out);
295 require_string(num_ciphers==expected_num_ciphers, out, "wrong ciphersuites number");
297 size = num_ciphers * sizeof (SSLCipherSuite);
298 ciphers = (SSLCipherSuite *) malloc(size);
299 require_string(ciphers, out, "out of memory");
300 memset(ciphers, 0xff, size);
302 require_noerr(SSLGetEnabledCiphers(ssl, ciphers, &num_ciphers), out);
303 require_string(memcmp(ciphers, expected_ciphers, size)==0, out, "wrong ciphersuites");
313 static int test_SetEnabledCiphers(SSLContextRef ssl)
318 /* This should not fail as long as we have one valid cipher in this table */
319 SSLCipherSuite ciphers[] = {
320 SSL_RSA_WITH_RC2_CBC_MD5, /* unsupported */
321 TLS_RSA_WITH_NULL_SHA, /* supported by not enabled by default */
322 TLS_RSA_WITH_AES_128_CBC_SHA, /* Supported and enabled by default */
325 require_noerr(SSLSetEnabledCiphers(ssl, ciphers, sizeof(ciphers)/sizeof(SSLCipherSuite)), out);
326 require_noerr(SSLGetNumberEnabledCiphers(ssl, &num_enabled), out);
328 require(num_enabled==2, out); /* 2 ciphers in the above table are supported */
338 - (void)test_dhe: (SSLProtocolSide) side dhe_enabled: (bool) dhe_enabled
340 SSLContextRef ssl = NULL;
341 bool server = (side == kSSLServerSide);
343 ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
344 XCTAssert(ssl != NULL, "test_dhe: SSLCreateContext(1) failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
347 XCTAssertEqual(noErr, SSLSetDHEEnabled(ssl, dhe_enabled),"test_dhe: SSLSetDHEEnabled failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
349 unsigned num = (dhe_enabled?sizeof(legacy_DHE_ciphersuites):sizeof(legacy_ciphersuites))/sizeof(SSLCipherSuite);
350 const SSLCipherSuite *ciphers = dhe_enabled?legacy_DHE_ciphersuites:legacy_ciphersuites;
351 /* The order of this tests does matter, be careful when adding tests */
352 XCTAssert(!test_GetSupportedCiphers(ssl, server), "test_dhe: GetSupportedCiphers test failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
353 XCTAssert(!test_GetEnabledCiphers(ssl, num, ciphers), "test_dhe: GetEnabledCiphers test failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
355 CFRelease(ssl); ssl=NULL;
357 ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
358 XCTAssert(ssl, "test_dhe: SSLCreateContext(2) failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
361 XCTAssert(!test_SetEnabledCiphers(ssl), "test_dhe: SetEnabledCiphers test failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
364 if(ssl) CFRelease(ssl);
367 -(void) test_config: (SSLProtocolSide) side config: (CFStringRef) config num: (unsigned) num cipherList: (const SSLCipherSuite*) ciphers
369 SSLContextRef ssl = NULL;
370 bool server = (side == kSSLServerSide);
372 ssl = SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
373 XCTAssert(ssl, "test_config: SSLCreateContext(1) failed (%s,%@)", server?"server":"client", config);
375 XCTAssertEqual(errSecSuccess, SSLSetSessionConfig(ssl, config), "test_config: SSLSetSessionConfig failed (%s,%@)", server?"server":"client", config);
377 /* The order of this tests does matter, be careful when adding tests */
378 XCTAssert(!test_GetSupportedCiphers(ssl, server), "test_config: GetSupportedCiphers test failed (%s,%@)", server?"server":"client", config);
379 XCTAssert(!test_GetEnabledCiphers(ssl, num, ciphers), "test_config: GetEnabledCiphers test failed (%s,%@)", server?"server":"client", config);
381 CFRelease(ssl); ssl=NULL;
383 ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
384 XCTAssert(ssl, "test_config: SSLCreateContext(2) failed (%s,%@)", server?"server":"client", config);
387 XCTAssert(!test_SetEnabledCiphers(ssl), "test_config: SetEnabledCiphers test failed (%s,%@)", server?"server":"client", config);
390 if(ssl) CFRelease(ssl);
393 -(void) test_default: (SSLProtocolSide) side
395 SSLContextRef ssl = NULL;
396 bool server = (side == kSSLServerSide);
398 ssl = SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
399 XCTAssert(ssl != NULL, "test_config: SSLCreateContext(1) failed (%s)", server?"server":"client");
402 /* The order of this tests does matter, be careful when adding tests */
403 XCTAssert(!test_GetSupportedCiphers(ssl, server), "test_default: GetSupportedCiphers test failed (%s)", server?"server":"client");
404 XCTAssert(!test_GetEnabledCiphers(ssl, sizeof(default_ciphersuites)/sizeof(SSLCipherSuite), default_ciphersuites), "test_default: GetEnabledCiphers test failed (%s)", server?"server":"client");
406 CFRelease(ssl); ssl=NULL;
408 ssl = SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
409 XCTAssert(ssl, "test_default: SSLCreateContext(2) failed (%s)", server?"server":"client");
412 XCTAssert(!test_SetEnabledCiphers(ssl), "test_config: SetEnabledCiphers test failed (%s)", server?"server":"client");
420 -(void) test_get_cipher_tls_version
422 SSLContextRef ctx = NULL;
424 SSLCipherSuite *ciphers = NULL;
425 SSLProtocol sslmin, sslmax;
427 ctx = SSLCreateContext(kCFAllocatorDefault, kSSLClientSide, kSSLStreamType);
428 XCTAssert(ctx, "Error creating SSL context");
429 XCTAssertEqual(errSecSuccess, SSLGetNumberEnabledCiphers(ctx, &num_ciphers));
430 ciphers = (SSLCipherSuite *) malloc(num_ciphers * sizeof (SSLCipherSuite));
432 XCTAssertEqual(errSecSuccess, SSLGetEnabledCiphers(ctx, ciphers, &num_ciphers), "Error getting enabled ciphers");
433 for (size_t i = 0; i < num_ciphers; i++) {
434 sslmin = SSLCiphersuiteMinimumTLSVersion(ciphers[i]);
435 XCTAssertNotEqual(kSSLProtocolUnknown, sslmin);
436 sslmax = SSLCiphersuiteMaximumTLSVersion(ciphers[i]);
442 -(void) test_cipher_group_to_list
444 SSLCiphersuiteGroup group = kSSLCiphersuiteGroupDefault;
445 size_t cipher_count = 0;
446 const SSLCipherSuite *list = SSLCiphersuiteGroupToCiphersuiteList(group, &cipher_count);
447 XCTAssert(list, "Error getting cipher list for group");
450 -(void) testSSLCiphers
452 [self test_dhe:kSSLClientSide dhe_enabled:true];
453 [self test_dhe:kSSLServerSide dhe_enabled:true];
454 [self test_dhe:kSSLClientSide dhe_enabled:false];
455 [self test_dhe:kSSLServerSide dhe_enabled:false];
457 [self test_default:kSSLClientSide];
458 [self test_default:kSSLServerSide];
460 #define TEST_CONFIG(x, y) do { \
461 [self test_config:kSSLClientSide config:x num:sizeof(y)/sizeof(SSLCipherSuite) cipherList:y]; \
462 [self test_config:kSSLServerSide config:x num:sizeof(y)/sizeof(SSLCipherSuite) cipherList:y]; \
465 TEST_CONFIG(kSSLSessionConfig_ATSv1, ATSv1_ciphersuites);
466 TEST_CONFIG(kSSLSessionConfig_ATSv1_noPFS, ATSv1_noPFS_ciphersuites);
467 TEST_CONFIG(kSSLSessionConfig_legacy, legacy_ciphersuites);
468 TEST_CONFIG(kSSLSessionConfig_legacy_DHE, legacy_DHE_ciphersuites);
469 TEST_CONFIG(kSSLSessionConfig_standard, standard_ciphersuites);
470 TEST_CONFIG(kSSLSessionConfig_RC4_fallback, legacy_ciphersuites);
471 TEST_CONFIG(kSSLSessionConfig_TLSv1_fallback, default_ciphersuites);
472 TEST_CONFIG(kSSLSessionConfig_TLSv1_RC4_fallback, legacy_ciphersuites);
473 TEST_CONFIG(kSSLSessionConfig_default, default_ciphersuites);
474 TEST_CONFIG(kSSLSessionConfig_anonymous, anonymous_ciphersuites);
475 TEST_CONFIG(kSSLSessionConfig_3DES_fallback, default_ciphersuites);
476 TEST_CONFIG(kSSLSessionConfig_TLSv1_3DES_fallback, default_ciphersuites);
482 #pragma clang diagnostic pop