2 * Copyright (c) 2012,2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
27 #include <Security/SecureTransportPriv.h>
28 #include <AssertMacros.h>
30 #include "ssl_regressions.h"
31 #include "ssl-utils.h"
34 #include "cipherSpecs.h"
36 static int test_GetSupportedCiphers(SSLContextRef ssl
, bool server
)
38 size_t max_ciphers
= 0;
40 SSLCipherSuite
*ciphers
= NULL
;
42 require_noerr(SSLGetNumberSupportedCiphers(ssl
, &max_ciphers
), out
);
44 size_t size
= max_ciphers
* sizeof (SSLCipherSuite
);
45 ciphers
= (SSLCipherSuite
*) malloc(size
);
47 require_string(ciphers
, out
, "out of memory");
48 memset(ciphers
, 0xff, size
);
50 size_t num_ciphers
= max_ciphers
;
51 require_noerr(SSLGetSupportedCiphers(ssl
, ciphers
, &num_ciphers
), out
);
53 for (size_t i
= 0; i
< num_ciphers
; i
++) {
54 require(ciphers
[i
]!=(SSLCipherSuite
)(-1), out
);
61 if(ciphers
) free(ciphers
);
66 static OSStatus
SocketWrite(SSLConnectionRef conn
, const void *data
, size_t *length
)
68 return errSSLWouldBlock
;
71 static OSStatus
SocketRead(SSLConnectionRef conn
, void *data
, size_t *length
)
73 return errSSLWouldBlock
;
78 static const SSLCipherSuite legacy_ciphersuites
[] = {
79 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
80 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
81 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
,
82 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
,
83 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
84 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
85 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
,
86 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
87 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
88 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
,
89 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
,
90 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
91 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
92 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
,
93 TLS_RSA_WITH_AES_256_GCM_SHA384
,
94 TLS_RSA_WITH_AES_128_GCM_SHA256
,
95 TLS_RSA_WITH_AES_256_CBC_SHA256
,
96 TLS_RSA_WITH_AES_128_CBC_SHA256
,
97 TLS_RSA_WITH_AES_256_CBC_SHA
,
98 TLS_RSA_WITH_AES_128_CBC_SHA
,
99 SSL_RSA_WITH_3DES_EDE_CBC_SHA
,
100 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
,
101 TLS_ECDHE_RSA_WITH_RC4_128_SHA
,
102 SSL_RSA_WITH_RC4_128_SHA
,
103 SSL_RSA_WITH_RC4_128_MD5
,
106 const SSLCipherSuite legacy_DHE_ciphersuites
[] = {
107 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
108 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
109 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
,
110 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
,
111 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
112 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
113 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
,
114 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
115 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
116 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
,
117 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
,
118 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
119 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
120 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
,
121 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
,
122 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
,
123 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
,
124 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
,
125 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
,
126 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
,
127 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
,
128 TLS_RSA_WITH_AES_256_GCM_SHA384
,
129 TLS_RSA_WITH_AES_128_GCM_SHA256
,
130 TLS_RSA_WITH_AES_256_CBC_SHA256
,
131 TLS_RSA_WITH_AES_128_CBC_SHA256
,
132 TLS_RSA_WITH_AES_256_CBC_SHA
,
133 TLS_RSA_WITH_AES_128_CBC_SHA
,
134 SSL_RSA_WITH_3DES_EDE_CBC_SHA
,
135 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
,
136 TLS_ECDHE_RSA_WITH_RC4_128_SHA
,
137 SSL_RSA_WITH_RC4_128_SHA
,
138 SSL_RSA_WITH_RC4_128_MD5
,
143 const SSLCipherSuite standard_ciphersuites
[] = {
144 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
145 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
146 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
,
147 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
,
148 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
149 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
150 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
151 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
152 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
,
153 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
,
154 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
155 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
156 TLS_RSA_WITH_AES_256_GCM_SHA384
,
157 TLS_RSA_WITH_AES_128_GCM_SHA256
,
158 TLS_RSA_WITH_AES_256_CBC_SHA256
,
159 TLS_RSA_WITH_AES_128_CBC_SHA256
,
160 TLS_RSA_WITH_AES_256_CBC_SHA
,
161 TLS_RSA_WITH_AES_128_CBC_SHA
,
164 const SSLCipherSuite default_ciphersuites
[] = {
165 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
166 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
167 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
,
168 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
,
169 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
170 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
171 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
,
172 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
173 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
174 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
,
175 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
,
176 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
177 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
178 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
,
179 TLS_RSA_WITH_AES_256_GCM_SHA384
,
180 TLS_RSA_WITH_AES_128_GCM_SHA256
,
181 TLS_RSA_WITH_AES_256_CBC_SHA256
,
182 TLS_RSA_WITH_AES_128_CBC_SHA256
,
183 TLS_RSA_WITH_AES_256_CBC_SHA
,
184 TLS_RSA_WITH_AES_128_CBC_SHA
,
185 SSL_RSA_WITH_3DES_EDE_CBC_SHA
,
188 const SSLCipherSuite ATSv1_ciphersuites
[] = {
189 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
190 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
191 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
,
192 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
,
193 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
194 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
195 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
196 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
197 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
,
198 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
,
199 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
200 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
203 const SSLCipherSuite ATSv1_noPFS_ciphersuites
[] = {
204 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
205 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
206 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
,
207 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
,
208 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
209 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
210 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
211 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
212 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
,
213 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
,
214 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
215 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
217 TLS_RSA_WITH_AES_256_GCM_SHA384
,
218 TLS_RSA_WITH_AES_128_GCM_SHA256
,
219 TLS_RSA_WITH_AES_256_CBC_SHA256
,
220 TLS_RSA_WITH_AES_128_CBC_SHA256
,
221 TLS_RSA_WITH_AES_256_CBC_SHA
,
222 TLS_RSA_WITH_AES_128_CBC_SHA
,
225 const SSLCipherSuite TLSv1_RC4_fallback_ciphersuites
[] = {
226 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
,
227 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
,
228 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
229 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
230 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
,
231 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
,
232 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
,
233 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
234 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
235 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
,
236 TLS_RSA_WITH_AES_256_CBC_SHA256
,
237 TLS_RSA_WITH_AES_128_CBC_SHA256
,
238 TLS_RSA_WITH_AES_256_CBC_SHA
,
239 TLS_RSA_WITH_AES_128_CBC_SHA
,
240 SSL_RSA_WITH_3DES_EDE_CBC_SHA
,
241 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
,
242 TLS_ECDHE_RSA_WITH_RC4_128_SHA
,
243 SSL_RSA_WITH_RC4_128_SHA
,
244 SSL_RSA_WITH_RC4_128_MD5
,
247 const SSLCipherSuite TLSv1_fallback_ciphersuites
[] = {
248 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
,
249 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
,
250 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
251 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
252 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
,
253 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
,
254 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
,
255 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
257 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
,
258 TLS_RSA_WITH_AES_256_CBC_SHA256
,
259 TLS_RSA_WITH_AES_128_CBC_SHA256
,
260 TLS_RSA_WITH_AES_256_CBC_SHA
,
261 TLS_RSA_WITH_AES_128_CBC_SHA
,
262 SSL_RSA_WITH_3DES_EDE_CBC_SHA
,
265 const SSLCipherSuite anonymous_ciphersuites
[] = {
266 TLS_ECDH_anon_WITH_AES_256_CBC_SHA
,
267 TLS_ECDH_anon_WITH_AES_128_CBC_SHA
,
268 TLS_DH_anon_WITH_AES_256_CBC_SHA256
,
269 TLS_DH_anon_WITH_AES_256_CBC_SHA
,
270 TLS_DH_anon_WITH_AES_128_CBC_SHA256
,
271 TLS_DH_anon_WITH_AES_128_CBC_SHA
275 static int test_GetEnabledCiphers(SSLContextRef ssl
, unsigned expected_num_ciphers
, const SSLCipherSuite
*expected_ciphers
)
280 SSLCipherSuite
*ciphers
= NULL
;
282 require_noerr(SSLSetIOFuncs(ssl
, &SocketRead
, &SocketWrite
), out
);
283 require_noerr(SSLSetConnection(ssl
, NULL
), out
);
285 require_noerr(SSLGetNumberEnabledCiphers(ssl
, &num_ciphers
), out
);
286 require_string(num_ciphers
==expected_num_ciphers
, out
, "wrong ciphersuites number");
288 size
= num_ciphers
* sizeof (SSLCipherSuite
);
289 ciphers
= (SSLCipherSuite
*) malloc(size
);
290 require_string(ciphers
, out
, "out of memory");
291 memset(ciphers
, 0xff, size
);
293 require_noerr(SSLGetEnabledCiphers(ssl
, ciphers
, &num_ciphers
), out
);
294 require_string(memcmp(ciphers
, expected_ciphers
, size
)==0, out
, "wrong ciphersuites");
299 require(SSLHandshake(ssl
) == errSSLWouldBlock
, out
);
301 require_noerr(SSLGetNumberEnabledCiphers(ssl
, &num_ciphers
), out
);
302 require_string(num_ciphers
==expected_num_ciphers
, out
, "wrong ciphersuites number");
304 size
= num_ciphers
* sizeof (SSLCipherSuite
);
305 ciphers
= (SSLCipherSuite
*) malloc(size
);
306 require_string(ciphers
, out
, "out of memory");
307 memset(ciphers
, 0xff, size
);
309 require_noerr(SSLGetEnabledCiphers(ssl
, ciphers
, &num_ciphers
), out
);
310 require_string(memcmp(ciphers
, expected_ciphers
, size
)==0, out
, "wrong ciphersuites");
320 static int test_SetEnabledCiphers(SSLContextRef ssl
)
325 /* This should not fail as long as we have one valid cipher in this table */
326 SSLCipherSuite ciphers
[] = {
327 SSL_RSA_WITH_RC2_CBC_MD5
, /* unsupported */
328 TLS_RSA_WITH_NULL_SHA
, /* supported by not enabled by default */
329 TLS_RSA_WITH_AES_128_CBC_SHA
, /* Supported and enabled by default */
332 require_noerr(SSLSetEnabledCiphers(ssl
, ciphers
, sizeof(ciphers
)/sizeof(SSLCipherSuite
)), out
);
333 require_noerr(SSLGetNumberEnabledCiphers(ssl
, &num_enabled
), out
);
335 require(num_enabled
==2, out
); /* 2 ciphers in the above table are supported */
346 test_dhe(SSLProtocolSide side
, bool dhe_enabled
)
348 SSLContextRef ssl
= NULL
;
349 bool server
= (side
== kSSLServerSide
);
351 ssl
=SSLCreateContext(kCFAllocatorDefault
, side
, kSSLStreamType
);
352 ok(ssl
, "test_dhe: SSLCreateContext(1) failed (%s, %s)", server
?"server":"client", dhe_enabled
?"enabled":"disabled");
355 ok_status(SSLSetDHEEnabled(ssl
, dhe_enabled
),"test_dhe: SSLSetDHEEnabled failed (%s, %s)", server
?"server":"client", dhe_enabled
?"enabled":"disabled");
357 unsigned num
= (dhe_enabled
?sizeof(legacy_DHE_ciphersuites
):sizeof(legacy_ciphersuites
))/sizeof(SSLCipherSuite
);
358 const SSLCipherSuite
*ciphers
= dhe_enabled
?legacy_DHE_ciphersuites
:legacy_ciphersuites
;
359 /* The order of this tests does matter, be careful when adding tests */
360 ok(!test_GetSupportedCiphers(ssl
, server
), "test_dhe: GetSupportedCiphers test failed (%s, %s)", server
?"server":"client", dhe_enabled
?"enabled":"disabled");
361 ok(!test_GetEnabledCiphers(ssl
, num
, ciphers
), "test_dhe: GetEnabledCiphers test failed (%s, %s)", server
?"server":"client", dhe_enabled
?"enabled":"disabled");
363 CFRelease(ssl
); ssl
=NULL
;
365 ssl
=SSLCreateContext(kCFAllocatorDefault
, side
, kSSLStreamType
);
366 ok(ssl
, "test_dhe: SSLCreateContext(2) failed (%s, %s)", server
?"server":"client", dhe_enabled
?"enabled":"disabled");
369 ok(!test_SetEnabledCiphers(ssl
), "test_dhe: SetEnabledCiphers test failed (%s, %s)", server
?"server":"client", dhe_enabled
?"enabled":"disabled");
372 if(ssl
) CFRelease(ssl
);
376 test_config(SSLProtocolSide side
, CFStringRef config
, unsigned num
, const SSLCipherSuite
*ciphers
)
378 SSLContextRef ssl
= NULL
;
379 bool server
= (side
== kSSLServerSide
);
381 ssl
=SSLCreateContext(kCFAllocatorDefault
, side
, kSSLStreamType
);
382 ok(ssl
, "test_config: SSLCreateContext(1) failed (%s,%@)", server
?"server":"client", config
);
385 ok_status(SSLSetSessionConfig(ssl
, config
), "test_config: SSLSetSessionConfig failed (%s,%@)", server
?"server":"client", config
);
387 /* The order of this tests does matter, be careful when adding tests */
388 ok(!test_GetSupportedCiphers(ssl
, server
), "test_config: GetSupportedCiphers test failed (%s,%@)", server
?"server":"client", config
);
389 ok(!test_GetEnabledCiphers(ssl
, num
, ciphers
), "test_config: GetEnabledCiphers test failed (%s,%@)", server
?"server":"client", config
);
391 CFRelease(ssl
); ssl
=NULL
;
393 ssl
=SSLCreateContext(kCFAllocatorDefault
, side
, kSSLStreamType
);
394 ok(ssl
, "test_config: SSLCreateContext(2) failed (%s,%@)", server
?"server":"client", config
);
397 ok(!test_SetEnabledCiphers(ssl
), "test_config: SetEnabledCiphers test failed (%s,%@)", server
?"server":"client", config
);
400 if(ssl
) CFRelease(ssl
);
404 test_default(SSLProtocolSide side
)
406 SSLContextRef ssl
= NULL
;
407 bool server
= (side
== kSSLServerSide
);
409 ssl
=SSLCreateContext(kCFAllocatorDefault
, side
, kSSLStreamType
);
410 ok(ssl
, "test_config: SSLCreateContext(1) failed (%s)", server
?"server":"client");
413 /* The order of this tests does matter, be careful when adding tests */
414 ok(!test_GetSupportedCiphers(ssl
, server
), "test_default: GetSupportedCiphers test failed (%s)", server
?"server":"client");
415 ok(!test_GetEnabledCiphers(ssl
, sizeof(default_ciphersuites
)/sizeof(SSLCipherSuite
), default_ciphersuites
), "test_default: GetEnabledCiphers test failed (%s)", server
?"server":"client");
417 CFRelease(ssl
); ssl
=NULL
;
419 ssl
=SSLCreateContext(kCFAllocatorDefault
, side
, kSSLStreamType
);
420 ok(ssl
, "test_default: SSLCreateContext(2) failed (%s)", server
?"server":"client");
423 ok(!test_SetEnabledCiphers(ssl
), "test_config: SetEnabledCiphers test failed (%s)", server
?"server":"client");
426 if(ssl
) CFRelease(ssl
);
432 int ssl_46_SSLGetSupportedCiphers(int argc
, char *const *argv
)
436 test_dhe(kSSLClientSide
, true);
437 test_dhe(kSSLServerSide
, true);
438 test_dhe(kSSLClientSide
, false);
439 test_dhe(kSSLServerSide
, false);
441 test_default(kSSLClientSide
);
442 test_default(kSSLServerSide
);
444 #define TEST_CONFIG(x, y) do { \
445 test_config(kSSLClientSide, x, sizeof(y)/sizeof(SSLCipherSuite), y); \
446 test_config(kSSLServerSide, x, sizeof(y)/sizeof(SSLCipherSuite), y); \
449 TEST_CONFIG(kSSLSessionConfig_ATSv1
, ATSv1_ciphersuites
);
450 TEST_CONFIG(kSSLSessionConfig_ATSv1_noPFS
, ATSv1_noPFS_ciphersuites
);
451 TEST_CONFIG(kSSLSessionConfig_legacy
, legacy_ciphersuites
);
452 TEST_CONFIG(kSSLSessionConfig_legacy_DHE
, legacy_DHE_ciphersuites
);
453 TEST_CONFIG(kSSLSessionConfig_standard
, standard_ciphersuites
);
454 TEST_CONFIG(kSSLSessionConfig_RC4_fallback
, legacy_ciphersuites
);
455 TEST_CONFIG(kSSLSessionConfig_TLSv1_fallback
, default_ciphersuites
);
456 TEST_CONFIG(kSSLSessionConfig_TLSv1_RC4_fallback
, legacy_ciphersuites
);
457 TEST_CONFIG(kSSLSessionConfig_default
, default_ciphersuites
);
458 TEST_CONFIG(kSSLSessionConfig_anonymous
, anonymous_ciphersuites
);
459 TEST_CONFIG(kSSLSessionConfig_3DES_fallback
, default_ciphersuites
);
460 TEST_CONFIG(kSSLSessionConfig_TLSv1_3DES_fallback
, default_ciphersuites
);