Merge pull request #6194 from xkqian/tls13_add_psk_client_cases
TLS 1.3: Add PSK client cases
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 33e8cc6..40e3cfd 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1327,11 +1327,11 @@
int ret = 0;
size_t selected_identity;
+ int psk_type;
const unsigned char *psk;
size_t psk_len;
const unsigned char *psk_identity;
size_t psk_identity_len;
- int psk_type;
/* Check which PSK we've offered.
*
@@ -1667,6 +1667,23 @@
return( ret );
}
+#if defined(MBEDTLS_DEBUG_C)
+static const char *ssl_tls13_get_kex_mode_str(int mode)
+{
+ switch( mode )
+ {
+ case MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK:
+ return "psk";
+ case MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL:
+ return "ephemeral";
+ case MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL:
+ return "psk_ephemeral";
+ default:
+ return "unknown mode";
+ }
+}
+#endif /* MBEDTLS_DEBUG_C */
+
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl )
{
@@ -1687,19 +1704,16 @@
/* Only the pre_shared_key extension was received */
case MBEDTLS_SSL_EXT_PRE_SHARED_KEY:
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: psk" ) );
break;
/* Only the key_share extension was received */
case MBEDTLS_SSL_EXT_KEY_SHARE:
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: ephemeral" ) );
break;
/* Both the pre_shared_key and key_share extensions were received */
case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ):
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: psk_ephemeral" ) );
break;
/* Neither pre_shared_key nor key_share extension was received */
@@ -1709,6 +1723,19 @@
goto cleanup;
}
+ if( !mbedtls_ssl_conf_tls13_check_kex_modes( ssl, handshake->key_exchange_mode ) )
+ {
+ ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+ MBEDTLS_SSL_DEBUG_MSG( 2,
+ ( "Key exchange mode(%s) is not supported.",
+ ssl_tls13_get_kex_mode_str( handshake->key_exchange_mode ) ) );
+ goto cleanup;
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "Selected key exchange mode: %s",
+ ssl_tls13_get_kex_mode_str( handshake->key_exchange_mode ) ) );
+
/* Start the TLS 1.3 key schedule: Set the PSK and derive early secret.
*
* TODO: We don't have to do this in case we offered 0-RTT and the
diff --git a/tests/data_files/simplepass.psk b/tests/data_files/simplepass.psk
new file mode 100644
index 0000000..93e7ab4
--- /dev/null
+++ b/tests/data_files/simplepass.psk
@@ -0,0 +1 @@
+0a0b0c:010203
diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh
index eda2de9..3487026 100755
--- a/tests/opt-testcases/tls13-kex-modes.sh
+++ b/tests/opt-testcases/tls13-kex-modes.sh
@@ -1629,3 +1629,1434 @@
-S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
+
+
+# Add psk test cases for mbedtls client code
+
+# MbedTls->MbedTLS kinds of tls13_kex_modes
+# PSK mode in client
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk/psk, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk$" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk/psk, fail, key id mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk/psk, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk/psk_ephemeral, fail - no common kex mode" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "ClientHello message misses mandatory extensions."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk/ephemeral, fail - no common kex mode" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "ClientHello message misses mandatory extensions."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk/ephemeral_all, fail - no common kex mode" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "ClientHello message misses mandatory extensions."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk/psk_all, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk$" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk/psk_all, fail, key id mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket" \
+ -s "ClientHello message misses mandatory extensions."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk/psk_all, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk/all, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk$" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk/all, fail, key id mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket" \
+ -s "ClientHello message misses mandatory extensions."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk/all, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+# psk_ephemeral mode in client
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_ephemeral/psk, fail - no common kex mode" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "ClientHello message misses mandatory extensions."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key id mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket" \
+ -s "ClientHello message misses mandatory extensions."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral, fail - no common kex mode" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key id mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key id mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket" \
+ -s "ClientHello message misses mandatory extensions."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_ephemeral/all, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key id mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket" \
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+# ephemeral mode in client
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral/psk, fail - no common kex mode" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
+ 1 \
+ -s "ClientHello message misses mandatory extensions."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral/psk_ephemeral, fail - no common kex mode" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
+ 1 \
+ -s "ClientHello message misses mandatory extensions."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral/ephemeral, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
+ 0 \
+ -c "Selected key exchange mode: ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral/ephemeral_all, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
+ 0 \
+ -c "Selected key exchange mode: ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral/psk_all, fail - no common kex mode" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
+ 1 \
+ -s "ClientHello message misses mandatory extensions."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral/all, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
+ 0 \
+ -c "Selected key exchange mode: ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+# ephemeral_all mode in client
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral_all/psk, fail - no common kex mode" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "ClientHello message misses mandatory extensions."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral_all/ephemeral, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "key exchange mode: ephemeral" \
+ -c "Selected key exchange mode: ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all,good,key id mismatch,fallback" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket" \
+ -s "key exchange mode: ephemeral"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral_all/psk_all, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key id mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket" \
+ -s "ClientHello message misses mandatory extensions."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral_all/all, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral_all/all, good, key id mismatch, fallback" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket" \
+ -s "key exchange mode: ephemeral"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: ephemeral_all/all, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+# psk_all mode in client
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_all/psk, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk$" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_all/psk, fail, key id mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "ClientHello message misses mandatory extensions."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_all/psk, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key id mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket" \
+ -s "ClientHello message misses mandatory extensions."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_all/ephemeral, fail - no common kex mode" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_all/ephemeral_all, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key id mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_all/psk_all, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key id mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket" \
+ -s "ClientHello message misses mandatory extensions."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_all/all, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_all/all, fail, key id mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: psk_all/all, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+# all mode in client
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: all/psk, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk$" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: all/psk, fail, key id mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket" \
+ -s "ClientHello message misses mandatory extensions."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: all/psk, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: all/psk_ephemeral, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key id mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket" \
+ -s "ClientHello message misses mandatory extensions."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: all/ephemeral, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: all/ephemeral_all, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: all/ephemeral_all, good, key id mismatch, fallback" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket" \
+ -c "Selected key exchange mode: ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: all/ephemeral_all, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: all/psk_all, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: all/psk_all, fail, key id mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket" \
+ -s "ClientHello message misses mandatory extensions."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: all/psk_all, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: all/all, good" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: all/all, good, key id mismatch, fallback" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
+ 0 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "No matched PSK or ticket" \
+ -s "key exchange mode: ephemeral"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->m: all/all, fail, key material mismatch" \
+ "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
+ 1 \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Invalid binder."
+
+#OPENSSL-SERVER psk mode
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: m->O: psk/all, good" \
+ "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
+ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ 0 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "<= write client hello" \
+ -c "Selected key exchange mode: psk$" \
+ -c "HTTP/1.0 200 ok"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: m->O: psk/ephemeral_all, fail - no common kex mode" \
+ "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
+ "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ 1 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "<= write client hello" \
+ -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer"
+
+#OPENSSL-SERVER psk_all mode
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: m->O: psk_all/all, good" \
+ "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
+ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ 0 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "<= write client hello" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 ok"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: m->O: psk_all/ephemeral_all, good" \
+ "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
+ "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ 0 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "<= write client hello" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 ok"
+
+#OPENSSL-SERVER psk_ephemeral mode
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: m->O: psk_ephemeral/all, good" \
+ "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
+ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ 0 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "<= write client hello" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 ok"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: m->O: psk_ephemeral/ephemeral_all, good" \
+ "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
+ "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ 0 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "<= write client hello" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 ok"
+
+#OPENSSL-SERVER ephemeral mode
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: m->O: ephemeral/all, good" \
+ "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex" \
+ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
+ 0 \
+ -c "=> write client hello" \
+ -c "skip psk_key_exchange_modes extension" \
+ -c "<= write client hello" \
+ -c "found key_shares extension" \
+ -c "Selected key exchange mode: ephemeral" \
+ -c "HTTP/1.0 200 ok"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: m->O: ephemeral/ephemeral_all, good" \
+ "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
+ "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
+ 0 \
+ -c "=> write client hello" \
+ -c "skip psk_key_exchange_modes extension" \
+ -c "<= write client hello" \
+ -c "found key_shares extension" \
+ -c "Selected key exchange mode: ephemeral" \
+ -c "HTTP/1.0 200 ok"
+
+#OPENSSL-SERVER ephemeral_all mode
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: m->O: ephemeral_all/all, good" \
+ "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
+ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ 0 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "<= write client hello" \
+ -c "HTTP/1.0 200 ok"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: m->O: ephemeral_all/ephemeral_all, good" \
+ "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
+ "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ 0 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "<= write client hello" \
+ -c "HTTP/1.0 200 ok"
+
+#OPENSSL-SERVER all mode
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: m->O: all/all, good" \
+ "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
+ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ 0 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "<= write client hello" \
+ -c "HTTP/1.0 200 ok"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: m->O: all/ephemeral_all, good" \
+ "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
+ "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ 0 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "<= write client hello" \
+ -c "HTTP/1.0 200 ok"
+
+#GNUTLS-SERVER psk mode
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->G: psk/all, good" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ 0 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Parsing extension 'PSK Key Exchange Modes/45'" \
+ -s "Parsing extension 'Pre Shared Key/41'" \
+ -c "<= write client hello" \
+ -c "Selected key exchange mode: psk$" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->G: psk/ephemeral_all, fail - no common kex mode" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ 1 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Parsing extension 'PSK Key Exchange Modes/45'" \
+ -s "Parsing extension 'Pre Shared Key/41'" \
+ -c "<= write client hello" \
+ -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer"
+
+#GNUTLS-SERVER psk_all mode
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->G: psk_all/all, good" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ 0 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Parsing extension 'PSK Key Exchange Modes/45'" \
+ -s "Parsing extension 'Pre Shared Key/41'" \
+ -c "<= write client hello" \
+ -c "Selected key exchange mode: psk$" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->G: psk_all/ephemeral_all, fail - no fallback" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ 1 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Parsing extension 'PSK Key Exchange Modes/45'" \
+ -s "Parsing extension 'Pre Shared Key/41'" \
+ -c "<= write client hello" \
+ -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer"
+
+#GNUTLS-SERVER psk_ephemeral mode
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->G: psk_ephemeral/all, good" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ 0 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Parsing extension 'PSK Key Exchange Modes/45'" \
+ -s "Parsing extension 'Pre Shared Key/41'" \
+ -c "<= write client hello" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->G: psk_ephemeral/ephemeral_all, good" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ 0 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Parsing extension 'PSK Key Exchange Modes/45'" \
+ -s "Parsing extension 'Pre Shared Key/41'" \
+ -c "<= write client hello" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+#GNUTLS-SERVER ephemeral mode
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->G: ephemeral/all, good" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
+ 0 \
+ -c "=> write client hello" \
+ -c "skip psk_key_exchange_modes extension" \
+ -s "Not sending extension (PSK Key Exchange Modes/45)" \
+ -c "<= write client hello" \
+ -c "Selected key exchange mode: ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->G: ephemeral/ephemeral_all, good" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
+ 0 \
+ -c "=> write client hello" \
+ -c "skip psk_key_exchange_modes extension" \
+ -s "Not sending extension (PSK Key Exchange Modes/45)" \
+ -c "<= write client hello" \
+ -c "Selected key exchange mode: ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+#GNUTLS-SERVER ephemeral_all mode
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->G: ephemeral_all/all, good" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ 0 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Parsing extension 'PSK Key Exchange Modes/45'" \
+ -s "Parsing extension 'Pre Shared Key/41'" \
+ -c "<= write client hello" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->G: ephemeral_all/ephemeral_all, good" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
+ 0 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Parsing extension 'PSK Key Exchange Modes/45'" \
+ -s "Parsing extension 'Pre Shared Key/41'" \
+ -c "<= write client hello" \
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
+
+#GNUTLS-SERVER all mode
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->G: all/all, good" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ 0 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Parsing extension 'PSK Key Exchange Modes/45'" \
+ -s "Parsing extension 'Pre Shared Key/41'" \
+ -c "<= write client hello" \
+ -c "Selected key exchange mode: psk$" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: m->G: all/ephemeral_all, good" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ 0 \
+ -c "=> write client hello" \
+ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+ -c "client hello, adding psk_key_exchange_modes extension" \
+ -c "client hello, adding PSK binder list" \
+ -s "Parsing extension 'PSK Key Exchange Modes/45'" \
+ -s "Parsing extension 'Pre Shared Key/41'" \
+ -c "<= write client hello" \
+ -c "Selected key exchange mode: ephemeral" \
+ -c "HTTP/1.0 200 OK"
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 5e4bd59..67e9cfb 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -12143,52 +12143,6 @@
-s "parse ServerName extension" \
-s "HTTP/1.0 200 OK"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-run_test "TLS 1.3, default suite, PSK" \
- "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
- "$P_CLI nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
- 0 \
- -c "=> write client hello" \
- -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
- -c "client hello, adding psk_key_exchange_modes extension" \
- -c "client hello, adding PSK binder list" \
- -c "<= write client hello"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-run_test "TLS 1.3, default suite, PSK - openssl" \
- "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
- "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
- 0 \
- -c "=> write client hello" \
- -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
- -c "client hello, adding psk_key_exchange_modes extension" \
- -c "client hello, adding PSK binder list" \
- -c "<= write client hello"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-run_test "TLS 1.3, default suite, PSK - gnutls" \
- "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+CIPHER-ALL:%NO_TICKETS --pskhint=0a0b0c" \
- "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
- 1 \
- -c "=> write client hello" \
- -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
- -c "client hello, adding psk_key_exchange_modes extension" \
- -c "client hello, adding PSK binder list" \
- -s "Parsing extension 'PSK Key Exchange Modes/45'" \
- -s "Parsing extension 'Pre Shared Key/41'" \
- -c "<= write client hello"
-
for i in opt-testcases/*.sh
do
TEST_SUITE_NAME=${i##*/}