# SLH-DSA-SHA2-128s root, ML-DSA-44 entity certs (TLS 1.3 only).
#
# Requires the SHA2 SLH-DSA family to be enabled at build time, e.g.:
#     ./configure --enable-slhdsa=yes,sha2 --enable-mldsa
# Plain `--enable-slhdsa` enables only the SHAKE family, in which case
# the dispatch in tests/suites.c gates this file out and it is not run.
#
# Server-auth scenario.

# server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/slhdsa/server-mldsa44-sha2.pem
-k ./certs/slhdsa/server-mldsa44-priv.pem
-d

# client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/slhdsa/root-slhdsa-sha2-128s.pem
-C

# Mutual-auth scenario.

# server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/slhdsa/server-mldsa44-sha2.pem
-k ./certs/slhdsa/server-mldsa44-priv.pem
-A ./certs/slhdsa/root-slhdsa-sha2-128s.pem
-V
# Remove -V when CRL for SLH-DSA root certificates available.

# client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/slhdsa/client-mldsa44-sha2.pem
-k ./certs/slhdsa/client-mldsa44-priv.pem
-A ./certs/slhdsa/root-slhdsa-sha2-128s.pem
-C