TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / ab84fe8052e9dba3b61087fec604d68d59e94edf / . / tests / opt-testcases / tls13-compat.sh
blob: d5e61b165c88cf9f7b73de312b1e5508bc7b2134 [file] [log] [blame]
Gilles Peskineab84fe82024-09-13 13:53:50 +0200[diff] [blame^]1# TLS 1.3 interoperability test cases (equivalent of compat.sh for TLS 1.3).
2# They are generated by
3# `tests/scripts/generate_tls13_compat_tests.py -a -o ./tests/opt-testcases/tls13-compat.sh`.
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4#
5# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
6# AND REGENERATE THIS FILE.
Gilles Peskineab84fe82024-09-13 13:53:50 +0200[diff] [blame^]7
8# Copyright The Mbed TLS Contributors
9# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10
11DATA_FILES_PATH=../framework/data_files
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]16requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17requires_openssl_tls1_3
18run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]19 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]21 0 \
22 -s "Protocol is TLSv1.3" \
23 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
24 -s "received signature algorithm: 0x403" \
25 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]26 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]27 -C "received HelloRetryRequest message"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]28
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]29requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]30requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]31requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]32requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]33requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]34requires_openssl_tls1_3
35run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]36 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
37 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]38 0 \
39 -s "Protocol is TLSv1.3" \
40 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
41 -s "received signature algorithm: 0x503" \
42 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]43 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]44 -C "received HelloRetryRequest message"
45
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]46requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]47requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]48requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]49requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]50requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]51requires_openssl_tls1_3
52run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]53 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
54 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]55 0 \
56 -s "Protocol is TLSv1.3" \
57 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
58 -s "received signature algorithm: 0x603" \
59 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]60 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]61 -C "received HelloRetryRequest message"
62
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]63requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]64requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]65requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]66requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
67requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]68requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]69requires_openssl_tls1_3
70run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]71 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
72 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]73 0 \
74 -s "Protocol is TLSv1.3" \
75 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
76 -s "received signature algorithm: 0x804" \
77 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]78 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]79 -C "received HelloRetryRequest message"
80
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]81requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]82requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]83requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]84requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]85requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]86requires_openssl_tls1_3
87run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]88 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
89 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]90 0 \
91 -s "Protocol is TLSv1.3" \
92 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
93 -s "received signature algorithm: 0x403" \
94 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]95 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]96 -C "received HelloRetryRequest message"
97
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]98requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]99requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]100requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]101requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]102requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]103requires_openssl_tls1_3
104run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]105 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
106 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]107 0 \
108 -s "Protocol is TLSv1.3" \
109 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
110 -s "received signature algorithm: 0x503" \
111 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]112 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]113 -C "received HelloRetryRequest message"
114
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]115requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]116requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]117requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]118requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]119requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]120requires_openssl_tls1_3
121run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]122 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
123 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]124 0 \
125 -s "Protocol is TLSv1.3" \
126 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
127 -s "received signature algorithm: 0x603" \
128 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]129 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]130 -C "received HelloRetryRequest message"
131
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]132requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]133requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]134requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]135requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
136requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]137requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]138requires_openssl_tls1_3
139run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]140 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
141 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]142 0 \
143 -s "Protocol is TLSv1.3" \
144 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
145 -s "received signature algorithm: 0x804" \
146 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]147 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]148 -C "received HelloRetryRequest message"
149
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]150requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]151requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]152requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]153requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]154requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]155requires_openssl_tls1_3
156run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]157 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
158 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]159 0 \
160 -s "Protocol is TLSv1.3" \
161 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
162 -s "received signature algorithm: 0x403" \
163 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]164 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]165 -C "received HelloRetryRequest message"
166
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]167requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]168requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]169requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]170requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]171requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]172requires_openssl_tls1_3
173run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]174 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
175 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]176 0 \
177 -s "Protocol is TLSv1.3" \
178 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
179 -s "received signature algorithm: 0x503" \
180 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]181 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]182 -C "received HelloRetryRequest message"
183
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]184requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]185requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]186requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]187requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]188requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]189requires_openssl_tls1_3
190run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]191 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
192 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]193 0 \
194 -s "Protocol is TLSv1.3" \
195 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
196 -s "received signature algorithm: 0x603" \
197 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]198 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]199 -C "received HelloRetryRequest message"
200
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]201requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]202requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]203requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]204requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
205requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]206requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]207requires_openssl_tls1_3
208run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]209 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
210 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]211 0 \
212 -s "Protocol is TLSv1.3" \
213 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
214 -s "received signature algorithm: 0x804" \
215 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]216 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]217 -C "received HelloRetryRequest message"
218
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]219requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]220requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]221requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]222requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]223requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]224requires_openssl_tls1_3
225run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]226 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
227 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]228 0 \
229 -s "Protocol is TLSv1.3" \
230 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
231 -s "received signature algorithm: 0x403" \
232 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]233 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]234 -C "received HelloRetryRequest message"
235
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]236requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]237requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]238requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]239requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]240requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]241requires_openssl_tls1_3
242run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]243 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
244 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]245 0 \
246 -s "Protocol is TLSv1.3" \
247 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
248 -s "received signature algorithm: 0x503" \
249 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]250 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]251 -C "received HelloRetryRequest message"
252
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]253requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]254requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]255requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]256requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]257requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]258requires_openssl_tls1_3
259run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]260 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
261 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]262 0 \
263 -s "Protocol is TLSv1.3" \
264 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
265 -s "received signature algorithm: 0x603" \
266 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]267 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]268 -C "received HelloRetryRequest message"
269
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]270requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]271requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]272requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]273requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
274requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]275requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]276requires_openssl_tls1_3
277run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]278 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
279 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]280 0 \
281 -s "Protocol is TLSv1.3" \
282 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
283 -s "received signature algorithm: 0x804" \
284 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]285 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]286 -C "received HelloRetryRequest message"
287
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]288requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]289requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]290requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]291requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]292requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]293requires_openssl_tls1_3
294run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]295 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
296 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]297 0 \
298 -s "Protocol is TLSv1.3" \
299 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
300 -s "received signature algorithm: 0x403" \
301 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]302 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]303 -C "received HelloRetryRequest message"
304
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]305requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]306requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]307requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]308requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]309requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]310requires_openssl_tls1_3
311run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]312 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
313 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]314 0 \
315 -s "Protocol is TLSv1.3" \
316 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
317 -s "received signature algorithm: 0x503" \
318 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]319 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]320 -C "received HelloRetryRequest message"
321
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]322requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]323requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]324requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]325requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]326requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]327requires_openssl_tls1_3
328run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]329 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
330 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]331 0 \
332 -s "Protocol is TLSv1.3" \
333 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
334 -s "received signature algorithm: 0x603" \
335 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]336 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]337 -C "received HelloRetryRequest message"
338
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]339requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]340requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]341requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]342requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
343requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]344requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]345requires_openssl_tls1_3
346run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]347 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
348 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]349 0 \
350 -s "Protocol is TLSv1.3" \
351 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
352 -s "received signature algorithm: 0x804" \
353 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]354 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]355 -C "received HelloRetryRequest message"
356
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]357requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]358requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]359requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]360requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]361requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]362requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]363requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]364run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]365 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
366 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]367 0 \
368 -s "Protocol is TLSv1.3" \
369 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
370 -s "received signature algorithm: 0x403" \
371 -s "got named group: ffdhe2048(0100)" \
372 -s "Certificate verification was skipped" \
373 -C "received HelloRetryRequest message"
374
375requires_config_enabled MBEDTLS_SSL_SRV_C
376requires_config_enabled MBEDTLS_DEBUG_C
377requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
378requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]379requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]380requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]381requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]382run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]383 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
384 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]385 0 \
386 -s "Protocol is TLSv1.3" \
387 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
388 -s "received signature algorithm: 0x503" \
389 -s "got named group: ffdhe2048(0100)" \
390 -s "Certificate verification was skipped" \
391 -C "received HelloRetryRequest message"
392
393requires_config_enabled MBEDTLS_SSL_SRV_C
394requires_config_enabled MBEDTLS_DEBUG_C
395requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
396requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]397requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]398requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]399requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]400run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]401 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
402 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]403 0 \
404 -s "Protocol is TLSv1.3" \
405 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
406 -s "received signature algorithm: 0x603" \
407 -s "got named group: ffdhe2048(0100)" \
408 -s "Certificate verification was skipped" \
409 -C "received HelloRetryRequest message"
410
411requires_config_enabled MBEDTLS_SSL_SRV_C
412requires_config_enabled MBEDTLS_DEBUG_C
413requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
414requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
415requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]416requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]417requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]418requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]419run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]420 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
421 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]422 0 \
423 -s "Protocol is TLSv1.3" \
424 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
425 -s "received signature algorithm: 0x804" \
426 -s "got named group: ffdhe2048(0100)" \
427 -s "Certificate verification was skipped" \
428 -C "received HelloRetryRequest message"
429
430requires_config_enabled MBEDTLS_SSL_SRV_C
431requires_config_enabled MBEDTLS_DEBUG_C
432requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
433requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]434requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]435requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]436run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]437 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
438 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]439 0 \
440 -s "Protocol is TLSv1.3" \
441 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
442 -s "received signature algorithm: 0x403" \
443 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]444 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]445 -C "received HelloRetryRequest message"
446
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]447requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]448requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]449requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]450requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]451requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]452requires_openssl_tls1_3
453run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]454 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
455 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]456 0 \
457 -s "Protocol is TLSv1.3" \
458 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
459 -s "received signature algorithm: 0x503" \
460 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]461 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]462 -C "received HelloRetryRequest message"
463
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]464requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]465requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]466requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]467requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]468requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]469requires_openssl_tls1_3
470run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]471 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
472 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]473 0 \
474 -s "Protocol is TLSv1.3" \
475 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
476 -s "received signature algorithm: 0x603" \
477 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]478 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]479 -C "received HelloRetryRequest message"
480
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]481requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]482requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]483requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]484requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
485requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]486requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]487requires_openssl_tls1_3
488run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]489 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
490 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]491 0 \
492 -s "Protocol is TLSv1.3" \
493 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
494 -s "received signature algorithm: 0x804" \
495 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]496 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]497 -C "received HelloRetryRequest message"
498
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]499requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]500requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]501requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]502requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]503requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]504requires_openssl_tls1_3
505run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]506 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
507 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]508 0 \
509 -s "Protocol is TLSv1.3" \
510 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
511 -s "received signature algorithm: 0x403" \
512 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]513 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]514 -C "received HelloRetryRequest message"
515
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]516requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]517requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]518requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]519requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]520requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]521requires_openssl_tls1_3
522run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]523 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
524 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]525 0 \
526 -s "Protocol is TLSv1.3" \
527 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
528 -s "received signature algorithm: 0x503" \
529 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]530 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]531 -C "received HelloRetryRequest message"
532
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]533requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]534requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]535requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]536requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]537requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]538requires_openssl_tls1_3
539run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]540 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
541 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]542 0 \
543 -s "Protocol is TLSv1.3" \
544 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
545 -s "received signature algorithm: 0x603" \
546 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]547 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]548 -C "received HelloRetryRequest message"
549
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]550requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]551requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]552requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]553requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
554requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]555requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]556requires_openssl_tls1_3
557run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]558 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
559 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]560 0 \
561 -s "Protocol is TLSv1.3" \
562 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
563 -s "received signature algorithm: 0x804" \
564 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]565 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]566 -C "received HelloRetryRequest message"
567
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]568requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]569requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]570requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]571requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]572requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]573requires_openssl_tls1_3
574run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]575 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
576 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]577 0 \
578 -s "Protocol is TLSv1.3" \
579 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
580 -s "received signature algorithm: 0x403" \
581 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]582 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]583 -C "received HelloRetryRequest message"
584
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]585requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]586requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]587requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]588requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]589requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]590requires_openssl_tls1_3
591run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]592 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
593 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]594 0 \
595 -s "Protocol is TLSv1.3" \
596 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
597 -s "received signature algorithm: 0x503" \
598 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]599 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]600 -C "received HelloRetryRequest message"
601
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]602requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]603requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]604requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]605requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]606requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]607requires_openssl_tls1_3
608run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]609 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
610 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]611 0 \
612 -s "Protocol is TLSv1.3" \
613 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
614 -s "received signature algorithm: 0x603" \
615 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]616 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]617 -C "received HelloRetryRequest message"
618
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]619requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]620requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]621requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]622requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
623requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]624requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]625requires_openssl_tls1_3
626run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]627 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
628 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]629 0 \
630 -s "Protocol is TLSv1.3" \
631 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
632 -s "received signature algorithm: 0x804" \
633 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]634 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]635 -C "received HelloRetryRequest message"
636
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]637requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]638requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]639requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]640requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]641requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]642requires_openssl_tls1_3
643run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]644 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
645 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]646 0 \
647 -s "Protocol is TLSv1.3" \
648 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
649 -s "received signature algorithm: 0x403" \
650 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]651 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]652 -C "received HelloRetryRequest message"
653
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]654requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]655requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]656requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]657requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]658requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]659requires_openssl_tls1_3
660run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]661 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
662 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]663 0 \
664 -s "Protocol is TLSv1.3" \
665 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
666 -s "received signature algorithm: 0x503" \
667 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]668 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]669 -C "received HelloRetryRequest message"
670
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]671requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]672requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]673requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]674requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]675requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]676requires_openssl_tls1_3
677run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]678 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
679 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]680 0 \
681 -s "Protocol is TLSv1.3" \
682 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
683 -s "received signature algorithm: 0x603" \
684 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]685 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]686 -C "received HelloRetryRequest message"
687
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]688requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]689requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]690requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]691requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
692requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]693requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]694requires_openssl_tls1_3
695run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]696 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
697 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]698 0 \
699 -s "Protocol is TLSv1.3" \
700 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
701 -s "received signature algorithm: 0x804" \
702 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]703 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]704 -C "received HelloRetryRequest message"
705
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]706requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]707requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]708requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]709requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]710requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]711requires_openssl_tls1_3
712run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]713 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
714 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]715 0 \
716 -s "Protocol is TLSv1.3" \
717 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
718 -s "received signature algorithm: 0x403" \
719 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]720 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]721 -C "received HelloRetryRequest message"
722
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]723requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]724requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]725requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]726requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]727requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]728requires_openssl_tls1_3
729run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]730 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
731 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]732 0 \
733 -s "Protocol is TLSv1.3" \
734 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
735 -s "received signature algorithm: 0x503" \
736 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]737 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]738 -C "received HelloRetryRequest message"
739
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]740requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]741requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]742requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]743requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]744requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]745requires_openssl_tls1_3
746run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]747 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
748 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]749 0 \
750 -s "Protocol is TLSv1.3" \
751 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
752 -s "received signature algorithm: 0x603" \
753 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]754 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]755 -C "received HelloRetryRequest message"
756
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]757requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]758requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]759requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]760requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
761requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]762requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]763requires_openssl_tls1_3
764run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]765 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
766 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]767 0 \
768 -s "Protocol is TLSv1.3" \
769 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
770 -s "received signature algorithm: 0x804" \
771 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]772 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]773 -C "received HelloRetryRequest message"
774
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]775requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]776requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]777requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]778requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]779requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]780requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]781requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]782run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]783 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
784 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]785 0 \
786 -s "Protocol is TLSv1.3" \
787 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
788 -s "received signature algorithm: 0x403" \
789 -s "got named group: ffdhe2048(0100)" \
790 -s "Certificate verification was skipped" \
791 -C "received HelloRetryRequest message"
792
793requires_config_enabled MBEDTLS_SSL_SRV_C
794requires_config_enabled MBEDTLS_DEBUG_C
795requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
796requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]797requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]798requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]799requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]800run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]801 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
802 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]803 0 \
804 -s "Protocol is TLSv1.3" \
805 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
806 -s "received signature algorithm: 0x503" \
807 -s "got named group: ffdhe2048(0100)" \
808 -s "Certificate verification was skipped" \
809 -C "received HelloRetryRequest message"
810
811requires_config_enabled MBEDTLS_SSL_SRV_C
812requires_config_enabled MBEDTLS_DEBUG_C
813requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
814requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]815requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]816requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]817requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]818run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]819 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
820 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]821 0 \
822 -s "Protocol is TLSv1.3" \
823 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
824 -s "received signature algorithm: 0x603" \
825 -s "got named group: ffdhe2048(0100)" \
826 -s "Certificate verification was skipped" \
827 -C "received HelloRetryRequest message"
828
829requires_config_enabled MBEDTLS_SSL_SRV_C
830requires_config_enabled MBEDTLS_DEBUG_C
831requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
832requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
833requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]834requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]835requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]836requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]837run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]838 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
839 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]840 0 \
841 -s "Protocol is TLSv1.3" \
842 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
843 -s "received signature algorithm: 0x804" \
844 -s "got named group: ffdhe2048(0100)" \
845 -s "Certificate verification was skipped" \
846 -C "received HelloRetryRequest message"
847
848requires_config_enabled MBEDTLS_SSL_SRV_C
849requires_config_enabled MBEDTLS_DEBUG_C
850requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
851requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]852requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]853requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]854run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]855 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
856 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]857 0 \
858 -s "Protocol is TLSv1.3" \
859 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
860 -s "received signature algorithm: 0x403" \
861 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]862 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]863 -C "received HelloRetryRequest message"
864
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]865requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]866requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]867requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]868requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]869requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]870requires_openssl_tls1_3
871run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]872 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
873 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]874 0 \
875 -s "Protocol is TLSv1.3" \
876 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
877 -s "received signature algorithm: 0x503" \
878 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]879 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]880 -C "received HelloRetryRequest message"
881
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]882requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]883requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]885requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]886requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]887requires_openssl_tls1_3
888run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]889 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
890 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]891 0 \
892 -s "Protocol is TLSv1.3" \
893 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
894 -s "received signature algorithm: 0x603" \
895 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]896 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]897 -C "received HelloRetryRequest message"
898
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]899requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]900requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]901requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]902requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
903requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]904requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]905requires_openssl_tls1_3
906run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]907 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
908 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]909 0 \
910 -s "Protocol is TLSv1.3" \
911 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
912 -s "received signature algorithm: 0x804" \
913 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]914 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]915 -C "received HelloRetryRequest message"
916
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]917requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]918requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]919requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]920requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]921requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]922requires_openssl_tls1_3
923run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]924 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
925 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]926 0 \
927 -s "Protocol is TLSv1.3" \
928 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
929 -s "received signature algorithm: 0x403" \
930 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]931 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]932 -C "received HelloRetryRequest message"
933
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]934requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]935requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]936requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]937requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]938requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]939requires_openssl_tls1_3
940run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]941 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
942 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]943 0 \
944 -s "Protocol is TLSv1.3" \
945 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
946 -s "received signature algorithm: 0x503" \
947 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]948 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]949 -C "received HelloRetryRequest message"
950
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]951requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]952requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]953requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]954requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]955requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]956requires_openssl_tls1_3
957run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]958 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
959 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]960 0 \
961 -s "Protocol is TLSv1.3" \
962 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
963 -s "received signature algorithm: 0x603" \
964 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]965 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]966 -C "received HelloRetryRequest message"
967
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]968requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]969requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]970requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]971requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
972requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]973requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]974requires_openssl_tls1_3
975run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]976 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
977 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]978 0 \
979 -s "Protocol is TLSv1.3" \
980 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
981 -s "received signature algorithm: 0x804" \
982 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]983 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]984 -C "received HelloRetryRequest message"
985
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]986requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]987requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]988requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]989requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]990requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]991requires_openssl_tls1_3
992run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]993 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
994 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]995 0 \
996 -s "Protocol is TLSv1.3" \
997 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
998 -s "received signature algorithm: 0x403" \
999 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1000 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1001 -C "received HelloRetryRequest message"
1002
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1003requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1004requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1005requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1006requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1007requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1008requires_openssl_tls1_3
1009run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1010 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1011 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1012 0 \
1013 -s "Protocol is TLSv1.3" \
1014 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1015 -s "received signature algorithm: 0x503" \
1016 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1017 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1018 -C "received HelloRetryRequest message"
1019
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1020requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1021requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1022requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1023requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1024requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1025requires_openssl_tls1_3
1026run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1027 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1028 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1029 0 \
1030 -s "Protocol is TLSv1.3" \
1031 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1032 -s "received signature algorithm: 0x603" \
1033 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1034 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1035 -C "received HelloRetryRequest message"
1036
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1037requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1038requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1039requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1040requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1041requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1042requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1043requires_openssl_tls1_3
1044run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1045 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1046 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1047 0 \
1048 -s "Protocol is TLSv1.3" \
1049 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1050 -s "received signature algorithm: 0x804" \
1051 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1052 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1053 -C "received HelloRetryRequest message"
1054
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1055requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1056requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1057requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1058requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1059requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1060requires_openssl_tls1_3
1061run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1062 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1063 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1064 0 \
1065 -s "Protocol is TLSv1.3" \
1066 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1067 -s "received signature algorithm: 0x403" \
1068 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1069 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1070 -C "received HelloRetryRequest message"
1071
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1072requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1073requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1074requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1075requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1076requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1077requires_openssl_tls1_3
1078run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1079 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1080 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1081 0 \
1082 -s "Protocol is TLSv1.3" \
1083 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1084 -s "received signature algorithm: 0x503" \
1085 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1086 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1087 -C "received HelloRetryRequest message"
1088
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1089requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1090requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1091requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1092requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1093requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1094requires_openssl_tls1_3
1095run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1096 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1097 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1098 0 \
1099 -s "Protocol is TLSv1.3" \
1100 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1101 -s "received signature algorithm: 0x603" \
1102 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1103 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1104 -C "received HelloRetryRequest message"
1105
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1106requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1107requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1108requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1109requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1110requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1111requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1112requires_openssl_tls1_3
1113run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1114 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1115 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1116 0 \
1117 -s "Protocol is TLSv1.3" \
1118 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1119 -s "received signature algorithm: 0x804" \
1120 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1121 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1122 -C "received HelloRetryRequest message"
1123
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1124requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1125requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1126requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1127requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1128requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1129requires_openssl_tls1_3
1130run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1131 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1132 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1133 0 \
1134 -s "Protocol is TLSv1.3" \
1135 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1136 -s "received signature algorithm: 0x403" \
1137 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1138 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1139 -C "received HelloRetryRequest message"
1140
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1141requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1142requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1143requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1144requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1145requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1146requires_openssl_tls1_3
1147run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1148 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1149 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1150 0 \
1151 -s "Protocol is TLSv1.3" \
1152 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1153 -s "received signature algorithm: 0x503" \
1154 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1155 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1156 -C "received HelloRetryRequest message"
1157
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1158requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1159requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1160requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1161requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1162requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1163requires_openssl_tls1_3
1164run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1165 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1166 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1167 0 \
1168 -s "Protocol is TLSv1.3" \
1169 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1170 -s "received signature algorithm: 0x603" \
1171 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1172 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1173 -C "received HelloRetryRequest message"
1174
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1175requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1176requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1177requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1178requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1179requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1180requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1181requires_openssl_tls1_3
1182run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1183 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1184 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1185 0 \
1186 -s "Protocol is TLSv1.3" \
1187 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1188 -s "received signature algorithm: 0x804" \
1189 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1190 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1191 -C "received HelloRetryRequest message"
1192
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1193requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1194requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1195requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1196requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1197requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]1198requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1199requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1200run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1201 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1202 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1203 0 \
1204 -s "Protocol is TLSv1.3" \
1205 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1206 -s "received signature algorithm: 0x403" \
1207 -s "got named group: ffdhe2048(0100)" \
1208 -s "Certificate verification was skipped" \
1209 -C "received HelloRetryRequest message"
1210
1211requires_config_enabled MBEDTLS_SSL_SRV_C
1212requires_config_enabled MBEDTLS_DEBUG_C
1213requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1214requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1215requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]1216requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1217requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1218run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1219 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1220 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1221 0 \
1222 -s "Protocol is TLSv1.3" \
1223 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1224 -s "received signature algorithm: 0x503" \
1225 -s "got named group: ffdhe2048(0100)" \
1226 -s "Certificate verification was skipped" \
1227 -C "received HelloRetryRequest message"
1228
1229requires_config_enabled MBEDTLS_SSL_SRV_C
1230requires_config_enabled MBEDTLS_DEBUG_C
1231requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1232requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1233requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]1234requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1235requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1236run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1237 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1238 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1239 0 \
1240 -s "Protocol is TLSv1.3" \
1241 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1242 -s "received signature algorithm: 0x603" \
1243 -s "got named group: ffdhe2048(0100)" \
1244 -s "Certificate verification was skipped" \
1245 -C "received HelloRetryRequest message"
1246
1247requires_config_enabled MBEDTLS_SSL_SRV_C
1248requires_config_enabled MBEDTLS_DEBUG_C
1249requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1250requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1251requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1252requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]1253requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1254requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1255run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1256 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1257 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1258 0 \
1259 -s "Protocol is TLSv1.3" \
1260 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1261 -s "received signature algorithm: 0x804" \
1262 -s "got named group: ffdhe2048(0100)" \
1263 -s "Certificate verification was skipped" \
1264 -C "received HelloRetryRequest message"
1265
1266requires_config_enabled MBEDTLS_SSL_SRV_C
1267requires_config_enabled MBEDTLS_DEBUG_C
1268requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1269requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1270requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1271requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1272run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1273 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1274 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1275 0 \
1276 -s "Protocol is TLSv1.3" \
1277 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1278 -s "received signature algorithm: 0x403" \
1279 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1280 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1281 -C "received HelloRetryRequest message"
1282
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1283requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1284requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1285requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1286requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1287requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1288requires_openssl_tls1_3
1289run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1290 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1291 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1292 0 \
1293 -s "Protocol is TLSv1.3" \
1294 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1295 -s "received signature algorithm: 0x503" \
1296 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1297 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1298 -C "received HelloRetryRequest message"
1299
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1300requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1301requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1302requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1303requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1304requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1305requires_openssl_tls1_3
1306run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1307 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1308 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1309 0 \
1310 -s "Protocol is TLSv1.3" \
1311 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1312 -s "received signature algorithm: 0x603" \
1313 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1314 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1315 -C "received HelloRetryRequest message"
1316
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1317requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1318requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1319requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1320requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1321requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1322requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1323requires_openssl_tls1_3
1324run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1325 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1326 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1327 0 \
1328 -s "Protocol is TLSv1.3" \
1329 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1330 -s "received signature algorithm: 0x804" \
1331 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1332 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1333 -C "received HelloRetryRequest message"
1334
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1335requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1336requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1337requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1338requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1339requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1340requires_openssl_tls1_3
1341run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1342 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1343 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1344 0 \
1345 -s "Protocol is TLSv1.3" \
1346 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1347 -s "received signature algorithm: 0x403" \
1348 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1349 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1350 -C "received HelloRetryRequest message"
1351
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1352requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1353requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1354requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1355requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1356requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1357requires_openssl_tls1_3
1358run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1359 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1360 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1361 0 \
1362 -s "Protocol is TLSv1.3" \
1363 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1364 -s "received signature algorithm: 0x503" \
1365 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1366 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1367 -C "received HelloRetryRequest message"
1368
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1369requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1370requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1371requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1372requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1373requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1374requires_openssl_tls1_3
1375run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1376 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1377 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1378 0 \
1379 -s "Protocol is TLSv1.3" \
1380 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1381 -s "received signature algorithm: 0x603" \
1382 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1383 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1384 -C "received HelloRetryRequest message"
1385
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1386requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1387requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1388requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1389requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1390requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1391requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1392requires_openssl_tls1_3
1393run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1394 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1395 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1396 0 \
1397 -s "Protocol is TLSv1.3" \
1398 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1399 -s "received signature algorithm: 0x804" \
1400 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1401 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1402 -C "received HelloRetryRequest message"
1403
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1404requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1405requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1406requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1407requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1408requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1409requires_openssl_tls1_3
1410run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1411 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1412 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1413 0 \
1414 -s "Protocol is TLSv1.3" \
1415 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1416 -s "received signature algorithm: 0x403" \
1417 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1418 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1419 -C "received HelloRetryRequest message"
1420
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1421requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1422requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1423requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1424requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1425requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1426requires_openssl_tls1_3
1427run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1428 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1429 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1430 0 \
1431 -s "Protocol is TLSv1.3" \
1432 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1433 -s "received signature algorithm: 0x503" \
1434 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1435 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1436 -C "received HelloRetryRequest message"
1437
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1438requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1439requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1440requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1441requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1442requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1443requires_openssl_tls1_3
1444run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1445 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1446 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1447 0 \
1448 -s "Protocol is TLSv1.3" \
1449 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1450 -s "received signature algorithm: 0x603" \
1451 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1452 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1453 -C "received HelloRetryRequest message"
1454
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1455requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1456requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1457requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1458requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1459requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1460requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1461requires_openssl_tls1_3
1462run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1463 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1464 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1465 0 \
1466 -s "Protocol is TLSv1.3" \
1467 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1468 -s "received signature algorithm: 0x804" \
1469 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1470 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1471 -C "received HelloRetryRequest message"
1472
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1473requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1474requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1475requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1476requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1477requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1478requires_openssl_tls1_3
1479run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1480 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1481 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1482 0 \
1483 -s "Protocol is TLSv1.3" \
1484 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1485 -s "received signature algorithm: 0x403" \
1486 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1487 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1488 -C "received HelloRetryRequest message"
1489
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1490requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1491requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1492requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1493requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1494requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1495requires_openssl_tls1_3
1496run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1497 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1498 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1499 0 \
1500 -s "Protocol is TLSv1.3" \
1501 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1502 -s "received signature algorithm: 0x503" \
1503 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1504 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1505 -C "received HelloRetryRequest message"
1506
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1507requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1508requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1509requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1510requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1511requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1512requires_openssl_tls1_3
1513run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1514 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1515 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1516 0 \
1517 -s "Protocol is TLSv1.3" \
1518 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1519 -s "received signature algorithm: 0x603" \
1520 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1521 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1522 -C "received HelloRetryRequest message"
1523
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1524requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1525requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1526requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1527requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1528requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1529requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1530requires_openssl_tls1_3
1531run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1532 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1533 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1534 0 \
1535 -s "Protocol is TLSv1.3" \
1536 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1537 -s "received signature algorithm: 0x804" \
1538 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1539 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1540 -C "received HelloRetryRequest message"
1541
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1542requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1543requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1544requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1545requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1546requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1547requires_openssl_tls1_3
1548run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1549 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1550 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1551 0 \
1552 -s "Protocol is TLSv1.3" \
1553 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1554 -s "received signature algorithm: 0x403" \
1555 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1556 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1557 -C "received HelloRetryRequest message"
1558
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1559requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1560requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1561requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1562requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1563requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1564requires_openssl_tls1_3
1565run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1566 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1567 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1568 0 \
1569 -s "Protocol is TLSv1.3" \
1570 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1571 -s "received signature algorithm: 0x503" \
1572 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1573 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1574 -C "received HelloRetryRequest message"
1575
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1576requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1577requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1578requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1579requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1580requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1581requires_openssl_tls1_3
1582run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1583 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1584 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1585 0 \
1586 -s "Protocol is TLSv1.3" \
1587 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1588 -s "received signature algorithm: 0x603" \
1589 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1590 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1591 -C "received HelloRetryRequest message"
1592
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1593requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1594requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1595requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1596requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1597requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1598requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1599requires_openssl_tls1_3
1600run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1601 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1602 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1603 0 \
1604 -s "Protocol is TLSv1.3" \
1605 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1606 -s "received signature algorithm: 0x804" \
1607 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1608 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1609 -C "received HelloRetryRequest message"
1610
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1611requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1612requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1613requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1614requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1615requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]1616requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1617requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1618run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1619 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1620 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1621 0 \
1622 -s "Protocol is TLSv1.3" \
1623 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1624 -s "received signature algorithm: 0x403" \
1625 -s "got named group: ffdhe2048(0100)" \
1626 -s "Certificate verification was skipped" \
1627 -C "received HelloRetryRequest message"
1628
1629requires_config_enabled MBEDTLS_SSL_SRV_C
1630requires_config_enabled MBEDTLS_DEBUG_C
1631requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1632requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1633requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]1634requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1635requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1636run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1637 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1638 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1639 0 \
1640 -s "Protocol is TLSv1.3" \
1641 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1642 -s "received signature algorithm: 0x503" \
1643 -s "got named group: ffdhe2048(0100)" \
1644 -s "Certificate verification was skipped" \
1645 -C "received HelloRetryRequest message"
1646
1647requires_config_enabled MBEDTLS_SSL_SRV_C
1648requires_config_enabled MBEDTLS_DEBUG_C
1649requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1650requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1651requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]1652requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1653requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1654run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1655 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1656 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1657 0 \
1658 -s "Protocol is TLSv1.3" \
1659 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1660 -s "received signature algorithm: 0x603" \
1661 -s "got named group: ffdhe2048(0100)" \
1662 -s "Certificate verification was skipped" \
1663 -C "received HelloRetryRequest message"
1664
1665requires_config_enabled MBEDTLS_SSL_SRV_C
1666requires_config_enabled MBEDTLS_DEBUG_C
1667requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1668requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1669requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1670requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]1671requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1672requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1673run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1674 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1675 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1676 0 \
1677 -s "Protocol is TLSv1.3" \
1678 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1679 -s "received signature algorithm: 0x804" \
1680 -s "got named group: ffdhe2048(0100)" \
1681 -s "Certificate verification was skipped" \
1682 -C "received HelloRetryRequest message"
1683
1684requires_config_enabled MBEDTLS_SSL_SRV_C
1685requires_config_enabled MBEDTLS_DEBUG_C
1686requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1687requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1688requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1689requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1690run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1691 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1692 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1693 0 \
1694 -s "Protocol is TLSv1.3" \
1695 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1696 -s "received signature algorithm: 0x403" \
1697 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1698 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1699 -C "received HelloRetryRequest message"
1700
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1701requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1702requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1703requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1704requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1705requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1706requires_openssl_tls1_3
1707run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1708 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1709 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1710 0 \
1711 -s "Protocol is TLSv1.3" \
1712 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1713 -s "received signature algorithm: 0x503" \
1714 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1715 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1716 -C "received HelloRetryRequest message"
1717
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1718requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1719requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1720requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1721requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1722requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1723requires_openssl_tls1_3
1724run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1725 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1726 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1727 0 \
1728 -s "Protocol is TLSv1.3" \
1729 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1730 -s "received signature algorithm: 0x603" \
1731 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1732 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1733 -C "received HelloRetryRequest message"
1734
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1735requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1736requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1737requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1738requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1739requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1740requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1741requires_openssl_tls1_3
1742run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1743 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1744 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1745 0 \
1746 -s "Protocol is TLSv1.3" \
1747 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1748 -s "received signature algorithm: 0x804" \
1749 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1750 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1751 -C "received HelloRetryRequest message"
1752
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1753requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1754requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1755requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1756requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1757requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1758requires_openssl_tls1_3
1759run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1760 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1761 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1762 0 \
1763 -s "Protocol is TLSv1.3" \
1764 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1765 -s "received signature algorithm: 0x403" \
1766 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1767 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1768 -C "received HelloRetryRequest message"
1769
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1770requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1771requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1772requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1773requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1774requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1775requires_openssl_tls1_3
1776run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1777 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1778 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1779 0 \
1780 -s "Protocol is TLSv1.3" \
1781 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1782 -s "received signature algorithm: 0x503" \
1783 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1784 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1785 -C "received HelloRetryRequest message"
1786
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1787requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1788requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1789requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1790requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1791requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1792requires_openssl_tls1_3
1793run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1794 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1795 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1796 0 \
1797 -s "Protocol is TLSv1.3" \
1798 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1799 -s "received signature algorithm: 0x603" \
1800 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1801 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1802 -C "received HelloRetryRequest message"
1803
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1804requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1805requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1806requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1807requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1808requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1809requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1810requires_openssl_tls1_3
1811run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1812 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1813 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1814 0 \
1815 -s "Protocol is TLSv1.3" \
1816 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1817 -s "received signature algorithm: 0x804" \
1818 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1819 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1820 -C "received HelloRetryRequest message"
1821
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1822requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1823requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1824requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1825requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1826requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1827requires_openssl_tls1_3
1828run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1829 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1830 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1831 0 \
1832 -s "Protocol is TLSv1.3" \
1833 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1834 -s "received signature algorithm: 0x403" \
1835 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1836 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1837 -C "received HelloRetryRequest message"
1838
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1839requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1840requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1841requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1842requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1843requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1844requires_openssl_tls1_3
1845run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1846 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1847 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1848 0 \
1849 -s "Protocol is TLSv1.3" \
1850 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1851 -s "received signature algorithm: 0x503" \
1852 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1853 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1854 -C "received HelloRetryRequest message"
1855
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1856requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1857requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1858requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1859requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1860requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1861requires_openssl_tls1_3
1862run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1863 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1864 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1865 0 \
1866 -s "Protocol is TLSv1.3" \
1867 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1868 -s "received signature algorithm: 0x603" \
1869 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1870 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1871 -C "received HelloRetryRequest message"
1872
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1873requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1874requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1875requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1876requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1877requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1878requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1879requires_openssl_tls1_3
1880run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1881 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1882 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1883 0 \
1884 -s "Protocol is TLSv1.3" \
1885 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1886 -s "received signature algorithm: 0x804" \
1887 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1888 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1889 -C "received HelloRetryRequest message"
1890
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1891requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1892requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1893requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1894requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1895requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1896requires_openssl_tls1_3
1897run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1898 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1899 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1900 0 \
1901 -s "Protocol is TLSv1.3" \
1902 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1903 -s "received signature algorithm: 0x403" \
1904 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1905 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1906 -C "received HelloRetryRequest message"
1907
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1908requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1909requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1910requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1911requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1912requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1913requires_openssl_tls1_3
1914run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1915 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1916 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1917 0 \
1918 -s "Protocol is TLSv1.3" \
1919 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1920 -s "received signature algorithm: 0x503" \
1921 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1922 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1923 -C "received HelloRetryRequest message"
1924
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1925requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1926requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1927requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1928requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1929requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1930requires_openssl_tls1_3
1931run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1932 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1933 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1934 0 \
1935 -s "Protocol is TLSv1.3" \
1936 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1937 -s "received signature algorithm: 0x603" \
1938 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1939 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1940 -C "received HelloRetryRequest message"
1941
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1942requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1943requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1944requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1945requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1946requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1947requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1948requires_openssl_tls1_3
1949run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1950 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1951 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1952 0 \
1953 -s "Protocol is TLSv1.3" \
1954 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1955 -s "received signature algorithm: 0x804" \
1956 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1957 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1958 -C "received HelloRetryRequest message"
1959
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1960requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1961requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1962requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1963requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1964requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1965requires_openssl_tls1_3
1966run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1967 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1968 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1969 0 \
1970 -s "Protocol is TLSv1.3" \
1971 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1972 -s "received signature algorithm: 0x403" \
1973 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1974 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1975 -C "received HelloRetryRequest message"
1976
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1977requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1978requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1979requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1980requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1981requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1982requires_openssl_tls1_3
1983run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]1984 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1985 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1986 0 \
1987 -s "Protocol is TLSv1.3" \
1988 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1989 -s "received signature algorithm: 0x503" \
1990 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1991 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1992 -C "received HelloRetryRequest message"
1993
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1994requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1995requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1996requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1997requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1998requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1999requires_openssl_tls1_3
2000run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2001 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2002 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2003 0 \
2004 -s "Protocol is TLSv1.3" \
2005 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2006 -s "received signature algorithm: 0x603" \
2007 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2008 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2009 -C "received HelloRetryRequest message"
2010
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2011requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2012requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2013requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2014requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2015requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2016requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2017requires_openssl_tls1_3
2018run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2019 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2020 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2021 0 \
2022 -s "Protocol is TLSv1.3" \
2023 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2024 -s "received signature algorithm: 0x804" \
2025 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2026 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2027 -C "received HelloRetryRequest message"
2028
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2029requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2030requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2031requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2032requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2033requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2034requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]2035requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2036run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2037 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2038 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2039 0 \
2040 -s "Protocol is TLSv1.3" \
2041 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2042 -s "received signature algorithm: 0x403" \
2043 -s "got named group: ffdhe2048(0100)" \
2044 -s "Certificate verification was skipped" \
2045 -C "received HelloRetryRequest message"
2046
2047requires_config_enabled MBEDTLS_SSL_SRV_C
2048requires_config_enabled MBEDTLS_DEBUG_C
2049requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2050requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2051requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2052requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]2053requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2054run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2055 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2056 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2057 0 \
2058 -s "Protocol is TLSv1.3" \
2059 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2060 -s "received signature algorithm: 0x503" \
2061 -s "got named group: ffdhe2048(0100)" \
2062 -s "Certificate verification was skipped" \
2063 -C "received HelloRetryRequest message"
2064
2065requires_config_enabled MBEDTLS_SSL_SRV_C
2066requires_config_enabled MBEDTLS_DEBUG_C
2067requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2068requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2069requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2070requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]2071requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2072run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2073 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2074 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2075 0 \
2076 -s "Protocol is TLSv1.3" \
2077 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2078 -s "received signature algorithm: 0x603" \
2079 -s "got named group: ffdhe2048(0100)" \
2080 -s "Certificate verification was skipped" \
2081 -C "received HelloRetryRequest message"
2082
2083requires_config_enabled MBEDTLS_SSL_SRV_C
2084requires_config_enabled MBEDTLS_DEBUG_C
2085requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2086requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2087requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2088requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2089requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]2090requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2091run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2092 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2093 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2094 0 \
2095 -s "Protocol is TLSv1.3" \
2096 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2097 -s "received signature algorithm: 0x804" \
2098 -s "got named group: ffdhe2048(0100)" \
2099 -s "Certificate verification was skipped" \
2100 -C "received HelloRetryRequest message"
2101
2102requires_config_enabled MBEDTLS_SSL_SRV_C
2103requires_config_enabled MBEDTLS_DEBUG_C
2104requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2105requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2106requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2107requires_gnutls_tls1_3
2108requires_gnutls_next_no_ticket
2109requires_gnutls_next_disable_tls13_compat
2110run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2111 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2112 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2113 0 \
2114 -s "Protocol is TLSv1.3" \
2115 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2116 -s "received signature algorithm: 0x403" \
2117 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2118 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2119 -C "received HelloRetryRequest message"
2120
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2121requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2122requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2123requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2124requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2125requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2126requires_gnutls_tls1_3
2127requires_gnutls_next_no_ticket
2128requires_gnutls_next_disable_tls13_compat
2129run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2130 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2131 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2132 0 \
2133 -s "Protocol is TLSv1.3" \
2134 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2135 -s "received signature algorithm: 0x503" \
2136 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2137 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2138 -C "received HelloRetryRequest message"
2139
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2140requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2141requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2142requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2143requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2144requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2145requires_gnutls_tls1_3
2146requires_gnutls_next_no_ticket
2147requires_gnutls_next_disable_tls13_compat
2148run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2149 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2150 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2151 0 \
2152 -s "Protocol is TLSv1.3" \
2153 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2154 -s "received signature algorithm: 0x603" \
2155 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2156 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2157 -C "received HelloRetryRequest message"
2158
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2159requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2160requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2161requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2162requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2163requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2164requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2165requires_gnutls_tls1_3
2166requires_gnutls_next_no_ticket
2167requires_gnutls_next_disable_tls13_compat
2168run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2169 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2170 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2171 0 \
2172 -s "Protocol is TLSv1.3" \
2173 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2174 -s "received signature algorithm: 0x804" \
2175 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2176 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2177 -C "received HelloRetryRequest message"
2178
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2179requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2180requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2181requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2182requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2183requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2184requires_gnutls_tls1_3
2185requires_gnutls_next_no_ticket
2186requires_gnutls_next_disable_tls13_compat
2187run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2188 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2189 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2190 0 \
2191 -s "Protocol is TLSv1.3" \
2192 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2193 -s "received signature algorithm: 0x403" \
2194 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2195 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2196 -C "received HelloRetryRequest message"
2197
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2198requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2199requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2200requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2201requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2202requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2203requires_gnutls_tls1_3
2204requires_gnutls_next_no_ticket
2205requires_gnutls_next_disable_tls13_compat
2206run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2207 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2208 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2209 0 \
2210 -s "Protocol is TLSv1.3" \
2211 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2212 -s "received signature algorithm: 0x503" \
2213 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2214 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2215 -C "received HelloRetryRequest message"
2216
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2217requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2218requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2219requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2220requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2221requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2222requires_gnutls_tls1_3
2223requires_gnutls_next_no_ticket
2224requires_gnutls_next_disable_tls13_compat
2225run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2226 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2227 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2228 0 \
2229 -s "Protocol is TLSv1.3" \
2230 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2231 -s "received signature algorithm: 0x603" \
2232 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2233 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2234 -C "received HelloRetryRequest message"
2235
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2236requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2237requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2238requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2239requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2240requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2241requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2242requires_gnutls_tls1_3
2243requires_gnutls_next_no_ticket
2244requires_gnutls_next_disable_tls13_compat
2245run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2246 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2247 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2248 0 \
2249 -s "Protocol is TLSv1.3" \
2250 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2251 -s "received signature algorithm: 0x804" \
2252 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2253 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2254 -C "received HelloRetryRequest message"
2255
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2256requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2257requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2258requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2259requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2260requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2261requires_gnutls_tls1_3
2262requires_gnutls_next_no_ticket
2263requires_gnutls_next_disable_tls13_compat
2264run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2265 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2266 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2267 0 \
2268 -s "Protocol is TLSv1.3" \
2269 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2270 -s "received signature algorithm: 0x403" \
2271 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2272 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2273 -C "received HelloRetryRequest message"
2274
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2275requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2276requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2277requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2278requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2279requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2280requires_gnutls_tls1_3
2281requires_gnutls_next_no_ticket
2282requires_gnutls_next_disable_tls13_compat
2283run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2284 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2285 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2286 0 \
2287 -s "Protocol is TLSv1.3" \
2288 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2289 -s "received signature algorithm: 0x503" \
2290 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2291 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2292 -C "received HelloRetryRequest message"
2293
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2294requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2295requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2296requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2297requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2298requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2299requires_gnutls_tls1_3
2300requires_gnutls_next_no_ticket
2301requires_gnutls_next_disable_tls13_compat
2302run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2303 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2304 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2305 0 \
2306 -s "Protocol is TLSv1.3" \
2307 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2308 -s "received signature algorithm: 0x603" \
2309 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2310 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2311 -C "received HelloRetryRequest message"
2312
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2313requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2314requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2315requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2316requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2317requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2318requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2319requires_gnutls_tls1_3
2320requires_gnutls_next_no_ticket
2321requires_gnutls_next_disable_tls13_compat
2322run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2323 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2324 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2325 0 \
2326 -s "Protocol is TLSv1.3" \
2327 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2328 -s "received signature algorithm: 0x804" \
2329 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2330 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2331 -C "received HelloRetryRequest message"
2332
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2333requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2334requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2335requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2336requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2337requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2338requires_gnutls_tls1_3
2339requires_gnutls_next_no_ticket
2340requires_gnutls_next_disable_tls13_compat
2341run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2342 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2343 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2344 0 \
2345 -s "Protocol is TLSv1.3" \
2346 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2347 -s "received signature algorithm: 0x403" \
2348 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2349 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2350 -C "received HelloRetryRequest message"
2351
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2352requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2353requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2354requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2355requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2356requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2357requires_gnutls_tls1_3
2358requires_gnutls_next_no_ticket
2359requires_gnutls_next_disable_tls13_compat
2360run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2361 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2362 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2363 0 \
2364 -s "Protocol is TLSv1.3" \
2365 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2366 -s "received signature algorithm: 0x503" \
2367 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2368 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2369 -C "received HelloRetryRequest message"
2370
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2371requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2372requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2373requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2374requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2375requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2376requires_gnutls_tls1_3
2377requires_gnutls_next_no_ticket
2378requires_gnutls_next_disable_tls13_compat
2379run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2380 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2381 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2382 0 \
2383 -s "Protocol is TLSv1.3" \
2384 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2385 -s "received signature algorithm: 0x603" \
2386 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2387 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2388 -C "received HelloRetryRequest message"
2389
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2390requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2391requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2392requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2393requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2394requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2395requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2396requires_gnutls_tls1_3
2397requires_gnutls_next_no_ticket
2398requires_gnutls_next_disable_tls13_compat
2399run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2400 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2401 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2402 0 \
2403 -s "Protocol is TLSv1.3" \
2404 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2405 -s "received signature algorithm: 0x804" \
2406 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2407 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2408 -C "received HelloRetryRequest message"
2409
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2410requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2411requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2412requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2413requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2414requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2415requires_gnutls_tls1_3
2416requires_gnutls_next_no_ticket
2417requires_gnutls_next_disable_tls13_compat
2418run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2419 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2420 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2421 0 \
2422 -s "Protocol is TLSv1.3" \
2423 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2424 -s "received signature algorithm: 0x403" \
2425 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2426 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2427 -C "received HelloRetryRequest message"
2428
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2429requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2430requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2431requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2432requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2433requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2434requires_gnutls_tls1_3
2435requires_gnutls_next_no_ticket
2436requires_gnutls_next_disable_tls13_compat
2437run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2438 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2439 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2440 0 \
2441 -s "Protocol is TLSv1.3" \
2442 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2443 -s "received signature algorithm: 0x503" \
2444 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2445 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2446 -C "received HelloRetryRequest message"
2447
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2448requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2449requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2450requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2451requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2452requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2453requires_gnutls_tls1_3
2454requires_gnutls_next_no_ticket
2455requires_gnutls_next_disable_tls13_compat
2456run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2457 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2458 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2459 0 \
2460 -s "Protocol is TLSv1.3" \
2461 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2462 -s "received signature algorithm: 0x603" \
2463 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2464 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2465 -C "received HelloRetryRequest message"
2466
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2467requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2468requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2469requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2470requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2471requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2472requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2473requires_gnutls_tls1_3
2474requires_gnutls_next_no_ticket
2475requires_gnutls_next_disable_tls13_compat
2476run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2477 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2478 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2479 0 \
2480 -s "Protocol is TLSv1.3" \
2481 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2482 -s "received signature algorithm: 0x804" \
2483 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2484 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2485 -C "received HelloRetryRequest message"
2486
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2487requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2488requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2489requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2490requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2491requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2492requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2493requires_gnutls_tls1_3
2494requires_gnutls_next_no_ticket
2495requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2496run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2497 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2498 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2499 0 \
2500 -s "Protocol is TLSv1.3" \
2501 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2502 -s "received signature algorithm: 0x403" \
2503 -s "got named group: ffdhe2048(0100)" \
2504 -s "Certificate verification was skipped" \
2505 -C "received HelloRetryRequest message"
2506
2507requires_config_enabled MBEDTLS_SSL_SRV_C
2508requires_config_enabled MBEDTLS_DEBUG_C
2509requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2510requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2511requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2512requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2513requires_gnutls_tls1_3
2514requires_gnutls_next_no_ticket
2515requires_gnutls_next_disable_tls13_compat
2516run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2517 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2518 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2519 0 \
2520 -s "Protocol is TLSv1.3" \
2521 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2522 -s "received signature algorithm: 0x503" \
2523 -s "got named group: ffdhe2048(0100)" \
2524 -s "Certificate verification was skipped" \
2525 -C "received HelloRetryRequest message"
2526
2527requires_config_enabled MBEDTLS_SSL_SRV_C
2528requires_config_enabled MBEDTLS_DEBUG_C
2529requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2530requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2531requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2532requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2533requires_gnutls_tls1_3
2534requires_gnutls_next_no_ticket
2535requires_gnutls_next_disable_tls13_compat
2536run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2537 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2538 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2539 0 \
2540 -s "Protocol is TLSv1.3" \
2541 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2542 -s "received signature algorithm: 0x603" \
2543 -s "got named group: ffdhe2048(0100)" \
2544 -s "Certificate verification was skipped" \
2545 -C "received HelloRetryRequest message"
2546
2547requires_config_enabled MBEDTLS_SSL_SRV_C
2548requires_config_enabled MBEDTLS_DEBUG_C
2549requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2550requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2551requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2552requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2553requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2554requires_gnutls_tls1_3
2555requires_gnutls_next_no_ticket
2556requires_gnutls_next_disable_tls13_compat
2557run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2558 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2559 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2560 0 \
2561 -s "Protocol is TLSv1.3" \
2562 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2563 -s "received signature algorithm: 0x804" \
2564 -s "got named group: ffdhe2048(0100)" \
2565 -s "Certificate verification was skipped" \
2566 -C "received HelloRetryRequest message"
2567
2568requires_config_enabled MBEDTLS_SSL_SRV_C
2569requires_config_enabled MBEDTLS_DEBUG_C
2570requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2571requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2572requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2573requires_gnutls_tls1_3
2574requires_gnutls_next_no_ticket
2575requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2576run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2577 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2578 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2579 0 \
2580 -s "Protocol is TLSv1.3" \
2581 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2582 -s "received signature algorithm: 0x403" \
2583 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2584 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2585 -C "received HelloRetryRequest message"
2586
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2587requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2588requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2589requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2590requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2591requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2592requires_gnutls_tls1_3
2593requires_gnutls_next_no_ticket
2594requires_gnutls_next_disable_tls13_compat
2595run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2596 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2597 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2598 0 \
2599 -s "Protocol is TLSv1.3" \
2600 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2601 -s "received signature algorithm: 0x503" \
2602 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2603 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2604 -C "received HelloRetryRequest message"
2605
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2606requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2607requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2608requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2609requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2610requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2611requires_gnutls_tls1_3
2612requires_gnutls_next_no_ticket
2613requires_gnutls_next_disable_tls13_compat
2614run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2615 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2616 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2617 0 \
2618 -s "Protocol is TLSv1.3" \
2619 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2620 -s "received signature algorithm: 0x603" \
2621 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2622 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2623 -C "received HelloRetryRequest message"
2624
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2625requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2626requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2627requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2628requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2629requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2630requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2631requires_gnutls_tls1_3
2632requires_gnutls_next_no_ticket
2633requires_gnutls_next_disable_tls13_compat
2634run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2635 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2636 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2637 0 \
2638 -s "Protocol is TLSv1.3" \
2639 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2640 -s "received signature algorithm: 0x804" \
2641 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2642 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2643 -C "received HelloRetryRequest message"
2644
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2645requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2646requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2647requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2648requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2649requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2650requires_gnutls_tls1_3
2651requires_gnutls_next_no_ticket
2652requires_gnutls_next_disable_tls13_compat
2653run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2654 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2655 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2656 0 \
2657 -s "Protocol is TLSv1.3" \
2658 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2659 -s "received signature algorithm: 0x403" \
2660 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2661 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2662 -C "received HelloRetryRequest message"
2663
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2664requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2665requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2666requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2667requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2668requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2669requires_gnutls_tls1_3
2670requires_gnutls_next_no_ticket
2671requires_gnutls_next_disable_tls13_compat
2672run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2673 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2674 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2675 0 \
2676 -s "Protocol is TLSv1.3" \
2677 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2678 -s "received signature algorithm: 0x503" \
2679 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2680 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2681 -C "received HelloRetryRequest message"
2682
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2683requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2684requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2685requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2686requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2687requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2688requires_gnutls_tls1_3
2689requires_gnutls_next_no_ticket
2690requires_gnutls_next_disable_tls13_compat
2691run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2692 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2693 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2694 0 \
2695 -s "Protocol is TLSv1.3" \
2696 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2697 -s "received signature algorithm: 0x603" \
2698 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2699 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2700 -C "received HelloRetryRequest message"
2701
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2702requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2703requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2704requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2705requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2706requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2707requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2708requires_gnutls_tls1_3
2709requires_gnutls_next_no_ticket
2710requires_gnutls_next_disable_tls13_compat
2711run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2712 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2713 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2714 0 \
2715 -s "Protocol is TLSv1.3" \
2716 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2717 -s "received signature algorithm: 0x804" \
2718 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2719 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2720 -C "received HelloRetryRequest message"
2721
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2722requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2723requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2724requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2725requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2726requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2727requires_gnutls_tls1_3
2728requires_gnutls_next_no_ticket
2729requires_gnutls_next_disable_tls13_compat
2730run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2731 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2732 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2733 0 \
2734 -s "Protocol is TLSv1.3" \
2735 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2736 -s "received signature algorithm: 0x403" \
2737 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2738 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2739 -C "received HelloRetryRequest message"
2740
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2741requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2742requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2743requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2744requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2745requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2746requires_gnutls_tls1_3
2747requires_gnutls_next_no_ticket
2748requires_gnutls_next_disable_tls13_compat
2749run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2750 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2751 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2752 0 \
2753 -s "Protocol is TLSv1.3" \
2754 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2755 -s "received signature algorithm: 0x503" \
2756 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2757 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2758 -C "received HelloRetryRequest message"
2759
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2760requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2761requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2762requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2763requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2764requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2765requires_gnutls_tls1_3
2766requires_gnutls_next_no_ticket
2767requires_gnutls_next_disable_tls13_compat
2768run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2769 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2770 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2771 0 \
2772 -s "Protocol is TLSv1.3" \
2773 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2774 -s "received signature algorithm: 0x603" \
2775 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2776 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2777 -C "received HelloRetryRequest message"
2778
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2779requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2780requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2781requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2782requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2783requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2784requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2785requires_gnutls_tls1_3
2786requires_gnutls_next_no_ticket
2787requires_gnutls_next_disable_tls13_compat
2788run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2789 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2790 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2791 0 \
2792 -s "Protocol is TLSv1.3" \
2793 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2794 -s "received signature algorithm: 0x804" \
2795 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2796 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2797 -C "received HelloRetryRequest message"
2798
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2799requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2800requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2801requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2802requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2803requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2804requires_gnutls_tls1_3
2805requires_gnutls_next_no_ticket
2806requires_gnutls_next_disable_tls13_compat
2807run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2808 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2809 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2810 0 \
2811 -s "Protocol is TLSv1.3" \
2812 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2813 -s "received signature algorithm: 0x403" \
2814 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2815 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2816 -C "received HelloRetryRequest message"
2817
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2818requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2819requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2820requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2821requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2822requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2823requires_gnutls_tls1_3
2824requires_gnutls_next_no_ticket
2825requires_gnutls_next_disable_tls13_compat
2826run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2827 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2828 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2829 0 \
2830 -s "Protocol is TLSv1.3" \
2831 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2832 -s "received signature algorithm: 0x503" \
2833 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2834 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2835 -C "received HelloRetryRequest message"
2836
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2837requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2838requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2839requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2840requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2841requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2842requires_gnutls_tls1_3
2843requires_gnutls_next_no_ticket
2844requires_gnutls_next_disable_tls13_compat
2845run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2846 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2847 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2848 0 \
2849 -s "Protocol is TLSv1.3" \
2850 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2851 -s "received signature algorithm: 0x603" \
2852 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2853 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2854 -C "received HelloRetryRequest message"
2855
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2856requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2857requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2858requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2859requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2860requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2861requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2862requires_gnutls_tls1_3
2863requires_gnutls_next_no_ticket
2864requires_gnutls_next_disable_tls13_compat
2865run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2866 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2867 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2868 0 \
2869 -s "Protocol is TLSv1.3" \
2870 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2871 -s "received signature algorithm: 0x804" \
2872 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2873 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2874 -C "received HelloRetryRequest message"
2875
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2876requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2877requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2878requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2879requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2880requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2881requires_gnutls_tls1_3
2882requires_gnutls_next_no_ticket
2883requires_gnutls_next_disable_tls13_compat
2884run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2885 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2886 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2887 0 \
2888 -s "Protocol is TLSv1.3" \
2889 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2890 -s "received signature algorithm: 0x403" \
2891 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2892 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2893 -C "received HelloRetryRequest message"
2894
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2895requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2896requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2897requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2898requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2899requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2900requires_gnutls_tls1_3
2901requires_gnutls_next_no_ticket
2902requires_gnutls_next_disable_tls13_compat
2903run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2904 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2905 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2906 0 \
2907 -s "Protocol is TLSv1.3" \
2908 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2909 -s "received signature algorithm: 0x503" \
2910 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2911 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2912 -C "received HelloRetryRequest message"
2913
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2914requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2915requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2916requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2917requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2918requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2919requires_gnutls_tls1_3
2920requires_gnutls_next_no_ticket
2921requires_gnutls_next_disable_tls13_compat
2922run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2923 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2924 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2925 0 \
2926 -s "Protocol is TLSv1.3" \
2927 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2928 -s "received signature algorithm: 0x603" \
2929 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2930 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2931 -C "received HelloRetryRequest message"
2932
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2933requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2934requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2935requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2936requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2937requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2938requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2939requires_gnutls_tls1_3
2940requires_gnutls_next_no_ticket
2941requires_gnutls_next_disable_tls13_compat
2942run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2943 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2944 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2945 0 \
2946 -s "Protocol is TLSv1.3" \
2947 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2948 -s "received signature algorithm: 0x804" \
2949 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2950 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2951 -C "received HelloRetryRequest message"
2952
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2953requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2954requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2955requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2956requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2957requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2958requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2959requires_gnutls_tls1_3
2960requires_gnutls_next_no_ticket
2961requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2962run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2963 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2964 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2965 0 \
2966 -s "Protocol is TLSv1.3" \
2967 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2968 -s "received signature algorithm: 0x403" \
2969 -s "got named group: ffdhe2048(0100)" \
2970 -s "Certificate verification was skipped" \
2971 -C "received HelloRetryRequest message"
2972
2973requires_config_enabled MBEDTLS_SSL_SRV_C
2974requires_config_enabled MBEDTLS_DEBUG_C
2975requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2976requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2977requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2978requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2979requires_gnutls_tls1_3
2980requires_gnutls_next_no_ticket
2981requires_gnutls_next_disable_tls13_compat
2982run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]2983 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2984 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2985 0 \
2986 -s "Protocol is TLSv1.3" \
2987 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2988 -s "received signature algorithm: 0x503" \
2989 -s "got named group: ffdhe2048(0100)" \
2990 -s "Certificate verification was skipped" \
2991 -C "received HelloRetryRequest message"
2992
2993requires_config_enabled MBEDTLS_SSL_SRV_C
2994requires_config_enabled MBEDTLS_DEBUG_C
2995requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2996requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2997requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2998requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2999requires_gnutls_tls1_3
3000requires_gnutls_next_no_ticket
3001requires_gnutls_next_disable_tls13_compat
3002run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3003 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3004 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3005 0 \
3006 -s "Protocol is TLSv1.3" \
3007 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3008 -s "received signature algorithm: 0x603" \
3009 -s "got named group: ffdhe2048(0100)" \
3010 -s "Certificate verification was skipped" \
3011 -C "received HelloRetryRequest message"
3012
3013requires_config_enabled MBEDTLS_SSL_SRV_C
3014requires_config_enabled MBEDTLS_DEBUG_C
3015requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3016requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3017requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3018requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]3019requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3020requires_gnutls_tls1_3
3021requires_gnutls_next_no_ticket
3022requires_gnutls_next_disable_tls13_compat
3023run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3024 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3025 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3026 0 \
3027 -s "Protocol is TLSv1.3" \
3028 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3029 -s "received signature algorithm: 0x804" \
3030 -s "got named group: ffdhe2048(0100)" \
3031 -s "Certificate verification was skipped" \
3032 -C "received HelloRetryRequest message"
3033
3034requires_config_enabled MBEDTLS_SSL_SRV_C
3035requires_config_enabled MBEDTLS_DEBUG_C
3036requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3037requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3038requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3039requires_gnutls_tls1_3
3040requires_gnutls_next_no_ticket
3041requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3042run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3043 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3044 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3045 0 \
3046 -s "Protocol is TLSv1.3" \
3047 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3048 -s "received signature algorithm: 0x403" \
3049 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3050 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3051 -C "received HelloRetryRequest message"
3052
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3053requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3054requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3055requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3056requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3057requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3058requires_gnutls_tls1_3
3059requires_gnutls_next_no_ticket
3060requires_gnutls_next_disable_tls13_compat
3061run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3062 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3063 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3064 0 \
3065 -s "Protocol is TLSv1.3" \
3066 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3067 -s "received signature algorithm: 0x503" \
3068 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3069 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3070 -C "received HelloRetryRequest message"
3071
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3072requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3073requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3074requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3075requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3076requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3077requires_gnutls_tls1_3
3078requires_gnutls_next_no_ticket
3079requires_gnutls_next_disable_tls13_compat
3080run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3081 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3082 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3083 0 \
3084 -s "Protocol is TLSv1.3" \
3085 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3086 -s "received signature algorithm: 0x603" \
3087 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3088 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3089 -C "received HelloRetryRequest message"
3090
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3091requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3092requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3093requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3094requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3095requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3096requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3097requires_gnutls_tls1_3
3098requires_gnutls_next_no_ticket
3099requires_gnutls_next_disable_tls13_compat
3100run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3101 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3102 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3103 0 \
3104 -s "Protocol is TLSv1.3" \
3105 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3106 -s "received signature algorithm: 0x804" \
3107 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3108 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3109 -C "received HelloRetryRequest message"
3110
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3111requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3112requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3113requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3114requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3115requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3116requires_gnutls_tls1_3
3117requires_gnutls_next_no_ticket
3118requires_gnutls_next_disable_tls13_compat
3119run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3120 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3121 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3122 0 \
3123 -s "Protocol is TLSv1.3" \
3124 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3125 -s "received signature algorithm: 0x403" \
3126 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3127 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3128 -C "received HelloRetryRequest message"
3129
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3130requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3131requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3132requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3133requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3134requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3135requires_gnutls_tls1_3
3136requires_gnutls_next_no_ticket
3137requires_gnutls_next_disable_tls13_compat
3138run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3139 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3140 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3141 0 \
3142 -s "Protocol is TLSv1.3" \
3143 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3144 -s "received signature algorithm: 0x503" \
3145 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3146 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3147 -C "received HelloRetryRequest message"
3148
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3149requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3150requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3151requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3152requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3153requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3154requires_gnutls_tls1_3
3155requires_gnutls_next_no_ticket
3156requires_gnutls_next_disable_tls13_compat
3157run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3158 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3159 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3160 0 \
3161 -s "Protocol is TLSv1.3" \
3162 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3163 -s "received signature algorithm: 0x603" \
3164 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3165 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3166 -C "received HelloRetryRequest message"
3167
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3168requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3169requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3170requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3171requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3172requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3173requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3174requires_gnutls_tls1_3
3175requires_gnutls_next_no_ticket
3176requires_gnutls_next_disable_tls13_compat
3177run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3178 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3179 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3180 0 \
3181 -s "Protocol is TLSv1.3" \
3182 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3183 -s "received signature algorithm: 0x804" \
3184 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3185 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3186 -C "received HelloRetryRequest message"
3187
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3188requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3189requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3190requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3191requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3192requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3193requires_gnutls_tls1_3
3194requires_gnutls_next_no_ticket
3195requires_gnutls_next_disable_tls13_compat
3196run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3197 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3198 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3199 0 \
3200 -s "Protocol is TLSv1.3" \
3201 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3202 -s "received signature algorithm: 0x403" \
3203 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3204 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3205 -C "received HelloRetryRequest message"
3206
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3207requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3208requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3209requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3210requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3211requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3212requires_gnutls_tls1_3
3213requires_gnutls_next_no_ticket
3214requires_gnutls_next_disable_tls13_compat
3215run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3216 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3217 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3218 0 \
3219 -s "Protocol is TLSv1.3" \
3220 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3221 -s "received signature algorithm: 0x503" \
3222 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3223 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3224 -C "received HelloRetryRequest message"
3225
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3226requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3227requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3228requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3229requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3230requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3231requires_gnutls_tls1_3
3232requires_gnutls_next_no_ticket
3233requires_gnutls_next_disable_tls13_compat
3234run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3235 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3236 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3237 0 \
3238 -s "Protocol is TLSv1.3" \
3239 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3240 -s "received signature algorithm: 0x603" \
3241 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3242 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3243 -C "received HelloRetryRequest message"
3244
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3245requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3246requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3247requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3248requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3249requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3250requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3251requires_gnutls_tls1_3
3252requires_gnutls_next_no_ticket
3253requires_gnutls_next_disable_tls13_compat
3254run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3255 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3256 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3257 0 \
3258 -s "Protocol is TLSv1.3" \
3259 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3260 -s "received signature algorithm: 0x804" \
3261 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3262 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3263 -C "received HelloRetryRequest message"
3264
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3265requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3266requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3267requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3268requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3269requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3270requires_gnutls_tls1_3
3271requires_gnutls_next_no_ticket
3272requires_gnutls_next_disable_tls13_compat
3273run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3274 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3275 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3276 0 \
3277 -s "Protocol is TLSv1.3" \
3278 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3279 -s "received signature algorithm: 0x403" \
3280 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3281 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3282 -C "received HelloRetryRequest message"
3283
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3284requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3285requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3286requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3287requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3288requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3289requires_gnutls_tls1_3
3290requires_gnutls_next_no_ticket
3291requires_gnutls_next_disable_tls13_compat
3292run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3293 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3294 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3295 0 \
3296 -s "Protocol is TLSv1.3" \
3297 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3298 -s "received signature algorithm: 0x503" \
3299 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3300 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3301 -C "received HelloRetryRequest message"
3302
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3303requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3304requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3305requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3306requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3307requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3308requires_gnutls_tls1_3
3309requires_gnutls_next_no_ticket
3310requires_gnutls_next_disable_tls13_compat
3311run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3312 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3313 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3314 0 \
3315 -s "Protocol is TLSv1.3" \
3316 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3317 -s "received signature algorithm: 0x603" \
3318 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3319 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3320 -C "received HelloRetryRequest message"
3321
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3322requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3323requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3324requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3325requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3326requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3327requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3328requires_gnutls_tls1_3
3329requires_gnutls_next_no_ticket
3330requires_gnutls_next_disable_tls13_compat
3331run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3332 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3333 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3334 0 \
3335 -s "Protocol is TLSv1.3" \
3336 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3337 -s "received signature algorithm: 0x804" \
3338 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3339 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3340 -C "received HelloRetryRequest message"
3341
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3342requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3343requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3344requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3345requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3346requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3347requires_gnutls_tls1_3
3348requires_gnutls_next_no_ticket
3349requires_gnutls_next_disable_tls13_compat
3350run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3351 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3352 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3353 0 \
3354 -s "Protocol is TLSv1.3" \
3355 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3356 -s "received signature algorithm: 0x403" \
3357 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3358 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3359 -C "received HelloRetryRequest message"
3360
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3361requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3362requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3363requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3364requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3365requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3366requires_gnutls_tls1_3
3367requires_gnutls_next_no_ticket
3368requires_gnutls_next_disable_tls13_compat
3369run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3370 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3371 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3372 0 \
3373 -s "Protocol is TLSv1.3" \
3374 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3375 -s "received signature algorithm: 0x503" \
3376 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3377 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3378 -C "received HelloRetryRequest message"
3379
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3380requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3381requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3382requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3383requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3384requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3385requires_gnutls_tls1_3
3386requires_gnutls_next_no_ticket
3387requires_gnutls_next_disable_tls13_compat
3388run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3389 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3390 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3391 0 \
3392 -s "Protocol is TLSv1.3" \
3393 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3394 -s "received signature algorithm: 0x603" \
3395 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3396 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3397 -C "received HelloRetryRequest message"
3398
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3399requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3400requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3401requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3402requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3403requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3404requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3405requires_gnutls_tls1_3
3406requires_gnutls_next_no_ticket
3407requires_gnutls_next_disable_tls13_compat
3408run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3409 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3410 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3411 0 \
3412 -s "Protocol is TLSv1.3" \
3413 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3414 -s "received signature algorithm: 0x804" \
3415 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3416 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3417 -C "received HelloRetryRequest message"
3418
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3419requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3420requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3421requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3422requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3423requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]3424requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3425requires_gnutls_tls1_3
3426requires_gnutls_next_no_ticket
3427requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3428run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3429 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3430 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3431 0 \
3432 -s "Protocol is TLSv1.3" \
3433 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3434 -s "received signature algorithm: 0x403" \
3435 -s "got named group: ffdhe2048(0100)" \
3436 -s "Certificate verification was skipped" \
3437 -C "received HelloRetryRequest message"
3438
3439requires_config_enabled MBEDTLS_SSL_SRV_C
3440requires_config_enabled MBEDTLS_DEBUG_C
3441requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3442requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3443requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]3444requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3445requires_gnutls_tls1_3
3446requires_gnutls_next_no_ticket
3447requires_gnutls_next_disable_tls13_compat
3448run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3449 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3450 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3451 0 \
3452 -s "Protocol is TLSv1.3" \
3453 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3454 -s "received signature algorithm: 0x503" \
3455 -s "got named group: ffdhe2048(0100)" \
3456 -s "Certificate verification was skipped" \
3457 -C "received HelloRetryRequest message"
3458
3459requires_config_enabled MBEDTLS_SSL_SRV_C
3460requires_config_enabled MBEDTLS_DEBUG_C
3461requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3462requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3463requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]3464requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3465requires_gnutls_tls1_3
3466requires_gnutls_next_no_ticket
3467requires_gnutls_next_disable_tls13_compat
3468run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3469 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3470 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3471 0 \
3472 -s "Protocol is TLSv1.3" \
3473 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3474 -s "received signature algorithm: 0x603" \
3475 -s "got named group: ffdhe2048(0100)" \
3476 -s "Certificate verification was skipped" \
3477 -C "received HelloRetryRequest message"
3478
3479requires_config_enabled MBEDTLS_SSL_SRV_C
3480requires_config_enabled MBEDTLS_DEBUG_C
3481requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3482requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3483requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3484requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]3485requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3486requires_gnutls_tls1_3
3487requires_gnutls_next_no_ticket
3488requires_gnutls_next_disable_tls13_compat
3489run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3490 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3491 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3492 0 \
3493 -s "Protocol is TLSv1.3" \
3494 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3495 -s "received signature algorithm: 0x804" \
3496 -s "got named group: ffdhe2048(0100)" \
3497 -s "Certificate verification was skipped" \
3498 -C "received HelloRetryRequest message"
3499
3500requires_config_enabled MBEDTLS_SSL_SRV_C
3501requires_config_enabled MBEDTLS_DEBUG_C
3502requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3503requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3504requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3505requires_gnutls_tls1_3
3506requires_gnutls_next_no_ticket
3507requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3508run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3509 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3510 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3511 0 \
3512 -s "Protocol is TLSv1.3" \
3513 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3514 -s "received signature algorithm: 0x403" \
3515 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3516 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3517 -C "received HelloRetryRequest message"
3518
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3519requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3520requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3521requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3522requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3523requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3524requires_gnutls_tls1_3
3525requires_gnutls_next_no_ticket
3526requires_gnutls_next_disable_tls13_compat
3527run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3528 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3529 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3530 0 \
3531 -s "Protocol is TLSv1.3" \
3532 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3533 -s "received signature algorithm: 0x503" \
3534 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3535 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3536 -C "received HelloRetryRequest message"
3537
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3538requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3539requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3540requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3541requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3542requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3543requires_gnutls_tls1_3
3544requires_gnutls_next_no_ticket
3545requires_gnutls_next_disable_tls13_compat
3546run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3547 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3548 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3549 0 \
3550 -s "Protocol is TLSv1.3" \
3551 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3552 -s "received signature algorithm: 0x603" \
3553 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3554 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3555 -C "received HelloRetryRequest message"
3556
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3557requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3558requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3559requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3560requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3561requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3562requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3563requires_gnutls_tls1_3
3564requires_gnutls_next_no_ticket
3565requires_gnutls_next_disable_tls13_compat
3566run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3567 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3568 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3569 0 \
3570 -s "Protocol is TLSv1.3" \
3571 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3572 -s "received signature algorithm: 0x804" \
3573 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3574 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3575 -C "received HelloRetryRequest message"
3576
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3577requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3578requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3579requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3580requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3581requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3582requires_gnutls_tls1_3
3583requires_gnutls_next_no_ticket
3584requires_gnutls_next_disable_tls13_compat
3585run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3586 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3587 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3588 0 \
3589 -s "Protocol is TLSv1.3" \
3590 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3591 -s "received signature algorithm: 0x403" \
3592 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3593 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3594 -C "received HelloRetryRequest message"
3595
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3596requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3597requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3598requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3599requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3600requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3601requires_gnutls_tls1_3
3602requires_gnutls_next_no_ticket
3603requires_gnutls_next_disable_tls13_compat
3604run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3605 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3606 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3607 0 \
3608 -s "Protocol is TLSv1.3" \
3609 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3610 -s "received signature algorithm: 0x503" \
3611 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3612 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3613 -C "received HelloRetryRequest message"
3614
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3615requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3616requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3617requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3618requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3619requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3620requires_gnutls_tls1_3
3621requires_gnutls_next_no_ticket
3622requires_gnutls_next_disable_tls13_compat
3623run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3624 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3625 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3626 0 \
3627 -s "Protocol is TLSv1.3" \
3628 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3629 -s "received signature algorithm: 0x603" \
3630 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3631 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3632 -C "received HelloRetryRequest message"
3633
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3634requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3635requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3636requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3637requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3638requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3639requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3640requires_gnutls_tls1_3
3641requires_gnutls_next_no_ticket
3642requires_gnutls_next_disable_tls13_compat
3643run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3644 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3645 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3646 0 \
3647 -s "Protocol is TLSv1.3" \
3648 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3649 -s "received signature algorithm: 0x804" \
3650 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3651 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3652 -C "received HelloRetryRequest message"
3653
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3654requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3655requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3656requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3657requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3658requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3659requires_gnutls_tls1_3
3660requires_gnutls_next_no_ticket
3661requires_gnutls_next_disable_tls13_compat
3662run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3663 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3664 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3665 0 \
3666 -s "Protocol is TLSv1.3" \
3667 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3668 -s "received signature algorithm: 0x403" \
3669 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3670 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3671 -C "received HelloRetryRequest message"
3672
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3673requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3674requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3675requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3676requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3677requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3678requires_gnutls_tls1_3
3679requires_gnutls_next_no_ticket
3680requires_gnutls_next_disable_tls13_compat
3681run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3682 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3683 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3684 0 \
3685 -s "Protocol is TLSv1.3" \
3686 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3687 -s "received signature algorithm: 0x503" \
3688 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3689 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3690 -C "received HelloRetryRequest message"
3691
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3692requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3693requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3694requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3695requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3696requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3697requires_gnutls_tls1_3
3698requires_gnutls_next_no_ticket
3699requires_gnutls_next_disable_tls13_compat
3700run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3701 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3702 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3703 0 \
3704 -s "Protocol is TLSv1.3" \
3705 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3706 -s "received signature algorithm: 0x603" \
3707 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3708 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3709 -C "received HelloRetryRequest message"
3710
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3711requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3712requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3713requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3714requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3715requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3716requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3717requires_gnutls_tls1_3
3718requires_gnutls_next_no_ticket
3719requires_gnutls_next_disable_tls13_compat
3720run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3721 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3722 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3723 0 \
3724 -s "Protocol is TLSv1.3" \
3725 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3726 -s "received signature algorithm: 0x804" \
3727 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3728 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3729 -C "received HelloRetryRequest message"
3730
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3731requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3732requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3733requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3734requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3735requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3736requires_gnutls_tls1_3
3737requires_gnutls_next_no_ticket
3738requires_gnutls_next_disable_tls13_compat
3739run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3740 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3741 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3742 0 \
3743 -s "Protocol is TLSv1.3" \
3744 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3745 -s "received signature algorithm: 0x403" \
3746 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3747 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3748 -C "received HelloRetryRequest message"
3749
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3750requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3751requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3752requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3753requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3754requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3755requires_gnutls_tls1_3
3756requires_gnutls_next_no_ticket
3757requires_gnutls_next_disable_tls13_compat
3758run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3759 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3760 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3761 0 \
3762 -s "Protocol is TLSv1.3" \
3763 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3764 -s "received signature algorithm: 0x503" \
3765 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3766 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3767 -C "received HelloRetryRequest message"
3768
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3769requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3770requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3771requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3772requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3773requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3774requires_gnutls_tls1_3
3775requires_gnutls_next_no_ticket
3776requires_gnutls_next_disable_tls13_compat
3777run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3778 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3779 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3780 0 \
3781 -s "Protocol is TLSv1.3" \
3782 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3783 -s "received signature algorithm: 0x603" \
3784 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3785 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3786 -C "received HelloRetryRequest message"
3787
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3788requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3789requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3790requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3791requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3792requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3793requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3794requires_gnutls_tls1_3
3795requires_gnutls_next_no_ticket
3796requires_gnutls_next_disable_tls13_compat
3797run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3798 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3799 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3800 0 \
3801 -s "Protocol is TLSv1.3" \
3802 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3803 -s "received signature algorithm: 0x804" \
3804 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3805 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3806 -C "received HelloRetryRequest message"
3807
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3808requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3809requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3810requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3811requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3812requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3813requires_gnutls_tls1_3
3814requires_gnutls_next_no_ticket
3815requires_gnutls_next_disable_tls13_compat
3816run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3817 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3818 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3819 0 \
3820 -s "Protocol is TLSv1.3" \
3821 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3822 -s "received signature algorithm: 0x403" \
3823 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3824 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3825 -C "received HelloRetryRequest message"
3826
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3827requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3828requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3829requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3830requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3831requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3832requires_gnutls_tls1_3
3833requires_gnutls_next_no_ticket
3834requires_gnutls_next_disable_tls13_compat
3835run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3836 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3837 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3838 0 \
3839 -s "Protocol is TLSv1.3" \
3840 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3841 -s "received signature algorithm: 0x503" \
3842 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3843 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3844 -C "received HelloRetryRequest message"
3845
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3846requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3847requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3848requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3849requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3850requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3851requires_gnutls_tls1_3
3852requires_gnutls_next_no_ticket
3853requires_gnutls_next_disable_tls13_compat
3854run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3855 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3856 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3857 0 \
3858 -s "Protocol is TLSv1.3" \
3859 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3860 -s "received signature algorithm: 0x603" \
3861 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3862 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3863 -C "received HelloRetryRequest message"
3864
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3865requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3866requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3867requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3868requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3869requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3870requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3871requires_gnutls_tls1_3
3872requires_gnutls_next_no_ticket
3873requires_gnutls_next_disable_tls13_compat
3874run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3875 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3876 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3877 0 \
3878 -s "Protocol is TLSv1.3" \
3879 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3880 -s "received signature algorithm: 0x804" \
3881 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3882 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3883 -C "received HelloRetryRequest message"
3884
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3885requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3886requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3887requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3888requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3889requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]3890requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3891requires_gnutls_tls1_3
3892requires_gnutls_next_no_ticket
3893requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3894run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3895 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3896 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3897 0 \
3898 -s "Protocol is TLSv1.3" \
3899 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3900 -s "received signature algorithm: 0x403" \
3901 -s "got named group: ffdhe2048(0100)" \
3902 -s "Certificate verification was skipped" \
3903 -C "received HelloRetryRequest message"
3904
3905requires_config_enabled MBEDTLS_SSL_SRV_C
3906requires_config_enabled MBEDTLS_DEBUG_C
3907requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3908requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3909requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]3910requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3911requires_gnutls_tls1_3
3912requires_gnutls_next_no_ticket
3913requires_gnutls_next_disable_tls13_compat
3914run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3915 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3916 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3917 0 \
3918 -s "Protocol is TLSv1.3" \
3919 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3920 -s "received signature algorithm: 0x503" \
3921 -s "got named group: ffdhe2048(0100)" \
3922 -s "Certificate verification was skipped" \
3923 -C "received HelloRetryRequest message"
3924
3925requires_config_enabled MBEDTLS_SSL_SRV_C
3926requires_config_enabled MBEDTLS_DEBUG_C
3927requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3928requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3929requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]3930requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3931requires_gnutls_tls1_3
3932requires_gnutls_next_no_ticket
3933requires_gnutls_next_disable_tls13_compat
3934run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3935 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3936 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3937 0 \
3938 -s "Protocol is TLSv1.3" \
3939 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3940 -s "received signature algorithm: 0x603" \
3941 -s "got named group: ffdhe2048(0100)" \
3942 -s "Certificate verification was skipped" \
3943 -C "received HelloRetryRequest message"
3944
3945requires_config_enabled MBEDTLS_SSL_SRV_C
3946requires_config_enabled MBEDTLS_DEBUG_C
3947requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3948requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3949requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3950requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]3951requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3952requires_gnutls_tls1_3
3953requires_gnutls_next_no_ticket
3954requires_gnutls_next_disable_tls13_compat
3955run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3956 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3957 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3958 0 \
3959 -s "Protocol is TLSv1.3" \
3960 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3961 -s "received signature algorithm: 0x804" \
3962 -s "got named group: ffdhe2048(0100)" \
3963 -s "Certificate verification was skipped" \
3964 -C "received HelloRetryRequest message"
3965
3966requires_config_enabled MBEDTLS_SSL_SRV_C
3967requires_config_enabled MBEDTLS_DEBUG_C
3968requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3969requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3970requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3971requires_gnutls_tls1_3
3972requires_gnutls_next_no_ticket
3973requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3974run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3975 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3976 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3977 0 \
3978 -s "Protocol is TLSv1.3" \
3979 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3980 -s "received signature algorithm: 0x403" \
3981 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3982 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3983 -C "received HelloRetryRequest message"
3984
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3985requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3986requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3987requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3988requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3989requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3990requires_gnutls_tls1_3
3991requires_gnutls_next_no_ticket
3992requires_gnutls_next_disable_tls13_compat
3993run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]3994 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3995 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3996 0 \
3997 -s "Protocol is TLSv1.3" \
3998 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3999 -s "received signature algorithm: 0x503" \
4000 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4001 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4002 -C "received HelloRetryRequest message"
4003
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4004requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4005requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4006requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4007requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4008requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4009requires_gnutls_tls1_3
4010requires_gnutls_next_no_ticket
4011requires_gnutls_next_disable_tls13_compat
4012run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4013 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4014 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4015 0 \
4016 -s "Protocol is TLSv1.3" \
4017 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4018 -s "received signature algorithm: 0x603" \
4019 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4020 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4021 -C "received HelloRetryRequest message"
4022
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4023requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4024requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4025requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4026requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4027requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4028requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4029requires_gnutls_tls1_3
4030requires_gnutls_next_no_ticket
4031requires_gnutls_next_disable_tls13_compat
4032run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4033 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4034 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4035 0 \
4036 -s "Protocol is TLSv1.3" \
4037 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4038 -s "received signature algorithm: 0x804" \
4039 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4040 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4041 -C "received HelloRetryRequest message"
4042
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4043requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4044requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4045requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4046requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4047requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4048requires_gnutls_tls1_3
4049requires_gnutls_next_no_ticket
4050requires_gnutls_next_disable_tls13_compat
4051run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4052 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4053 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4054 0 \
4055 -s "Protocol is TLSv1.3" \
4056 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4057 -s "received signature algorithm: 0x403" \
4058 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4059 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4060 -C "received HelloRetryRequest message"
4061
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4062requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4063requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4064requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4065requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4066requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4067requires_gnutls_tls1_3
4068requires_gnutls_next_no_ticket
4069requires_gnutls_next_disable_tls13_compat
4070run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4071 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4072 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4073 0 \
4074 -s "Protocol is TLSv1.3" \
4075 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4076 -s "received signature algorithm: 0x503" \
4077 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4078 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4079 -C "received HelloRetryRequest message"
4080
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4081requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4082requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4083requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4084requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4085requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4086requires_gnutls_tls1_3
4087requires_gnutls_next_no_ticket
4088requires_gnutls_next_disable_tls13_compat
4089run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4090 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4091 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4092 0 \
4093 -s "Protocol is TLSv1.3" \
4094 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4095 -s "received signature algorithm: 0x603" \
4096 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4097 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4098 -C "received HelloRetryRequest message"
4099
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4100requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4101requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4102requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4103requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4104requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4105requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4106requires_gnutls_tls1_3
4107requires_gnutls_next_no_ticket
4108requires_gnutls_next_disable_tls13_compat
4109run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4110 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4111 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4112 0 \
4113 -s "Protocol is TLSv1.3" \
4114 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4115 -s "received signature algorithm: 0x804" \
4116 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4117 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4118 -C "received HelloRetryRequest message"
4119
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4120requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4121requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4122requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4123requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4124requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4125requires_gnutls_tls1_3
4126requires_gnutls_next_no_ticket
4127requires_gnutls_next_disable_tls13_compat
4128run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4129 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4130 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4131 0 \
4132 -s "Protocol is TLSv1.3" \
4133 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4134 -s "received signature algorithm: 0x403" \
4135 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4136 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4137 -C "received HelloRetryRequest message"
4138
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4139requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4140requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4141requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4142requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4143requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4144requires_gnutls_tls1_3
4145requires_gnutls_next_no_ticket
4146requires_gnutls_next_disable_tls13_compat
4147run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4148 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4149 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4150 0 \
4151 -s "Protocol is TLSv1.3" \
4152 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4153 -s "received signature algorithm: 0x503" \
4154 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4155 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4156 -C "received HelloRetryRequest message"
4157
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4158requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4159requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4160requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4161requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4162requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4163requires_gnutls_tls1_3
4164requires_gnutls_next_no_ticket
4165requires_gnutls_next_disable_tls13_compat
4166run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4167 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4168 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4169 0 \
4170 -s "Protocol is TLSv1.3" \
4171 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4172 -s "received signature algorithm: 0x603" \
4173 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4174 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4175 -C "received HelloRetryRequest message"
4176
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4177requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4178requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4179requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4180requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4181requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4182requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4183requires_gnutls_tls1_3
4184requires_gnutls_next_no_ticket
4185requires_gnutls_next_disable_tls13_compat
4186run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4187 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4188 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4189 0 \
4190 -s "Protocol is TLSv1.3" \
4191 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4192 -s "received signature algorithm: 0x804" \
4193 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4194 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4195 -C "received HelloRetryRequest message"
4196
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4197requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4198requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4199requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4200requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4201requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4202requires_gnutls_tls1_3
4203requires_gnutls_next_no_ticket
4204requires_gnutls_next_disable_tls13_compat
4205run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4206 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4207 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4208 0 \
4209 -s "Protocol is TLSv1.3" \
4210 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4211 -s "received signature algorithm: 0x403" \
4212 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4213 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4214 -C "received HelloRetryRequest message"
4215
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4216requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4217requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4218requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4219requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4220requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4221requires_gnutls_tls1_3
4222requires_gnutls_next_no_ticket
4223requires_gnutls_next_disable_tls13_compat
4224run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4225 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4226 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4227 0 \
4228 -s "Protocol is TLSv1.3" \
4229 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4230 -s "received signature algorithm: 0x503" \
4231 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4232 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4233 -C "received HelloRetryRequest message"
4234
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4235requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4236requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4237requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4238requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4239requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4240requires_gnutls_tls1_3
4241requires_gnutls_next_no_ticket
4242requires_gnutls_next_disable_tls13_compat
4243run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4244 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4245 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4246 0 \
4247 -s "Protocol is TLSv1.3" \
4248 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4249 -s "received signature algorithm: 0x603" \
4250 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4251 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4252 -C "received HelloRetryRequest message"
4253
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4254requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4255requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4256requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4257requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4258requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4259requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4260requires_gnutls_tls1_3
4261requires_gnutls_next_no_ticket
4262requires_gnutls_next_disable_tls13_compat
4263run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4264 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4265 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4266 0 \
4267 -s "Protocol is TLSv1.3" \
4268 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4269 -s "received signature algorithm: 0x804" \
4270 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4271 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4272 -C "received HelloRetryRequest message"
4273
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4274requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4275requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4276requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4277requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4278requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4279requires_gnutls_tls1_3
4280requires_gnutls_next_no_ticket
4281requires_gnutls_next_disable_tls13_compat
4282run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4283 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4284 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4285 0 \
4286 -s "Protocol is TLSv1.3" \
4287 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4288 -s "received signature algorithm: 0x403" \
4289 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4290 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4291 -C "received HelloRetryRequest message"
4292
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4293requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4294requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4295requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4296requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4297requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4298requires_gnutls_tls1_3
4299requires_gnutls_next_no_ticket
4300requires_gnutls_next_disable_tls13_compat
4301run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4302 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4303 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4304 0 \
4305 -s "Protocol is TLSv1.3" \
4306 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4307 -s "received signature algorithm: 0x503" \
4308 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4309 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4310 -C "received HelloRetryRequest message"
4311
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4312requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4313requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4314requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4315requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4316requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4317requires_gnutls_tls1_3
4318requires_gnutls_next_no_ticket
4319requires_gnutls_next_disable_tls13_compat
4320run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4321 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4322 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4323 0 \
4324 -s "Protocol is TLSv1.3" \
4325 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4326 -s "received signature algorithm: 0x603" \
4327 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4328 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4329 -C "received HelloRetryRequest message"
4330
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4331requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4332requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4333requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4334requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4335requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4336requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4337requires_gnutls_tls1_3
4338requires_gnutls_next_no_ticket
4339requires_gnutls_next_disable_tls13_compat
4340run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4341 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4342 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4343 0 \
4344 -s "Protocol is TLSv1.3" \
4345 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4346 -s "received signature algorithm: 0x804" \
4347 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4348 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4349 -C "received HelloRetryRequest message"
4350
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4351requires_config_enabled MBEDTLS_SSL_SRV_C
4352requires_config_enabled MBEDTLS_DEBUG_C
4353requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4354requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4355requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]4356requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4357requires_gnutls_tls1_3
4358requires_gnutls_next_no_ticket
4359requires_gnutls_next_disable_tls13_compat
4360run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4361 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4362 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4363 0 \
4364 -s "Protocol is TLSv1.3" \
4365 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4366 -s "received signature algorithm: 0x403" \
4367 -s "got named group: ffdhe2048(0100)" \
4368 -s "Certificate verification was skipped" \
4369 -C "received HelloRetryRequest message"
4370
4371requires_config_enabled MBEDTLS_SSL_SRV_C
4372requires_config_enabled MBEDTLS_DEBUG_C
4373requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4374requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4375requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]4376requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4377requires_gnutls_tls1_3
4378requires_gnutls_next_no_ticket
4379requires_gnutls_next_disable_tls13_compat
4380run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4381 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4382 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4383 0 \
4384 -s "Protocol is TLSv1.3" \
4385 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4386 -s "received signature algorithm: 0x503" \
4387 -s "got named group: ffdhe2048(0100)" \
4388 -s "Certificate verification was skipped" \
4389 -C "received HelloRetryRequest message"
4390
4391requires_config_enabled MBEDTLS_SSL_SRV_C
4392requires_config_enabled MBEDTLS_DEBUG_C
4393requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4394requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4395requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]4396requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4397requires_gnutls_tls1_3
4398requires_gnutls_next_no_ticket
4399requires_gnutls_next_disable_tls13_compat
4400run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4401 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4402 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4403 0 \
4404 -s "Protocol is TLSv1.3" \
4405 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4406 -s "received signature algorithm: 0x603" \
4407 -s "got named group: ffdhe2048(0100)" \
4408 -s "Certificate verification was skipped" \
4409 -C "received HelloRetryRequest message"
4410
4411requires_config_enabled MBEDTLS_SSL_SRV_C
4412requires_config_enabled MBEDTLS_DEBUG_C
4413requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4414requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4415requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4416requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]4417requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4418requires_gnutls_tls1_3
4419requires_gnutls_next_no_ticket
4420requires_gnutls_next_disable_tls13_compat
4421run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4422 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4423 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4424 0 \
4425 -s "Protocol is TLSv1.3" \
4426 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4427 -s "received signature algorithm: 0x804" \
4428 -s "got named group: ffdhe2048(0100)" \
4429 -s "Certificate verification was skipped" \
4430 -C "received HelloRetryRequest message"
4431
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4432requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4433requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4434requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4435requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4436requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4437requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4438run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4439 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4440 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4441 0 \
4442 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4443 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4444 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4445 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4446 -c "NamedGroup: secp256r1 ( 17 )" \
4447 -c "Verifying peer X.509 certificate... ok" \
4448 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4449
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4450requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4451requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4452requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4453requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4454requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4455requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4456run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4457 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4458 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4459 0 \
4460 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4461 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4462 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4463 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4464 -c "NamedGroup: secp256r1 ( 17 )" \
4465 -c "Verifying peer X.509 certificate... ok" \
4466 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4467
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4468requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4469requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4470requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4471requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4472requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4473requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4474run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4475 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4476 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4477 0 \
4478 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4479 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4480 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4481 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4482 -c "NamedGroup: secp256r1 ( 17 )" \
4483 -c "Verifying peer X.509 certificate... ok" \
4484 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4485
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4486requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4487requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4488requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4489requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4490requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4491requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4492requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4493run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4494 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4495 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4496 0 \
4497 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4498 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4499 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4500 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4501 -c "NamedGroup: secp256r1 ( 17 )" \
4502 -c "Verifying peer X.509 certificate... ok" \
4503 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4504
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4505requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4506requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4507requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4508requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4509requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4510requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4511run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4512 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4513 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4514 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4515 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4516 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4517 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4518 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4519 -c "NamedGroup: secp384r1 ( 18 )" \
4520 -c "Verifying peer X.509 certificate... ok" \
4521 -C "received HelloRetryRequest message"
4522
4523requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4524requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4525requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4526requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4527requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4528requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4529run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4530 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4531 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4532 0 \
4533 -c "HTTP/1.0 200 ok" \
4534 -c "Protocol is TLSv1.3" \
4535 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4536 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4537 -c "NamedGroup: secp384r1 ( 18 )" \
4538 -c "Verifying peer X.509 certificate... ok" \
4539 -C "received HelloRetryRequest message"
4540
4541requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4542requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4543requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4544requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4545requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4546requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4547run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4548 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4549 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4550 0 \
4551 -c "HTTP/1.0 200 ok" \
4552 -c "Protocol is TLSv1.3" \
4553 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4554 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4555 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4556 -c "Verifying peer X.509 certificate... ok" \
4557 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4558
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4559requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4560requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4561requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4562requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4563requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4564requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4565requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4566run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4567 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4568 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4569 0 \
4570 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4571 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4572 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4573 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4574 -c "NamedGroup: secp384r1 ( 18 )" \
4575 -c "Verifying peer X.509 certificate... ok" \
4576 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4577
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4578requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4579requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4580requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4581requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4582requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4583requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4584run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4585 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4586 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4587 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4588 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4589 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4590 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4591 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4592 -c "NamedGroup: secp521r1 ( 19 )" \
4593 -c "Verifying peer X.509 certificate... ok" \
4594 -C "received HelloRetryRequest message"
4595
4596requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4597requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4598requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4599requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4600requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4601requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4602run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4603 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4604 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4605 0 \
4606 -c "HTTP/1.0 200 ok" \
4607 -c "Protocol is TLSv1.3" \
4608 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4609 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4610 -c "NamedGroup: secp521r1 ( 19 )" \
4611 -c "Verifying peer X.509 certificate... ok" \
4612 -C "received HelloRetryRequest message"
4613
4614requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4615requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4616requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4617requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4618requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4619requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4620run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4621 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4622 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4623 0 \
4624 -c "HTTP/1.0 200 ok" \
4625 -c "Protocol is TLSv1.3" \
4626 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4627 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4628 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4629 -c "Verifying peer X.509 certificate... ok" \
4630 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4631
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4632requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4633requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4634requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4635requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4636requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4637requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4638requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4639run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4640 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4641 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4642 0 \
4643 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4644 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4645 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4646 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4647 -c "NamedGroup: secp521r1 ( 19 )" \
4648 -c "Verifying peer X.509 certificate... ok" \
4649 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4650
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4651requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4652requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4653requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4654requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4655requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4656requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4657run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4658 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4659 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4660 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4661 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4662 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4663 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4664 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4665 -c "NamedGroup: x25519 ( 1d )" \
4666 -c "Verifying peer X.509 certificate... ok" \
4667 -C "received HelloRetryRequest message"
4668
4669requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4670requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4671requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4672requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4673requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4674requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4675run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4676 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4677 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4678 0 \
4679 -c "HTTP/1.0 200 ok" \
4680 -c "Protocol is TLSv1.3" \
4681 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4682 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4683 -c "NamedGroup: x25519 ( 1d )" \
4684 -c "Verifying peer X.509 certificate... ok" \
4685 -C "received HelloRetryRequest message"
4686
4687requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4688requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4689requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4690requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4691requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4692requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4693run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4694 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4695 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4696 0 \
4697 -c "HTTP/1.0 200 ok" \
4698 -c "Protocol is TLSv1.3" \
4699 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4700 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4701 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4702 -c "Verifying peer X.509 certificate... ok" \
4703 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4704
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4705requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4706requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4707requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4708requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4709requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4710requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4711requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4712run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4713 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4714 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4715 0 \
4716 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4717 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4718 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4719 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4720 -c "NamedGroup: x25519 ( 1d )" \
4721 -c "Verifying peer X.509 certificate... ok" \
4722 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4723
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4724requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4725requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4726requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4727requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4728requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4729requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4730run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4731 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4732 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4733 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4734 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4735 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4736 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4737 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4738 -c "NamedGroup: x448 ( 1e )" \
4739 -c "Verifying peer X.509 certificate... ok" \
4740 -C "received HelloRetryRequest message"
4741
4742requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4743requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4744requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4745requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4746requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4747requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4748run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4749 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4750 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4751 0 \
4752 -c "HTTP/1.0 200 ok" \
4753 -c "Protocol is TLSv1.3" \
4754 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4755 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4756 -c "NamedGroup: x448 ( 1e )" \
4757 -c "Verifying peer X.509 certificate... ok" \
4758 -C "received HelloRetryRequest message"
4759
4760requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4761requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4762requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4763requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4764requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4765requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4766run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4767 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4768 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4769 0 \
4770 -c "HTTP/1.0 200 ok" \
4771 -c "Protocol is TLSv1.3" \
4772 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4773 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4774 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4775 -c "Verifying peer X.509 certificate... ok" \
4776 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4777
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4778requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4779requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4780requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4781requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4782requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4783requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4784requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4785run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4786 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4787 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4788 0 \
4789 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4790 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4791 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4792 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4793 -c "NamedGroup: x448 ( 1e )" \
4794 -c "Verifying peer X.509 certificate... ok" \
4795 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4796
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]4797requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4798requires_config_enabled MBEDTLS_SSL_CLI_C
4799requires_config_enabled MBEDTLS_DEBUG_C
4800requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4801requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4802requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]4803requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4804run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4805 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4806 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4807 0 \
4808 -c "HTTP/1.0 200 ok" \
4809 -c "Protocol is TLSv1.3" \
4810 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4811 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4812 -c "NamedGroup: ffdhe2048 ( 100 )" \
4813 -c "Verifying peer X.509 certificate... ok" \
4814 -C "received HelloRetryRequest message"
4815
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]4816requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4817requires_config_enabled MBEDTLS_SSL_CLI_C
4818requires_config_enabled MBEDTLS_DEBUG_C
4819requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4820requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4821requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]4822requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4823run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4824 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4825 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4826 0 \
4827 -c "HTTP/1.0 200 ok" \
4828 -c "Protocol is TLSv1.3" \
4829 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4830 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4831 -c "NamedGroup: ffdhe2048 ( 100 )" \
4832 -c "Verifying peer X.509 certificate... ok" \
4833 -C "received HelloRetryRequest message"
4834
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]4835requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4836requires_config_enabled MBEDTLS_SSL_CLI_C
4837requires_config_enabled MBEDTLS_DEBUG_C
4838requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4839requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4840requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]4841requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4842run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4843 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4844 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4845 0 \
4846 -c "HTTP/1.0 200 ok" \
4847 -c "Protocol is TLSv1.3" \
4848 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4849 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4850 -c "NamedGroup: ffdhe2048 ( 100 )" \
4851 -c "Verifying peer X.509 certificate... ok" \
4852 -C "received HelloRetryRequest message"
4853
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]4854requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4855requires_config_enabled MBEDTLS_SSL_CLI_C
4856requires_config_enabled MBEDTLS_DEBUG_C
4857requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4858requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4859requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4860requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]4861requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4862run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4863 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4864 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4865 0 \
4866 -c "HTTP/1.0 200 ok" \
4867 -c "Protocol is TLSv1.3" \
4868 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4869 -c "Certificate Verify: Signature algorithm ( 0804 )" \
4870 -c "NamedGroup: ffdhe2048 ( 100 )" \
4871 -c "Verifying peer X.509 certificate... ok" \
4872 -C "received HelloRetryRequest message"
4873
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4874requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4875requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4876requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4877requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4878requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4879requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4880run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4881 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4882 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4883 0 \
4884 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4885 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4886 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4887 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4888 -c "NamedGroup: secp256r1 ( 17 )" \
4889 -c "Verifying peer X.509 certificate... ok" \
4890 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4891
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4892requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4893requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4894requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4895requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4896requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4897requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4898run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4899 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4900 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4901 0 \
4902 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4903 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4904 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4905 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4906 -c "NamedGroup: secp256r1 ( 17 )" \
4907 -c "Verifying peer X.509 certificate... ok" \
4908 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4909
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4910requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4911requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4912requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4913requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4914requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4915requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4916run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4917 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4918 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4919 0 \
4920 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4921 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4922 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4923 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4924 -c "NamedGroup: secp256r1 ( 17 )" \
4925 -c "Verifying peer X.509 certificate... ok" \
4926 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4927
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4928requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4929requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4930requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4931requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4932requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4933requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4934requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4935run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4936 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4937 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4938 0 \
4939 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4940 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4941 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4942 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4943 -c "NamedGroup: secp256r1 ( 17 )" \
4944 -c "Verifying peer X.509 certificate... ok" \
4945 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4946
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4947requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4948requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4949requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4950requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4951requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4952requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4953run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4954 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4955 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4956 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4957 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4958 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4959 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4960 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4961 -c "NamedGroup: secp384r1 ( 18 )" \
4962 -c "Verifying peer X.509 certificate... ok" \
4963 -C "received HelloRetryRequest message"
4964
4965requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4966requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4967requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4968requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4969requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4970requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4971run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4972 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4973 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4974 0 \
4975 -c "HTTP/1.0 200 ok" \
4976 -c "Protocol is TLSv1.3" \
4977 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4978 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4979 -c "NamedGroup: secp384r1 ( 18 )" \
4980 -c "Verifying peer X.509 certificate... ok" \
4981 -C "received HelloRetryRequest message"
4982
4983requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4984requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4985requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4986requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4987requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4988requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4989run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]4990 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4991 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4992 0 \
4993 -c "HTTP/1.0 200 ok" \
4994 -c "Protocol is TLSv1.3" \
4995 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4996 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4997 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4998 -c "Verifying peer X.509 certificate... ok" \
4999 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5000
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5001requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5002requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5003requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5004requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5005requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5006requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5007requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5008run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5009 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5010 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5011 0 \
5012 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5013 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5014 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5015 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5016 -c "NamedGroup: secp384r1 ( 18 )" \
5017 -c "Verifying peer X.509 certificate... ok" \
5018 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5019
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5020requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5021requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5022requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5023requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5024requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5025requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5026run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5027 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5028 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5029 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5030 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5031 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5032 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5033 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5034 -c "NamedGroup: secp521r1 ( 19 )" \
5035 -c "Verifying peer X.509 certificate... ok" \
5036 -C "received HelloRetryRequest message"
5037
5038requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5039requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5040requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5041requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5042requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5043requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5044run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5045 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5046 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5047 0 \
5048 -c "HTTP/1.0 200 ok" \
5049 -c "Protocol is TLSv1.3" \
5050 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5051 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5052 -c "NamedGroup: secp521r1 ( 19 )" \
5053 -c "Verifying peer X.509 certificate... ok" \
5054 -C "received HelloRetryRequest message"
5055
5056requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5057requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5058requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5059requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5060requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5061requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5062run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5063 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5064 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5065 0 \
5066 -c "HTTP/1.0 200 ok" \
5067 -c "Protocol is TLSv1.3" \
5068 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5069 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5070 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5071 -c "Verifying peer X.509 certificate... ok" \
5072 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5073
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5074requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5075requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5076requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5077requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5078requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5079requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5080requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5081run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5082 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5083 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5084 0 \
5085 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5086 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5087 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5088 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5089 -c "NamedGroup: secp521r1 ( 19 )" \
5090 -c "Verifying peer X.509 certificate... ok" \
5091 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5092
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5093requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5094requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5095requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5096requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5097requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5098requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5099run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5100 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5101 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5102 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5103 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5104 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5105 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5106 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5107 -c "NamedGroup: x25519 ( 1d )" \
5108 -c "Verifying peer X.509 certificate... ok" \
5109 -C "received HelloRetryRequest message"
5110
5111requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5112requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5113requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5114requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5115requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5116requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5117run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5118 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5119 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5120 0 \
5121 -c "HTTP/1.0 200 ok" \
5122 -c "Protocol is TLSv1.3" \
5123 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5124 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5125 -c "NamedGroup: x25519 ( 1d )" \
5126 -c "Verifying peer X.509 certificate... ok" \
5127 -C "received HelloRetryRequest message"
5128
5129requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5130requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5131requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5132requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5133requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5134requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5135run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5136 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5137 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5138 0 \
5139 -c "HTTP/1.0 200 ok" \
5140 -c "Protocol is TLSv1.3" \
5141 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5142 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5143 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5144 -c "Verifying peer X.509 certificate... ok" \
5145 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5146
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5147requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5148requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5149requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5150requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5151requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5152requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5153requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5154run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5155 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5156 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5157 0 \
5158 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5159 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5160 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5161 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5162 -c "NamedGroup: x25519 ( 1d )" \
5163 -c "Verifying peer X.509 certificate... ok" \
5164 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5165
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5166requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5167requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5168requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5169requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5170requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5171requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5172run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5173 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5174 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5175 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5176 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5177 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5178 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5179 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5180 -c "NamedGroup: x448 ( 1e )" \
5181 -c "Verifying peer X.509 certificate... ok" \
5182 -C "received HelloRetryRequest message"
5183
5184requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5185requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5186requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5187requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5188requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5189requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5190run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5191 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5192 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5193 0 \
5194 -c "HTTP/1.0 200 ok" \
5195 -c "Protocol is TLSv1.3" \
5196 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5197 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5198 -c "NamedGroup: x448 ( 1e )" \
5199 -c "Verifying peer X.509 certificate... ok" \
5200 -C "received HelloRetryRequest message"
5201
5202requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5203requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5204requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5205requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5206requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5207requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5208run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5209 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5210 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5211 0 \
5212 -c "HTTP/1.0 200 ok" \
5213 -c "Protocol is TLSv1.3" \
5214 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5215 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5216 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5217 -c "Verifying peer X.509 certificate... ok" \
5218 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5219
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5220requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5221requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5222requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5223requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5224requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5225requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5226requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5227run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5228 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5229 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5230 0 \
5231 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5232 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5233 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5234 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5235 -c "NamedGroup: x448 ( 1e )" \
5236 -c "Verifying peer X.509 certificate... ok" \
5237 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5238
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]5239requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5240requires_config_enabled MBEDTLS_SSL_CLI_C
5241requires_config_enabled MBEDTLS_DEBUG_C
5242requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5243requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5244requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]5245requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5246run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5247 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5248 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5249 0 \
5250 -c "HTTP/1.0 200 ok" \
5251 -c "Protocol is TLSv1.3" \
5252 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5253 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5254 -c "NamedGroup: ffdhe2048 ( 100 )" \
5255 -c "Verifying peer X.509 certificate... ok" \
5256 -C "received HelloRetryRequest message"
5257
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]5258requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5259requires_config_enabled MBEDTLS_SSL_CLI_C
5260requires_config_enabled MBEDTLS_DEBUG_C
5261requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5262requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5263requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]5264requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5265run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5266 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5267 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5268 0 \
5269 -c "HTTP/1.0 200 ok" \
5270 -c "Protocol is TLSv1.3" \
5271 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5272 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5273 -c "NamedGroup: ffdhe2048 ( 100 )" \
5274 -c "Verifying peer X.509 certificate... ok" \
5275 -C "received HelloRetryRequest message"
5276
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]5277requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5278requires_config_enabled MBEDTLS_SSL_CLI_C
5279requires_config_enabled MBEDTLS_DEBUG_C
5280requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5281requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5282requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]5283requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5284run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5285 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5286 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5287 0 \
5288 -c "HTTP/1.0 200 ok" \
5289 -c "Protocol is TLSv1.3" \
5290 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5291 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5292 -c "NamedGroup: ffdhe2048 ( 100 )" \
5293 -c "Verifying peer X.509 certificate... ok" \
5294 -C "received HelloRetryRequest message"
5295
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]5296requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5297requires_config_enabled MBEDTLS_SSL_CLI_C
5298requires_config_enabled MBEDTLS_DEBUG_C
5299requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5300requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5301requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5302requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]5303requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5304run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5305 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5306 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5307 0 \
5308 -c "HTTP/1.0 200 ok" \
5309 -c "Protocol is TLSv1.3" \
5310 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5311 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5312 -c "NamedGroup: ffdhe2048 ( 100 )" \
5313 -c "Verifying peer X.509 certificate... ok" \
5314 -C "received HelloRetryRequest message"
5315
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5316requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5317requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5318requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5319requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5320requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5321requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5322run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5323 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5324 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5325 0 \
5326 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5327 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5328 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5329 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5330 -c "NamedGroup: secp256r1 ( 17 )" \
5331 -c "Verifying peer X.509 certificate... ok" \
5332 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5333
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5334requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5335requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5336requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5337requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5338requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5339requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5340run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5341 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5342 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5343 0 \
5344 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5345 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5346 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5347 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5348 -c "NamedGroup: secp256r1 ( 17 )" \
5349 -c "Verifying peer X.509 certificate... ok" \
5350 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5351
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5352requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5353requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5354requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5355requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5356requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5357requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5358run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5359 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5360 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5361 0 \
5362 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5363 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5364 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5365 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5366 -c "NamedGroup: secp256r1 ( 17 )" \
5367 -c "Verifying peer X.509 certificate... ok" \
5368 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5369
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5370requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5371requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5372requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5373requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5374requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5375requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5376requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5377run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5378 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5379 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5380 0 \
5381 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5382 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5383 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5384 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5385 -c "NamedGroup: secp256r1 ( 17 )" \
5386 -c "Verifying peer X.509 certificate... ok" \
5387 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5388
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5389requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5390requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5391requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5392requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5393requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5394requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5395run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5396 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5397 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5398 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5399 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5400 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5401 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5402 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5403 -c "NamedGroup: secp384r1 ( 18 )" \
5404 -c "Verifying peer X.509 certificate... ok" \
5405 -C "received HelloRetryRequest message"
5406
5407requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5408requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5409requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5410requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5411requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5412requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5413run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5414 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5415 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5416 0 \
5417 -c "HTTP/1.0 200 ok" \
5418 -c "Protocol is TLSv1.3" \
5419 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5420 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5421 -c "NamedGroup: secp384r1 ( 18 )" \
5422 -c "Verifying peer X.509 certificate... ok" \
5423 -C "received HelloRetryRequest message"
5424
5425requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5426requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5427requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5428requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5429requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5430requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5431run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5432 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5433 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5434 0 \
5435 -c "HTTP/1.0 200 ok" \
5436 -c "Protocol is TLSv1.3" \
5437 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5438 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5439 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5440 -c "Verifying peer X.509 certificate... ok" \
5441 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5442
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5443requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5444requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5445requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5446requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5447requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5448requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5449requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5450run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5451 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5452 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5453 0 \
5454 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5455 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5456 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5457 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5458 -c "NamedGroup: secp384r1 ( 18 )" \
5459 -c "Verifying peer X.509 certificate... ok" \
5460 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5461
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5462requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5463requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5464requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5465requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5466requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5467requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5468run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5469 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5470 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5471 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5472 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5473 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5474 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5475 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5476 -c "NamedGroup: secp521r1 ( 19 )" \
5477 -c "Verifying peer X.509 certificate... ok" \
5478 -C "received HelloRetryRequest message"
5479
5480requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5481requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5482requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5483requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5484requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5485requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5486run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5487 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5488 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5489 0 \
5490 -c "HTTP/1.0 200 ok" \
5491 -c "Protocol is TLSv1.3" \
5492 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5493 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5494 -c "NamedGroup: secp521r1 ( 19 )" \
5495 -c "Verifying peer X.509 certificate... ok" \
5496 -C "received HelloRetryRequest message"
5497
5498requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5499requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5500requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5501requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5502requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5503requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5504run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5505 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5506 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5507 0 \
5508 -c "HTTP/1.0 200 ok" \
5509 -c "Protocol is TLSv1.3" \
5510 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5511 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5512 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5513 -c "Verifying peer X.509 certificate... ok" \
5514 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5515
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5516requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5517requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5518requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5519requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5520requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5521requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5522requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5523run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5524 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5525 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5526 0 \
5527 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5528 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5529 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5530 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5531 -c "NamedGroup: secp521r1 ( 19 )" \
5532 -c "Verifying peer X.509 certificate... ok" \
5533 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5534
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5535requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5536requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5537requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5538requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5539requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5540requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5541run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5542 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5543 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5544 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5545 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5546 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5547 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5548 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5549 -c "NamedGroup: x25519 ( 1d )" \
5550 -c "Verifying peer X.509 certificate... ok" \
5551 -C "received HelloRetryRequest message"
5552
5553requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5554requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5555requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5556requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5557requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5558requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5559run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5560 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5561 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5562 0 \
5563 -c "HTTP/1.0 200 ok" \
5564 -c "Protocol is TLSv1.3" \
5565 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5566 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5567 -c "NamedGroup: x25519 ( 1d )" \
5568 -c "Verifying peer X.509 certificate... ok" \
5569 -C "received HelloRetryRequest message"
5570
5571requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5572requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5573requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5574requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5575requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5576requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5577run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5578 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5579 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5580 0 \
5581 -c "HTTP/1.0 200 ok" \
5582 -c "Protocol is TLSv1.3" \
5583 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5584 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5585 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5586 -c "Verifying peer X.509 certificate... ok" \
5587 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5588
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5589requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5590requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5591requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5592requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5593requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5594requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5595requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5596run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5597 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5598 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5599 0 \
5600 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5601 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5602 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5603 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5604 -c "NamedGroup: x25519 ( 1d )" \
5605 -c "Verifying peer X.509 certificate... ok" \
5606 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5607
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5608requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5609requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5610requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5611requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5612requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5613requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5614run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5615 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5616 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5617 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5618 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5619 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5620 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5621 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5622 -c "NamedGroup: x448 ( 1e )" \
5623 -c "Verifying peer X.509 certificate... ok" \
5624 -C "received HelloRetryRequest message"
5625
5626requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5627requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5628requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5629requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5630requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5631requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5632run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5633 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5634 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5635 0 \
5636 -c "HTTP/1.0 200 ok" \
5637 -c "Protocol is TLSv1.3" \
5638 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5639 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5640 -c "NamedGroup: x448 ( 1e )" \
5641 -c "Verifying peer X.509 certificate... ok" \
5642 -C "received HelloRetryRequest message"
5643
5644requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5645requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5646requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5647requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5648requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5649requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5650run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5651 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5652 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5653 0 \
5654 -c "HTTP/1.0 200 ok" \
5655 -c "Protocol is TLSv1.3" \
5656 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5657 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5658 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5659 -c "Verifying peer X.509 certificate... ok" \
5660 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5661
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5662requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5663requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5664requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5665requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5666requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5667requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5668requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5669run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5670 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5671 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5672 0 \
5673 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5674 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5675 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5676 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5677 -c "NamedGroup: x448 ( 1e )" \
5678 -c "Verifying peer X.509 certificate... ok" \
5679 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5680
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]5681requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5682requires_config_enabled MBEDTLS_SSL_CLI_C
5683requires_config_enabled MBEDTLS_DEBUG_C
5684requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5685requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5686requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]5687requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5688run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5689 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5690 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5691 0 \
5692 -c "HTTP/1.0 200 ok" \
5693 -c "Protocol is TLSv1.3" \
5694 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5695 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5696 -c "NamedGroup: ffdhe2048 ( 100 )" \
5697 -c "Verifying peer X.509 certificate... ok" \
5698 -C "received HelloRetryRequest message"
5699
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]5700requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5701requires_config_enabled MBEDTLS_SSL_CLI_C
5702requires_config_enabled MBEDTLS_DEBUG_C
5703requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5704requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5705requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]5706requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5707run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5708 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5709 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5710 0 \
5711 -c "HTTP/1.0 200 ok" \
5712 -c "Protocol is TLSv1.3" \
5713 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5714 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5715 -c "NamedGroup: ffdhe2048 ( 100 )" \
5716 -c "Verifying peer X.509 certificate... ok" \
5717 -C "received HelloRetryRequest message"
5718
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]5719requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5720requires_config_enabled MBEDTLS_SSL_CLI_C
5721requires_config_enabled MBEDTLS_DEBUG_C
5722requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5723requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5724requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]5725requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5726run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5727 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5728 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5729 0 \
5730 -c "HTTP/1.0 200 ok" \
5731 -c "Protocol is TLSv1.3" \
5732 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5733 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5734 -c "NamedGroup: ffdhe2048 ( 100 )" \
5735 -c "Verifying peer X.509 certificate... ok" \
5736 -C "received HelloRetryRequest message"
5737
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]5738requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5739requires_config_enabled MBEDTLS_SSL_CLI_C
5740requires_config_enabled MBEDTLS_DEBUG_C
5741requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5742requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5743requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5744requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]5745requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5746run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5747 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5748 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5749 0 \
5750 -c "HTTP/1.0 200 ok" \
5751 -c "Protocol is TLSv1.3" \
5752 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5753 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5754 -c "NamedGroup: ffdhe2048 ( 100 )" \
5755 -c "Verifying peer X.509 certificate... ok" \
5756 -C "received HelloRetryRequest message"
5757
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5758requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5759requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5760requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5761requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5762requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5763requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5764run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5765 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5766 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5767 0 \
5768 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5769 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5770 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5771 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5772 -c "NamedGroup: secp256r1 ( 17 )" \
5773 -c "Verifying peer X.509 certificate... ok" \
5774 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5775
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5776requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5777requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5778requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5779requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5780requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5781requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5782run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5783 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5784 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5785 0 \
5786 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5787 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5788 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5789 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5790 -c "NamedGroup: secp256r1 ( 17 )" \
5791 -c "Verifying peer X.509 certificate... ok" \
5792 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5793
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5794requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5795requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5796requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5797requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5798requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5799requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5800run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5801 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5802 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5803 0 \
5804 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5805 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5806 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5807 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5808 -c "NamedGroup: secp256r1 ( 17 )" \
5809 -c "Verifying peer X.509 certificate... ok" \
5810 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5811
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5812requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5813requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5814requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5815requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5816requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5817requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5818requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5819run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5820 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5821 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5822 0 \
5823 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5824 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5825 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5826 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5827 -c "NamedGroup: secp256r1 ( 17 )" \
5828 -c "Verifying peer X.509 certificate... ok" \
5829 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5830
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5831requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5832requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5833requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5834requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5835requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5836requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5837run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5838 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5839 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5840 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5841 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5842 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5843 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5844 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5845 -c "NamedGroup: secp384r1 ( 18 )" \
5846 -c "Verifying peer X.509 certificate... ok" \
5847 -C "received HelloRetryRequest message"
5848
5849requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5850requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5851requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5852requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5853requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5854requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5855run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5856 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5857 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5858 0 \
5859 -c "HTTP/1.0 200 ok" \
5860 -c "Protocol is TLSv1.3" \
5861 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5862 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5863 -c "NamedGroup: secp384r1 ( 18 )" \
5864 -c "Verifying peer X.509 certificate... ok" \
5865 -C "received HelloRetryRequest message"
5866
5867requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5868requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5869requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5870requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5871requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5872requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5873run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5874 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5875 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5876 0 \
5877 -c "HTTP/1.0 200 ok" \
5878 -c "Protocol is TLSv1.3" \
5879 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5880 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5881 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5882 -c "Verifying peer X.509 certificate... ok" \
5883 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5884
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5885requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5886requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5887requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5888requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5889requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5890requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5891requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5892run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5893 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5894 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5895 0 \
5896 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5897 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5898 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5899 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5900 -c "NamedGroup: secp384r1 ( 18 )" \
5901 -c "Verifying peer X.509 certificate... ok" \
5902 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5903
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5904requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5905requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5906requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5907requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5908requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5909requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5910run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5911 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5912 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5913 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5914 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5915 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5916 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5917 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5918 -c "NamedGroup: secp521r1 ( 19 )" \
5919 -c "Verifying peer X.509 certificate... ok" \
5920 -C "received HelloRetryRequest message"
5921
5922requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5923requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5924requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5925requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5926requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5927requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5928run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5929 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5930 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5931 0 \
5932 -c "HTTP/1.0 200 ok" \
5933 -c "Protocol is TLSv1.3" \
5934 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5935 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5936 -c "NamedGroup: secp521r1 ( 19 )" \
5937 -c "Verifying peer X.509 certificate... ok" \
5938 -C "received HelloRetryRequest message"
5939
5940requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5941requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5942requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5943requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5944requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5945requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5946run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5947 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5948 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5949 0 \
5950 -c "HTTP/1.0 200 ok" \
5951 -c "Protocol is TLSv1.3" \
5952 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5953 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5954 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5955 -c "Verifying peer X.509 certificate... ok" \
5956 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5957
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5958requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5959requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5960requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5961requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5962requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5963requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5964requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5965run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5966 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5967 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5968 0 \
5969 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5970 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5971 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5972 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5973 -c "NamedGroup: secp521r1 ( 19 )" \
5974 -c "Verifying peer X.509 certificate... ok" \
5975 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5976
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5977requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5978requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5979requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5980requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5981requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5982requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5983run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]5984 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5985 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5986 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5987 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5988 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5989 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5990 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5991 -c "NamedGroup: x25519 ( 1d )" \
5992 -c "Verifying peer X.509 certificate... ok" \
5993 -C "received HelloRetryRequest message"
5994
5995requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5996requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5997requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5998requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5999requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6000requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6001run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6002 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6003 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6004 0 \
6005 -c "HTTP/1.0 200 ok" \
6006 -c "Protocol is TLSv1.3" \
6007 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6008 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6009 -c "NamedGroup: x25519 ( 1d )" \
6010 -c "Verifying peer X.509 certificate... ok" \
6011 -C "received HelloRetryRequest message"
6012
6013requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6014requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6015requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6016requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6017requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6018requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6019run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6020 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6021 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6022 0 \
6023 -c "HTTP/1.0 200 ok" \
6024 -c "Protocol is TLSv1.3" \
6025 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6026 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6027 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6028 -c "Verifying peer X.509 certificate... ok" \
6029 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6030
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6031requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6032requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6033requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6034requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6035requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6036requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6037requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6038run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6039 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6040 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6041 0 \
6042 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6043 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6044 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6045 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6046 -c "NamedGroup: x25519 ( 1d )" \
6047 -c "Verifying peer X.509 certificate... ok" \
6048 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6049
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6050requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6051requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6052requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6053requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6054requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6055requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6056run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6057 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6058 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6059 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6060 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6061 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6062 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6063 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6064 -c "NamedGroup: x448 ( 1e )" \
6065 -c "Verifying peer X.509 certificate... ok" \
6066 -C "received HelloRetryRequest message"
6067
6068requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6069requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6070requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6071requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6072requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6073requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6074run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6075 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6076 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6077 0 \
6078 -c "HTTP/1.0 200 ok" \
6079 -c "Protocol is TLSv1.3" \
6080 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6081 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6082 -c "NamedGroup: x448 ( 1e )" \
6083 -c "Verifying peer X.509 certificate... ok" \
6084 -C "received HelloRetryRequest message"
6085
6086requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6087requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6088requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6089requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6090requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6091requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6092run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6093 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6094 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6095 0 \
6096 -c "HTTP/1.0 200 ok" \
6097 -c "Protocol is TLSv1.3" \
6098 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6099 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6100 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6101 -c "Verifying peer X.509 certificate... ok" \
6102 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6103
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6104requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6105requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6106requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6107requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6108requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6109requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6110requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6111run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6112 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6113 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6114 0 \
6115 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6116 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6117 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6118 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6119 -c "NamedGroup: x448 ( 1e )" \
6120 -c "Verifying peer X.509 certificate... ok" \
6121 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6122
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]6123requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6124requires_config_enabled MBEDTLS_SSL_CLI_C
6125requires_config_enabled MBEDTLS_DEBUG_C
6126requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6127requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6128requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]6129requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6130run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6131 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6132 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6133 0 \
6134 -c "HTTP/1.0 200 ok" \
6135 -c "Protocol is TLSv1.3" \
6136 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6137 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6138 -c "NamedGroup: ffdhe2048 ( 100 )" \
6139 -c "Verifying peer X.509 certificate... ok" \
6140 -C "received HelloRetryRequest message"
6141
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]6142requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6143requires_config_enabled MBEDTLS_SSL_CLI_C
6144requires_config_enabled MBEDTLS_DEBUG_C
6145requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6146requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6147requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]6148requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6149run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6150 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6151 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6152 0 \
6153 -c "HTTP/1.0 200 ok" \
6154 -c "Protocol is TLSv1.3" \
6155 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6156 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6157 -c "NamedGroup: ffdhe2048 ( 100 )" \
6158 -c "Verifying peer X.509 certificate... ok" \
6159 -C "received HelloRetryRequest message"
6160
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]6161requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6162requires_config_enabled MBEDTLS_SSL_CLI_C
6163requires_config_enabled MBEDTLS_DEBUG_C
6164requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6165requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6166requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]6167requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6168run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6169 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6170 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6171 0 \
6172 -c "HTTP/1.0 200 ok" \
6173 -c "Protocol is TLSv1.3" \
6174 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6175 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6176 -c "NamedGroup: ffdhe2048 ( 100 )" \
6177 -c "Verifying peer X.509 certificate... ok" \
6178 -C "received HelloRetryRequest message"
6179
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]6180requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6181requires_config_enabled MBEDTLS_SSL_CLI_C
6182requires_config_enabled MBEDTLS_DEBUG_C
6183requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6184requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6185requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6186requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]6187requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6188run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6189 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6190 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6191 0 \
6192 -c "HTTP/1.0 200 ok" \
6193 -c "Protocol is TLSv1.3" \
6194 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6195 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6196 -c "NamedGroup: ffdhe2048 ( 100 )" \
6197 -c "Verifying peer X.509 certificate... ok" \
6198 -C "received HelloRetryRequest message"
6199
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6200requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6201requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6202requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6203requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6204requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6205requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6206run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6207 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6208 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6209 0 \
6210 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6211 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6212 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6213 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6214 -c "NamedGroup: secp256r1 ( 17 )" \
6215 -c "Verifying peer X.509 certificate... ok" \
6216 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6217
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6218requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6219requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6220requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6221requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6222requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6223requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6224run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6225 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6226 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6227 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6228 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6229 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6230 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6231 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6232 -c "NamedGroup: secp256r1 ( 17 )" \
6233 -c "Verifying peer X.509 certificate... ok" \
6234 -C "received HelloRetryRequest message"
6235
6236requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6237requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6238requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6239requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6240requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6241requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6242run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6243 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6244 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6245 0 \
6246 -c "HTTP/1.0 200 ok" \
6247 -c "Protocol is TLSv1.3" \
6248 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6249 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6250 -c "NamedGroup: secp256r1 ( 17 )" \
6251 -c "Verifying peer X.509 certificate... ok" \
6252 -C "received HelloRetryRequest message"
6253
6254requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6255requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6256requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6257requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6258requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6259requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6260requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6261run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6262 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6263 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6264 0 \
6265 -c "HTTP/1.0 200 ok" \
6266 -c "Protocol is TLSv1.3" \
6267 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6268 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6269 -c "NamedGroup: secp256r1 ( 17 )" \
6270 -c "Verifying peer X.509 certificate... ok" \
6271 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6272
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6273requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6274requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6275requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6276requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6277requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6278requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6279run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6280 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6281 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6282 0 \
6283 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6284 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6285 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6286 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6287 -c "NamedGroup: secp384r1 ( 18 )" \
6288 -c "Verifying peer X.509 certificate... ok" \
6289 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6290
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6291requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6292requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6293requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6294requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6295requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6296requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6297run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6298 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6299 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6300 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6301 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6302 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6303 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6304 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6305 -c "NamedGroup: secp384r1 ( 18 )" \
6306 -c "Verifying peer X.509 certificate... ok" \
6307 -C "received HelloRetryRequest message"
6308
6309requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6310requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6311requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6312requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6313requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6314requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6315run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6316 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6317 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6318 0 \
6319 -c "HTTP/1.0 200 ok" \
6320 -c "Protocol is TLSv1.3" \
6321 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6322 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6323 -c "NamedGroup: secp384r1 ( 18 )" \
6324 -c "Verifying peer X.509 certificate... ok" \
6325 -C "received HelloRetryRequest message"
6326
6327requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6328requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6329requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6331requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6332requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6333requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6334run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6335 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6336 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6337 0 \
6338 -c "HTTP/1.0 200 ok" \
6339 -c "Protocol is TLSv1.3" \
6340 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6341 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6342 -c "NamedGroup: secp384r1 ( 18 )" \
6343 -c "Verifying peer X.509 certificate... ok" \
6344 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6345
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6346requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6347requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6348requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6349requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6350requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6351requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6352run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6353 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6354 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6355 0 \
6356 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6357 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6358 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6359 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6360 -c "NamedGroup: secp521r1 ( 19 )" \
6361 -c "Verifying peer X.509 certificate... ok" \
6362 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6363
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6364requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6365requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6366requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6367requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6368requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6369requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6370run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6371 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6372 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6373 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6374 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6375 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6376 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6377 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6378 -c "NamedGroup: secp521r1 ( 19 )" \
6379 -c "Verifying peer X.509 certificate... ok" \
6380 -C "received HelloRetryRequest message"
6381
6382requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6383requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6384requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6385requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6386requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6387requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6388run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6389 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6390 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6391 0 \
6392 -c "HTTP/1.0 200 ok" \
6393 -c "Protocol is TLSv1.3" \
6394 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6395 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6396 -c "NamedGroup: secp521r1 ( 19 )" \
6397 -c "Verifying peer X.509 certificate... ok" \
6398 -C "received HelloRetryRequest message"
6399
6400requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6401requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6402requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6403requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6404requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6405requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6406requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6407run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6408 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6409 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6410 0 \
6411 -c "HTTP/1.0 200 ok" \
6412 -c "Protocol is TLSv1.3" \
6413 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6414 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6415 -c "NamedGroup: secp521r1 ( 19 )" \
6416 -c "Verifying peer X.509 certificate... ok" \
6417 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6418
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6419requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6420requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6421requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6422requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6423requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6424requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6425run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6426 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6427 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6428 0 \
6429 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6430 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6431 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6432 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6433 -c "NamedGroup: x25519 ( 1d )" \
6434 -c "Verifying peer X.509 certificate... ok" \
6435 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6436
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6437requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6438requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6439requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6440requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6441requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6442requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6443run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6444 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6445 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6446 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6447 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6448 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6449 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6450 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6451 -c "NamedGroup: x25519 ( 1d )" \
6452 -c "Verifying peer X.509 certificate... ok" \
6453 -C "received HelloRetryRequest message"
6454
6455requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6456requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6457requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6458requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6459requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6460requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6461run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6462 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6463 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6464 0 \
6465 -c "HTTP/1.0 200 ok" \
6466 -c "Protocol is TLSv1.3" \
6467 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6468 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6469 -c "NamedGroup: x25519 ( 1d )" \
6470 -c "Verifying peer X.509 certificate... ok" \
6471 -C "received HelloRetryRequest message"
6472
6473requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6474requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6475requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6476requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6477requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6478requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6479requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6480run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6481 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6482 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6483 0 \
6484 -c "HTTP/1.0 200 ok" \
6485 -c "Protocol is TLSv1.3" \
6486 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6487 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6488 -c "NamedGroup: x25519 ( 1d )" \
6489 -c "Verifying peer X.509 certificate... ok" \
6490 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6491
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6492requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6493requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6494requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6495requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6496requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6497requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6498run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6499 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6500 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6501 0 \
6502 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6503 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6504 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6505 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6506 -c "NamedGroup: x448 ( 1e )" \
6507 -c "Verifying peer X.509 certificate... ok" \
6508 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6509
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6510requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6511requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6512requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6513requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6514requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6515requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6516run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6517 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6518 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6519 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6520 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6521 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6522 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6523 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6524 -c "NamedGroup: x448 ( 1e )" \
6525 -c "Verifying peer X.509 certificate... ok" \
6526 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6527
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6528requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6529requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6530requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6531requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6532requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6533requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6534run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6535 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6536 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6537 0 \
6538 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6539 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6540 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6541 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6542 -c "NamedGroup: x448 ( 1e )" \
6543 -c "Verifying peer X.509 certificate... ok" \
6544 -C "received HelloRetryRequest message"
6545
6546requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6547requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6548requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6549requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6550requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6551requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6552requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6553run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6554 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6555 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6556 0 \
6557 -c "HTTP/1.0 200 ok" \
6558 -c "Protocol is TLSv1.3" \
6559 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6560 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6561 -c "NamedGroup: x448 ( 1e )" \
6562 -c "Verifying peer X.509 certificate... ok" \
6563 -C "received HelloRetryRequest message"
6564
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]6565requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6566requires_config_enabled MBEDTLS_SSL_CLI_C
6567requires_config_enabled MBEDTLS_DEBUG_C
6568requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6569requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6570requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]6571requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6572run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6573 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6574 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6575 0 \
6576 -c "HTTP/1.0 200 ok" \
6577 -c "Protocol is TLSv1.3" \
6578 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6579 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6580 -c "NamedGroup: ffdhe2048 ( 100 )" \
6581 -c "Verifying peer X.509 certificate... ok" \
6582 -C "received HelloRetryRequest message"
6583
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]6584requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6585requires_config_enabled MBEDTLS_SSL_CLI_C
6586requires_config_enabled MBEDTLS_DEBUG_C
6587requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6588requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6589requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]6590requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6591run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6592 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6593 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6594 0 \
6595 -c "HTTP/1.0 200 ok" \
6596 -c "Protocol is TLSv1.3" \
6597 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6598 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6599 -c "NamedGroup: ffdhe2048 ( 100 )" \
6600 -c "Verifying peer X.509 certificate... ok" \
6601 -C "received HelloRetryRequest message"
6602
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]6603requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6604requires_config_enabled MBEDTLS_SSL_CLI_C
6605requires_config_enabled MBEDTLS_DEBUG_C
6606requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6607requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6608requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]6609requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6610run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6611 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6612 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6613 0 \
6614 -c "HTTP/1.0 200 ok" \
6615 -c "Protocol is TLSv1.3" \
6616 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6617 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6618 -c "NamedGroup: ffdhe2048 ( 100 )" \
6619 -c "Verifying peer X.509 certificate... ok" \
6620 -C "received HelloRetryRequest message"
6621
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]6622requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6623requires_config_enabled MBEDTLS_SSL_CLI_C
6624requires_config_enabled MBEDTLS_DEBUG_C
6625requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6626requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6627requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6628requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]6629requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6630run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6631 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6632 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6633 0 \
6634 -c "HTTP/1.0 200 ok" \
6635 -c "Protocol is TLSv1.3" \
6636 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6637 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6638 -c "NamedGroup: ffdhe2048 ( 100 )" \
6639 -c "Verifying peer X.509 certificate... ok" \
6640 -C "received HelloRetryRequest message"
6641
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6642requires_gnutls_tls1_3
6643requires_gnutls_next_no_ticket
6644requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6645requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6646requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6647requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6648requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6649requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6650run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6651 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
6652 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6653 0 \
6654 -c "HTTP/1.0 200 OK" \
6655 -c "Protocol is TLSv1.3" \
6656 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6657 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6658 -c "NamedGroup: secp256r1 ( 17 )" \
6659 -c "Verifying peer X.509 certificate... ok" \
6660 -C "received HelloRetryRequest message"
6661
6662requires_gnutls_tls1_3
6663requires_gnutls_next_no_ticket
6664requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6665requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6666requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6667requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6668requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6669requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6670run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6671 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
6672 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6673 0 \
6674 -c "HTTP/1.0 200 OK" \
6675 -c "Protocol is TLSv1.3" \
6676 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6677 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6678 -c "NamedGroup: secp256r1 ( 17 )" \
6679 -c "Verifying peer X.509 certificate... ok" \
6680 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6681
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6682requires_gnutls_tls1_3
6683requires_gnutls_next_no_ticket
6684requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6685requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6686requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6687requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6688requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6689requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6690run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6691 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
6692 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6693 0 \
6694 -c "HTTP/1.0 200 OK" \
6695 -c "Protocol is TLSv1.3" \
6696 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6697 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6698 -c "NamedGroup: secp256r1 ( 17 )" \
6699 -c "Verifying peer X.509 certificate... ok" \
6700 -C "received HelloRetryRequest message"
6701
6702requires_gnutls_tls1_3
6703requires_gnutls_next_no_ticket
6704requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6705requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6706requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6707requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6708requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6709requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6710requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6711run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6712 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
6713 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6714 0 \
6715 -c "HTTP/1.0 200 OK" \
6716 -c "Protocol is TLSv1.3" \
6717 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6718 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6719 -c "NamedGroup: secp256r1 ( 17 )" \
6720 -c "Verifying peer X.509 certificate... ok" \
6721 -C "received HelloRetryRequest message"
6722
6723requires_gnutls_tls1_3
6724requires_gnutls_next_no_ticket
6725requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6726requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6727requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6728requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6729requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6730requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6731run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6732 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
6733 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6734 0 \
6735 -c "HTTP/1.0 200 OK" \
6736 -c "Protocol is TLSv1.3" \
6737 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6738 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6739 -c "NamedGroup: secp384r1 ( 18 )" \
6740 -c "Verifying peer X.509 certificate... ok" \
6741 -C "received HelloRetryRequest message"
6742
6743requires_gnutls_tls1_3
6744requires_gnutls_next_no_ticket
6745requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6746requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6747requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6748requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6749requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6750requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6751run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6752 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
6753 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6754 0 \
6755 -c "HTTP/1.0 200 OK" \
6756 -c "Protocol is TLSv1.3" \
6757 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6758 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6759 -c "NamedGroup: secp384r1 ( 18 )" \
6760 -c "Verifying peer X.509 certificate... ok" \
6761 -C "received HelloRetryRequest message"
6762
6763requires_gnutls_tls1_3
6764requires_gnutls_next_no_ticket
6765requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6766requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6767requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6768requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6769requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6770requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6771run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6772 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
6773 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6774 0 \
6775 -c "HTTP/1.0 200 OK" \
6776 -c "Protocol is TLSv1.3" \
6777 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6778 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6779 -c "NamedGroup: secp384r1 ( 18 )" \
6780 -c "Verifying peer X.509 certificate... ok" \
6781 -C "received HelloRetryRequest message"
6782
6783requires_gnutls_tls1_3
6784requires_gnutls_next_no_ticket
6785requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6786requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6787requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6788requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6789requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6790requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6791requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6792run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6793 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
6794 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6795 0 \
6796 -c "HTTP/1.0 200 OK" \
6797 -c "Protocol is TLSv1.3" \
6798 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6799 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6800 -c "NamedGroup: secp384r1 ( 18 )" \
6801 -c "Verifying peer X.509 certificate... ok" \
6802 -C "received HelloRetryRequest message"
6803
6804requires_gnutls_tls1_3
6805requires_gnutls_next_no_ticket
6806requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6807requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6808requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6809requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6810requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6811requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6812run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6813 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
6814 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6815 0 \
6816 -c "HTTP/1.0 200 OK" \
6817 -c "Protocol is TLSv1.3" \
6818 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6819 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6820 -c "NamedGroup: secp521r1 ( 19 )" \
6821 -c "Verifying peer X.509 certificate... ok" \
6822 -C "received HelloRetryRequest message"
6823
6824requires_gnutls_tls1_3
6825requires_gnutls_next_no_ticket
6826requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6827requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6828requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6829requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6830requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6831requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6832run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6833 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
6834 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6835 0 \
6836 -c "HTTP/1.0 200 OK" \
6837 -c "Protocol is TLSv1.3" \
6838 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6839 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6840 -c "NamedGroup: secp521r1 ( 19 )" \
6841 -c "Verifying peer X.509 certificate... ok" \
6842 -C "received HelloRetryRequest message"
6843
6844requires_gnutls_tls1_3
6845requires_gnutls_next_no_ticket
6846requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6847requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6848requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6849requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6850requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6851requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6852run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6853 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
6854 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6855 0 \
6856 -c "HTTP/1.0 200 OK" \
6857 -c "Protocol is TLSv1.3" \
6858 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6859 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6860 -c "NamedGroup: secp521r1 ( 19 )" \
6861 -c "Verifying peer X.509 certificate... ok" \
6862 -C "received HelloRetryRequest message"
6863
6864requires_gnutls_tls1_3
6865requires_gnutls_next_no_ticket
6866requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6867requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6868requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6869requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6870requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6871requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6872requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6873run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6874 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
6875 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6876 0 \
6877 -c "HTTP/1.0 200 OK" \
6878 -c "Protocol is TLSv1.3" \
6879 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6880 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6881 -c "NamedGroup: secp521r1 ( 19 )" \
6882 -c "Verifying peer X.509 certificate... ok" \
6883 -C "received HelloRetryRequest message"
6884
6885requires_gnutls_tls1_3
6886requires_gnutls_next_no_ticket
6887requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6888requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6889requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6890requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6891requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6892requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6893run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6894 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
6895 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6896 0 \
6897 -c "HTTP/1.0 200 OK" \
6898 -c "Protocol is TLSv1.3" \
6899 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6900 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6901 -c "NamedGroup: x25519 ( 1d )" \
6902 -c "Verifying peer X.509 certificate... ok" \
6903 -C "received HelloRetryRequest message"
6904
6905requires_gnutls_tls1_3
6906requires_gnutls_next_no_ticket
6907requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6908requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6909requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6910requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6911requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6912requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6913run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6914 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
6915 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6916 0 \
6917 -c "HTTP/1.0 200 OK" \
6918 -c "Protocol is TLSv1.3" \
6919 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6920 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6921 -c "NamedGroup: x25519 ( 1d )" \
6922 -c "Verifying peer X.509 certificate... ok" \
6923 -C "received HelloRetryRequest message"
6924
6925requires_gnutls_tls1_3
6926requires_gnutls_next_no_ticket
6927requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6928requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6929requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6930requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6931requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6932requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6933run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6934 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
6935 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6936 0 \
6937 -c "HTTP/1.0 200 OK" \
6938 -c "Protocol is TLSv1.3" \
6939 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6940 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6941 -c "NamedGroup: x25519 ( 1d )" \
6942 -c "Verifying peer X.509 certificate... ok" \
6943 -C "received HelloRetryRequest message"
6944
6945requires_gnutls_tls1_3
6946requires_gnutls_next_no_ticket
6947requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6948requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6949requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6950requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6951requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6952requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6953requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6954run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6955 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
6956 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6957 0 \
6958 -c "HTTP/1.0 200 OK" \
6959 -c "Protocol is TLSv1.3" \
6960 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6961 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6962 -c "NamedGroup: x25519 ( 1d )" \
6963 -c "Verifying peer X.509 certificate... ok" \
6964 -C "received HelloRetryRequest message"
6965
6966requires_gnutls_tls1_3
6967requires_gnutls_next_no_ticket
6968requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6969requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6970requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6971requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6972requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6973requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6974run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6975 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
6976 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6977 0 \
6978 -c "HTTP/1.0 200 OK" \
6979 -c "Protocol is TLSv1.3" \
6980 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6981 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6982 -c "NamedGroup: x448 ( 1e )" \
6983 -c "Verifying peer X.509 certificate... ok" \
6984 -C "received HelloRetryRequest message"
6985
6986requires_gnutls_tls1_3
6987requires_gnutls_next_no_ticket
6988requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6989requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6990requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6991requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6992requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6993requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6994run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]6995 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
6996 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6997 0 \
6998 -c "HTTP/1.0 200 OK" \
6999 -c "Protocol is TLSv1.3" \
7000 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7001 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7002 -c "NamedGroup: x448 ( 1e )" \
7003 -c "Verifying peer X.509 certificate... ok" \
7004 -C "received HelloRetryRequest message"
7005
7006requires_gnutls_tls1_3
7007requires_gnutls_next_no_ticket
7008requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7009requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7010requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7011requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7012requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7013requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7014run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7015 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
7016 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7017 0 \
7018 -c "HTTP/1.0 200 OK" \
7019 -c "Protocol is TLSv1.3" \
7020 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7021 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7022 -c "NamedGroup: x448 ( 1e )" \
7023 -c "Verifying peer X.509 certificate... ok" \
7024 -C "received HelloRetryRequest message"
7025
7026requires_gnutls_tls1_3
7027requires_gnutls_next_no_ticket
7028requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7029requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7030requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7031requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7032requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7033requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7034requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7035run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7036 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
7037 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7038 0 \
7039 -c "HTTP/1.0 200 OK" \
7040 -c "Protocol is TLSv1.3" \
7041 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7042 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7043 -c "NamedGroup: x448 ( 1e )" \
7044 -c "Verifying peer X.509 certificate... ok" \
7045 -C "received HelloRetryRequest message"
7046
7047requires_gnutls_tls1_3
7048requires_gnutls_next_no_ticket
7049requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7050requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7051requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7052requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7053requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7054requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]7055requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7056run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7057 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7058 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7059 0 \
7060 -c "HTTP/1.0 200 OK" \
7061 -c "Protocol is TLSv1.3" \
7062 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7063 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7064 -c "NamedGroup: ffdhe2048 ( 100 )" \
7065 -c "Verifying peer X.509 certificate... ok" \
7066 -C "received HelloRetryRequest message"
7067
7068requires_gnutls_tls1_3
7069requires_gnutls_next_no_ticket
7070requires_gnutls_next_disable_tls13_compat
7071requires_config_enabled MBEDTLS_SSL_CLI_C
7072requires_config_enabled MBEDTLS_DEBUG_C
7073requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7074requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7075requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]7076requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7077run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7078 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7079 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7080 0 \
7081 -c "HTTP/1.0 200 OK" \
7082 -c "Protocol is TLSv1.3" \
7083 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7084 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7085 -c "NamedGroup: ffdhe2048 ( 100 )" \
7086 -c "Verifying peer X.509 certificate... ok" \
7087 -C "received HelloRetryRequest message"
7088
7089requires_gnutls_tls1_3
7090requires_gnutls_next_no_ticket
7091requires_gnutls_next_disable_tls13_compat
7092requires_config_enabled MBEDTLS_SSL_CLI_C
7093requires_config_enabled MBEDTLS_DEBUG_C
7094requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7095requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7096requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]7097requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7098run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7099 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7100 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7101 0 \
7102 -c "HTTP/1.0 200 OK" \
7103 -c "Protocol is TLSv1.3" \
7104 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7105 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7106 -c "NamedGroup: ffdhe2048 ( 100 )" \
7107 -c "Verifying peer X.509 certificate... ok" \
7108 -C "received HelloRetryRequest message"
7109
7110requires_gnutls_tls1_3
7111requires_gnutls_next_no_ticket
7112requires_gnutls_next_disable_tls13_compat
7113requires_config_enabled MBEDTLS_SSL_CLI_C
7114requires_config_enabled MBEDTLS_DEBUG_C
7115requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7116requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7117requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7118requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]7119requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7120run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7121 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7122 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7123 0 \
7124 -c "HTTP/1.0 200 OK" \
7125 -c "Protocol is TLSv1.3" \
7126 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7127 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7128 -c "NamedGroup: ffdhe2048 ( 100 )" \
7129 -c "Verifying peer X.509 certificate... ok" \
7130 -C "received HelloRetryRequest message"
7131
7132requires_gnutls_tls1_3
7133requires_gnutls_next_no_ticket
7134requires_gnutls_next_disable_tls13_compat
7135requires_config_enabled MBEDTLS_SSL_CLI_C
7136requires_config_enabled MBEDTLS_DEBUG_C
7137requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7138requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7139requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7140run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7141 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
7142 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7143 0 \
7144 -c "HTTP/1.0 200 OK" \
7145 -c "Protocol is TLSv1.3" \
7146 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7147 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7148 -c "NamedGroup: secp256r1 ( 17 )" \
7149 -c "Verifying peer X.509 certificate... ok" \
7150 -C "received HelloRetryRequest message"
7151
7152requires_gnutls_tls1_3
7153requires_gnutls_next_no_ticket
7154requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7155requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7156requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7157requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7158requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7159requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7160run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7161 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
7162 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7163 0 \
7164 -c "HTTP/1.0 200 OK" \
7165 -c "Protocol is TLSv1.3" \
7166 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7167 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7168 -c "NamedGroup: secp256r1 ( 17 )" \
7169 -c "Verifying peer X.509 certificate... ok" \
7170 -C "received HelloRetryRequest message"
7171
7172requires_gnutls_tls1_3
7173requires_gnutls_next_no_ticket
7174requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7175requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7176requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7177requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7178requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7179requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7180run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7181 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
7182 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7183 0 \
7184 -c "HTTP/1.0 200 OK" \
7185 -c "Protocol is TLSv1.3" \
7186 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7187 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7188 -c "NamedGroup: secp256r1 ( 17 )" \
7189 -c "Verifying peer X.509 certificate... ok" \
7190 -C "received HelloRetryRequest message"
7191
7192requires_gnutls_tls1_3
7193requires_gnutls_next_no_ticket
7194requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7195requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7196requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7197requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7198requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7199requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7200requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7201run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7202 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
7203 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7204 0 \
7205 -c "HTTP/1.0 200 OK" \
7206 -c "Protocol is TLSv1.3" \
7207 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7208 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7209 -c "NamedGroup: secp256r1 ( 17 )" \
7210 -c "Verifying peer X.509 certificate... ok" \
7211 -C "received HelloRetryRequest message"
7212
7213requires_gnutls_tls1_3
7214requires_gnutls_next_no_ticket
7215requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7216requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7217requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7218requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7219requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7220requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7221run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7222 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
7223 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7224 0 \
7225 -c "HTTP/1.0 200 OK" \
7226 -c "Protocol is TLSv1.3" \
7227 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7228 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7229 -c "NamedGroup: secp384r1 ( 18 )" \
7230 -c "Verifying peer X.509 certificate... ok" \
7231 -C "received HelloRetryRequest message"
7232
7233requires_gnutls_tls1_3
7234requires_gnutls_next_no_ticket
7235requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7236requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7237requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7238requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7239requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7240requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7241run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7242 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
7243 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7244 0 \
7245 -c "HTTP/1.0 200 OK" \
7246 -c "Protocol is TLSv1.3" \
7247 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7248 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7249 -c "NamedGroup: secp384r1 ( 18 )" \
7250 -c "Verifying peer X.509 certificate... ok" \
7251 -C "received HelloRetryRequest message"
7252
7253requires_gnutls_tls1_3
7254requires_gnutls_next_no_ticket
7255requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7256requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7257requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7258requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7259requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7260requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7261run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7262 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
7263 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7264 0 \
7265 -c "HTTP/1.0 200 OK" \
7266 -c "Protocol is TLSv1.3" \
7267 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7268 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7269 -c "NamedGroup: secp384r1 ( 18 )" \
7270 -c "Verifying peer X.509 certificate... ok" \
7271 -C "received HelloRetryRequest message"
7272
7273requires_gnutls_tls1_3
7274requires_gnutls_next_no_ticket
7275requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7276requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7277requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7278requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7279requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7280requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7281requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7282run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7283 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
7284 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7285 0 \
7286 -c "HTTP/1.0 200 OK" \
7287 -c "Protocol is TLSv1.3" \
7288 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7289 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7290 -c "NamedGroup: secp384r1 ( 18 )" \
7291 -c "Verifying peer X.509 certificate... ok" \
7292 -C "received HelloRetryRequest message"
7293
7294requires_gnutls_tls1_3
7295requires_gnutls_next_no_ticket
7296requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7297requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7298requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7299requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7300requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7301requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7302run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7303 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
7304 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7305 0 \
7306 -c "HTTP/1.0 200 OK" \
7307 -c "Protocol is TLSv1.3" \
7308 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7309 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7310 -c "NamedGroup: secp521r1 ( 19 )" \
7311 -c "Verifying peer X.509 certificate... ok" \
7312 -C "received HelloRetryRequest message"
7313
7314requires_gnutls_tls1_3
7315requires_gnutls_next_no_ticket
7316requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7317requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7318requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7319requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7320requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7321requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7322run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7323 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
7324 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7325 0 \
7326 -c "HTTP/1.0 200 OK" \
7327 -c "Protocol is TLSv1.3" \
7328 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7329 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7330 -c "NamedGroup: secp521r1 ( 19 )" \
7331 -c "Verifying peer X.509 certificate... ok" \
7332 -C "received HelloRetryRequest message"
7333
7334requires_gnutls_tls1_3
7335requires_gnutls_next_no_ticket
7336requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7337requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7338requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7339requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7340requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7341requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7342run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7343 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
7344 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7345 0 \
7346 -c "HTTP/1.0 200 OK" \
7347 -c "Protocol is TLSv1.3" \
7348 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7349 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7350 -c "NamedGroup: secp521r1 ( 19 )" \
7351 -c "Verifying peer X.509 certificate... ok" \
7352 -C "received HelloRetryRequest message"
7353
7354requires_gnutls_tls1_3
7355requires_gnutls_next_no_ticket
7356requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7357requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7358requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7359requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7360requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7361requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7362requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7363run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7364 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
7365 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7366 0 \
7367 -c "HTTP/1.0 200 OK" \
7368 -c "Protocol is TLSv1.3" \
7369 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7370 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7371 -c "NamedGroup: secp521r1 ( 19 )" \
7372 -c "Verifying peer X.509 certificate... ok" \
7373 -C "received HelloRetryRequest message"
7374
7375requires_gnutls_tls1_3
7376requires_gnutls_next_no_ticket
7377requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7378requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7379requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7380requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7381requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7382requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7383run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7384 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
7385 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7386 0 \
7387 -c "HTTP/1.0 200 OK" \
7388 -c "Protocol is TLSv1.3" \
7389 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7390 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7391 -c "NamedGroup: x25519 ( 1d )" \
7392 -c "Verifying peer X.509 certificate... ok" \
7393 -C "received HelloRetryRequest message"
7394
7395requires_gnutls_tls1_3
7396requires_gnutls_next_no_ticket
7397requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7398requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7399requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7400requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7401requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7402requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7403run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7404 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
7405 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7406 0 \
7407 -c "HTTP/1.0 200 OK" \
7408 -c "Protocol is TLSv1.3" \
7409 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7410 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7411 -c "NamedGroup: x25519 ( 1d )" \
7412 -c "Verifying peer X.509 certificate... ok" \
7413 -C "received HelloRetryRequest message"
7414
7415requires_gnutls_tls1_3
7416requires_gnutls_next_no_ticket
7417requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7418requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7419requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7420requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7421requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7422requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7423run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7424 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
7425 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7426 0 \
7427 -c "HTTP/1.0 200 OK" \
7428 -c "Protocol is TLSv1.3" \
7429 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7430 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7431 -c "NamedGroup: x25519 ( 1d )" \
7432 -c "Verifying peer X.509 certificate... ok" \
7433 -C "received HelloRetryRequest message"
7434
7435requires_gnutls_tls1_3
7436requires_gnutls_next_no_ticket
7437requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7438requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7439requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7440requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7441requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7442requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7443requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7444run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7445 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
7446 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7447 0 \
7448 -c "HTTP/1.0 200 OK" \
7449 -c "Protocol is TLSv1.3" \
7450 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7451 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7452 -c "NamedGroup: x25519 ( 1d )" \
7453 -c "Verifying peer X.509 certificate... ok" \
7454 -C "received HelloRetryRequest message"
7455
7456requires_gnutls_tls1_3
7457requires_gnutls_next_no_ticket
7458requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7459requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7460requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7461requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7462requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7463requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7464run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7465 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
7466 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7467 0 \
7468 -c "HTTP/1.0 200 OK" \
7469 -c "Protocol is TLSv1.3" \
7470 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7471 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7472 -c "NamedGroup: x448 ( 1e )" \
7473 -c "Verifying peer X.509 certificate... ok" \
7474 -C "received HelloRetryRequest message"
7475
7476requires_gnutls_tls1_3
7477requires_gnutls_next_no_ticket
7478requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7479requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7480requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7481requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7482requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7483requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7484run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7485 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
7486 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7487 0 \
7488 -c "HTTP/1.0 200 OK" \
7489 -c "Protocol is TLSv1.3" \
7490 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7491 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7492 -c "NamedGroup: x448 ( 1e )" \
7493 -c "Verifying peer X.509 certificate... ok" \
7494 -C "received HelloRetryRequest message"
7495
7496requires_gnutls_tls1_3
7497requires_gnutls_next_no_ticket
7498requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7499requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7500requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7501requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7502requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7503requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7504run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7505 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
7506 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7507 0 \
7508 -c "HTTP/1.0 200 OK" \
7509 -c "Protocol is TLSv1.3" \
7510 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7511 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7512 -c "NamedGroup: x448 ( 1e )" \
7513 -c "Verifying peer X.509 certificate... ok" \
7514 -C "received HelloRetryRequest message"
7515
7516requires_gnutls_tls1_3
7517requires_gnutls_next_no_ticket
7518requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7519requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7520requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7521requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7522requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7523requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7524requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7525run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7526 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
7527 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7528 0 \
7529 -c "HTTP/1.0 200 OK" \
7530 -c "Protocol is TLSv1.3" \
7531 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7532 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7533 -c "NamedGroup: x448 ( 1e )" \
7534 -c "Verifying peer X.509 certificate... ok" \
7535 -C "received HelloRetryRequest message"
7536
7537requires_gnutls_tls1_3
7538requires_gnutls_next_no_ticket
7539requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7540requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7541requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7542requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7543requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7544requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]7545requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7546run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7547 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7548 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7549 0 \
7550 -c "HTTP/1.0 200 OK" \
7551 -c "Protocol is TLSv1.3" \
7552 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7553 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7554 -c "NamedGroup: ffdhe2048 ( 100 )" \
7555 -c "Verifying peer X.509 certificate... ok" \
7556 -C "received HelloRetryRequest message"
7557
7558requires_gnutls_tls1_3
7559requires_gnutls_next_no_ticket
7560requires_gnutls_next_disable_tls13_compat
7561requires_config_enabled MBEDTLS_SSL_CLI_C
7562requires_config_enabled MBEDTLS_DEBUG_C
7563requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7564requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7565requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]7566requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7567run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7568 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7569 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7570 0 \
7571 -c "HTTP/1.0 200 OK" \
7572 -c "Protocol is TLSv1.3" \
7573 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7574 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7575 -c "NamedGroup: ffdhe2048 ( 100 )" \
7576 -c "Verifying peer X.509 certificate... ok" \
7577 -C "received HelloRetryRequest message"
7578
7579requires_gnutls_tls1_3
7580requires_gnutls_next_no_ticket
7581requires_gnutls_next_disable_tls13_compat
7582requires_config_enabled MBEDTLS_SSL_CLI_C
7583requires_config_enabled MBEDTLS_DEBUG_C
7584requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7585requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7586requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]7587requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7588run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7589 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7590 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7591 0 \
7592 -c "HTTP/1.0 200 OK" \
7593 -c "Protocol is TLSv1.3" \
7594 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7595 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7596 -c "NamedGroup: ffdhe2048 ( 100 )" \
7597 -c "Verifying peer X.509 certificate... ok" \
7598 -C "received HelloRetryRequest message"
7599
7600requires_gnutls_tls1_3
7601requires_gnutls_next_no_ticket
7602requires_gnutls_next_disable_tls13_compat
7603requires_config_enabled MBEDTLS_SSL_CLI_C
7604requires_config_enabled MBEDTLS_DEBUG_C
7605requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7606requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7607requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7608requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]7609requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7610run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7611 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7612 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7613 0 \
7614 -c "HTTP/1.0 200 OK" \
7615 -c "Protocol is TLSv1.3" \
7616 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7617 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7618 -c "NamedGroup: ffdhe2048 ( 100 )" \
7619 -c "Verifying peer X.509 certificate... ok" \
7620 -C "received HelloRetryRequest message"
7621
7622requires_gnutls_tls1_3
7623requires_gnutls_next_no_ticket
7624requires_gnutls_next_disable_tls13_compat
7625requires_config_enabled MBEDTLS_SSL_CLI_C
7626requires_config_enabled MBEDTLS_DEBUG_C
7627requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7628requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7629requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7630run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7631 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
7632 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7633 0 \
7634 -c "HTTP/1.0 200 OK" \
7635 -c "Protocol is TLSv1.3" \
7636 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7637 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7638 -c "NamedGroup: secp256r1 ( 17 )" \
7639 -c "Verifying peer X.509 certificate... ok" \
7640 -C "received HelloRetryRequest message"
7641
7642requires_gnutls_tls1_3
7643requires_gnutls_next_no_ticket
7644requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7645requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7646requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7647requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7648requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7649requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7650run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7651 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
7652 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7653 0 \
7654 -c "HTTP/1.0 200 OK" \
7655 -c "Protocol is TLSv1.3" \
7656 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7657 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7658 -c "NamedGroup: secp256r1 ( 17 )" \
7659 -c "Verifying peer X.509 certificate... ok" \
7660 -C "received HelloRetryRequest message"
7661
7662requires_gnutls_tls1_3
7663requires_gnutls_next_no_ticket
7664requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7665requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7666requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7667requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7668requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7669requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7670run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7671 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
7672 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7673 0 \
7674 -c "HTTP/1.0 200 OK" \
7675 -c "Protocol is TLSv1.3" \
7676 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7677 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7678 -c "NamedGroup: secp256r1 ( 17 )" \
7679 -c "Verifying peer X.509 certificate... ok" \
7680 -C "received HelloRetryRequest message"
7681
7682requires_gnutls_tls1_3
7683requires_gnutls_next_no_ticket
7684requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7685requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7686requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7687requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7688requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7689requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7690requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7691run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7692 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
7693 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7694 0 \
7695 -c "HTTP/1.0 200 OK" \
7696 -c "Protocol is TLSv1.3" \
7697 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7698 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7699 -c "NamedGroup: secp256r1 ( 17 )" \
7700 -c "Verifying peer X.509 certificate... ok" \
7701 -C "received HelloRetryRequest message"
7702
7703requires_gnutls_tls1_3
7704requires_gnutls_next_no_ticket
7705requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7706requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7707requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7708requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7709requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7710requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7711run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7712 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
7713 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7714 0 \
7715 -c "HTTP/1.0 200 OK" \
7716 -c "Protocol is TLSv1.3" \
7717 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7718 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7719 -c "NamedGroup: secp384r1 ( 18 )" \
7720 -c "Verifying peer X.509 certificate... ok" \
7721 -C "received HelloRetryRequest message"
7722
7723requires_gnutls_tls1_3
7724requires_gnutls_next_no_ticket
7725requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7726requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7727requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7728requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7729requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7730requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7731run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7732 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
7733 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7734 0 \
7735 -c "HTTP/1.0 200 OK" \
7736 -c "Protocol is TLSv1.3" \
7737 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7738 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7739 -c "NamedGroup: secp384r1 ( 18 )" \
7740 -c "Verifying peer X.509 certificate... ok" \
7741 -C "received HelloRetryRequest message"
7742
7743requires_gnutls_tls1_3
7744requires_gnutls_next_no_ticket
7745requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7746requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7747requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7748requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7749requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7750requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7751run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7752 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
7753 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7754 0 \
7755 -c "HTTP/1.0 200 OK" \
7756 -c "Protocol is TLSv1.3" \
7757 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7758 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7759 -c "NamedGroup: secp384r1 ( 18 )" \
7760 -c "Verifying peer X.509 certificate... ok" \
7761 -C "received HelloRetryRequest message"
7762
7763requires_gnutls_tls1_3
7764requires_gnutls_next_no_ticket
7765requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7766requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7767requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7768requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7769requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7770requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7771requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7772run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7773 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
7774 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7775 0 \
7776 -c "HTTP/1.0 200 OK" \
7777 -c "Protocol is TLSv1.3" \
7778 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7779 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7780 -c "NamedGroup: secp384r1 ( 18 )" \
7781 -c "Verifying peer X.509 certificate... ok" \
7782 -C "received HelloRetryRequest message"
7783
7784requires_gnutls_tls1_3
7785requires_gnutls_next_no_ticket
7786requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7787requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7788requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7789requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7790requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7791requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7792run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7793 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
7794 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7795 0 \
7796 -c "HTTP/1.0 200 OK" \
7797 -c "Protocol is TLSv1.3" \
7798 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7799 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7800 -c "NamedGroup: secp521r1 ( 19 )" \
7801 -c "Verifying peer X.509 certificate... ok" \
7802 -C "received HelloRetryRequest message"
7803
7804requires_gnutls_tls1_3
7805requires_gnutls_next_no_ticket
7806requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7807requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7808requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7809requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7810requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7811requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7812run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7813 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
7814 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7815 0 \
7816 -c "HTTP/1.0 200 OK" \
7817 -c "Protocol is TLSv1.3" \
7818 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7819 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7820 -c "NamedGroup: secp521r1 ( 19 )" \
7821 -c "Verifying peer X.509 certificate... ok" \
7822 -C "received HelloRetryRequest message"
7823
7824requires_gnutls_tls1_3
7825requires_gnutls_next_no_ticket
7826requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7827requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7828requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7829requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7830requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7831requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7832run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7833 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
7834 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7835 0 \
7836 -c "HTTP/1.0 200 OK" \
7837 -c "Protocol is TLSv1.3" \
7838 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7839 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7840 -c "NamedGroup: secp521r1 ( 19 )" \
7841 -c "Verifying peer X.509 certificate... ok" \
7842 -C "received HelloRetryRequest message"
7843
7844requires_gnutls_tls1_3
7845requires_gnutls_next_no_ticket
7846requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7847requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7848requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7849requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7850requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7851requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7852requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7853run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7854 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
7855 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7856 0 \
7857 -c "HTTP/1.0 200 OK" \
7858 -c "Protocol is TLSv1.3" \
7859 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7860 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7861 -c "NamedGroup: secp521r1 ( 19 )" \
7862 -c "Verifying peer X.509 certificate... ok" \
7863 -C "received HelloRetryRequest message"
7864
7865requires_gnutls_tls1_3
7866requires_gnutls_next_no_ticket
7867requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7868requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7869requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7870requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7871requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7872requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7873run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7874 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
7875 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7876 0 \
7877 -c "HTTP/1.0 200 OK" \
7878 -c "Protocol is TLSv1.3" \
7879 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7880 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7881 -c "NamedGroup: x25519 ( 1d )" \
7882 -c "Verifying peer X.509 certificate... ok" \
7883 -C "received HelloRetryRequest message"
7884
7885requires_gnutls_tls1_3
7886requires_gnutls_next_no_ticket
7887requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7888requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7889requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7890requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7891requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7892requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7893run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7894 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
7895 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7896 0 \
7897 -c "HTTP/1.0 200 OK" \
7898 -c "Protocol is TLSv1.3" \
7899 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7900 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7901 -c "NamedGroup: x25519 ( 1d )" \
7902 -c "Verifying peer X.509 certificate... ok" \
7903 -C "received HelloRetryRequest message"
7904
7905requires_gnutls_tls1_3
7906requires_gnutls_next_no_ticket
7907requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7908requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7909requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7910requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7911requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7912requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7913run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7914 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
7915 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7916 0 \
7917 -c "HTTP/1.0 200 OK" \
7918 -c "Protocol is TLSv1.3" \
7919 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7920 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7921 -c "NamedGroup: x25519 ( 1d )" \
7922 -c "Verifying peer X.509 certificate... ok" \
7923 -C "received HelloRetryRequest message"
7924
7925requires_gnutls_tls1_3
7926requires_gnutls_next_no_ticket
7927requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7928requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7929requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7930requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7931requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7932requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7933requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7934run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7935 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
7936 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7937 0 \
7938 -c "HTTP/1.0 200 OK" \
7939 -c "Protocol is TLSv1.3" \
7940 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7941 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7942 -c "NamedGroup: x25519 ( 1d )" \
7943 -c "Verifying peer X.509 certificate... ok" \
7944 -C "received HelloRetryRequest message"
7945
7946requires_gnutls_tls1_3
7947requires_gnutls_next_no_ticket
7948requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7949requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7950requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7951requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7952requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7953requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7954run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7955 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
7956 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7957 0 \
7958 -c "HTTP/1.0 200 OK" \
7959 -c "Protocol is TLSv1.3" \
7960 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7961 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7962 -c "NamedGroup: x448 ( 1e )" \
7963 -c "Verifying peer X.509 certificate... ok" \
7964 -C "received HelloRetryRequest message"
7965
7966requires_gnutls_tls1_3
7967requires_gnutls_next_no_ticket
7968requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7969requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7970requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7971requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7972requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7973requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7974run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7975 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
7976 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7977 0 \
7978 -c "HTTP/1.0 200 OK" \
7979 -c "Protocol is TLSv1.3" \
7980 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7981 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7982 -c "NamedGroup: x448 ( 1e )" \
7983 -c "Verifying peer X.509 certificate... ok" \
7984 -C "received HelloRetryRequest message"
7985
7986requires_gnutls_tls1_3
7987requires_gnutls_next_no_ticket
7988requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7989requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7990requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7991requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7992requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7993requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7994run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]7995 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
7996 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7997 0 \
7998 -c "HTTP/1.0 200 OK" \
7999 -c "Protocol is TLSv1.3" \
8000 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8001 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8002 -c "NamedGroup: x448 ( 1e )" \
8003 -c "Verifying peer X.509 certificate... ok" \
8004 -C "received HelloRetryRequest message"
8005
8006requires_gnutls_tls1_3
8007requires_gnutls_next_no_ticket
8008requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8009requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8010requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8011requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8012requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8013requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8014requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8015run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8016 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
8017 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8018 0 \
8019 -c "HTTP/1.0 200 OK" \
8020 -c "Protocol is TLSv1.3" \
8021 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8022 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8023 -c "NamedGroup: x448 ( 1e )" \
8024 -c "Verifying peer X.509 certificate... ok" \
8025 -C "received HelloRetryRequest message"
8026
8027requires_gnutls_tls1_3
8028requires_gnutls_next_no_ticket
8029requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8030requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8031requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8032requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8033requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8034requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]8035requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8036run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8037 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8038 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8039 0 \
8040 -c "HTTP/1.0 200 OK" \
8041 -c "Protocol is TLSv1.3" \
8042 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8043 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8044 -c "NamedGroup: ffdhe2048 ( 100 )" \
8045 -c "Verifying peer X.509 certificate... ok" \
8046 -C "received HelloRetryRequest message"
8047
8048requires_gnutls_tls1_3
8049requires_gnutls_next_no_ticket
8050requires_gnutls_next_disable_tls13_compat
8051requires_config_enabled MBEDTLS_SSL_CLI_C
8052requires_config_enabled MBEDTLS_DEBUG_C
8053requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8054requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8055requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]8056requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8057run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8058 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8059 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8060 0 \
8061 -c "HTTP/1.0 200 OK" \
8062 -c "Protocol is TLSv1.3" \
8063 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8064 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8065 -c "NamedGroup: ffdhe2048 ( 100 )" \
8066 -c "Verifying peer X.509 certificate... ok" \
8067 -C "received HelloRetryRequest message"
8068
8069requires_gnutls_tls1_3
8070requires_gnutls_next_no_ticket
8071requires_gnutls_next_disable_tls13_compat
8072requires_config_enabled MBEDTLS_SSL_CLI_C
8073requires_config_enabled MBEDTLS_DEBUG_C
8074requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8075requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8076requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]8077requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8078run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8079 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8080 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8081 0 \
8082 -c "HTTP/1.0 200 OK" \
8083 -c "Protocol is TLSv1.3" \
8084 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8085 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8086 -c "NamedGroup: ffdhe2048 ( 100 )" \
8087 -c "Verifying peer X.509 certificate... ok" \
8088 -C "received HelloRetryRequest message"
8089
8090requires_gnutls_tls1_3
8091requires_gnutls_next_no_ticket
8092requires_gnutls_next_disable_tls13_compat
8093requires_config_enabled MBEDTLS_SSL_CLI_C
8094requires_config_enabled MBEDTLS_DEBUG_C
8095requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8096requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8097requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8098requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]8099requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8100run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8101 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8102 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8103 0 \
8104 -c "HTTP/1.0 200 OK" \
8105 -c "Protocol is TLSv1.3" \
8106 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8107 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8108 -c "NamedGroup: ffdhe2048 ( 100 )" \
8109 -c "Verifying peer X.509 certificate... ok" \
8110 -C "received HelloRetryRequest message"
8111
8112requires_gnutls_tls1_3
8113requires_gnutls_next_no_ticket
8114requires_gnutls_next_disable_tls13_compat
8115requires_config_enabled MBEDTLS_SSL_CLI_C
8116requires_config_enabled MBEDTLS_DEBUG_C
8117requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8118requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8119requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8120run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8121 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
8122 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8123 0 \
8124 -c "HTTP/1.0 200 OK" \
8125 -c "Protocol is TLSv1.3" \
8126 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8127 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8128 -c "NamedGroup: secp256r1 ( 17 )" \
8129 -c "Verifying peer X.509 certificate... ok" \
8130 -C "received HelloRetryRequest message"
8131
8132requires_gnutls_tls1_3
8133requires_gnutls_next_no_ticket
8134requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8135requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8136requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8137requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8138requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8139requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8140run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8141 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
8142 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8143 0 \
8144 -c "HTTP/1.0 200 OK" \
8145 -c "Protocol is TLSv1.3" \
8146 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8147 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8148 -c "NamedGroup: secp256r1 ( 17 )" \
8149 -c "Verifying peer X.509 certificate... ok" \
8150 -C "received HelloRetryRequest message"
8151
8152requires_gnutls_tls1_3
8153requires_gnutls_next_no_ticket
8154requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8155requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8156requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8157requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8158requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8159requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8160run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8161 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
8162 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8163 0 \
8164 -c "HTTP/1.0 200 OK" \
8165 -c "Protocol is TLSv1.3" \
8166 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8167 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8168 -c "NamedGroup: secp256r1 ( 17 )" \
8169 -c "Verifying peer X.509 certificate... ok" \
8170 -C "received HelloRetryRequest message"
8171
8172requires_gnutls_tls1_3
8173requires_gnutls_next_no_ticket
8174requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8175requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8176requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8177requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8178requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8179requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8180requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8181run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8182 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
8183 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8184 0 \
8185 -c "HTTP/1.0 200 OK" \
8186 -c "Protocol is TLSv1.3" \
8187 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8188 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8189 -c "NamedGroup: secp256r1 ( 17 )" \
8190 -c "Verifying peer X.509 certificate... ok" \
8191 -C "received HelloRetryRequest message"
8192
8193requires_gnutls_tls1_3
8194requires_gnutls_next_no_ticket
8195requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8196requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8197requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8198requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8199requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8200requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8201run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8202 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
8203 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8204 0 \
8205 -c "HTTP/1.0 200 OK" \
8206 -c "Protocol is TLSv1.3" \
8207 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8208 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8209 -c "NamedGroup: secp384r1 ( 18 )" \
8210 -c "Verifying peer X.509 certificate... ok" \
8211 -C "received HelloRetryRequest message"
8212
8213requires_gnutls_tls1_3
8214requires_gnutls_next_no_ticket
8215requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8216requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8217requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8218requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8219requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8220requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8221run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8222 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
8223 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8224 0 \
8225 -c "HTTP/1.0 200 OK" \
8226 -c "Protocol is TLSv1.3" \
8227 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8228 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8229 -c "NamedGroup: secp384r1 ( 18 )" \
8230 -c "Verifying peer X.509 certificate... ok" \
8231 -C "received HelloRetryRequest message"
8232
8233requires_gnutls_tls1_3
8234requires_gnutls_next_no_ticket
8235requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8236requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8237requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8238requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8239requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8240requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8241run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8242 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
8243 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8244 0 \
8245 -c "HTTP/1.0 200 OK" \
8246 -c "Protocol is TLSv1.3" \
8247 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8248 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8249 -c "NamedGroup: secp384r1 ( 18 )" \
8250 -c "Verifying peer X.509 certificate... ok" \
8251 -C "received HelloRetryRequest message"
8252
8253requires_gnutls_tls1_3
8254requires_gnutls_next_no_ticket
8255requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8256requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8257requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8258requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8259requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8260requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8261requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8262run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8263 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
8264 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8265 0 \
8266 -c "HTTP/1.0 200 OK" \
8267 -c "Protocol is TLSv1.3" \
8268 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8269 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8270 -c "NamedGroup: secp384r1 ( 18 )" \
8271 -c "Verifying peer X.509 certificate... ok" \
8272 -C "received HelloRetryRequest message"
8273
8274requires_gnutls_tls1_3
8275requires_gnutls_next_no_ticket
8276requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8277requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8278requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8279requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8280requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8281requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8282run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8283 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
8284 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8285 0 \
8286 -c "HTTP/1.0 200 OK" \
8287 -c "Protocol is TLSv1.3" \
8288 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8289 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8290 -c "NamedGroup: secp521r1 ( 19 )" \
8291 -c "Verifying peer X.509 certificate... ok" \
8292 -C "received HelloRetryRequest message"
8293
8294requires_gnutls_tls1_3
8295requires_gnutls_next_no_ticket
8296requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8297requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8298requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8299requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8300requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8301requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8302run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8303 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
8304 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8305 0 \
8306 -c "HTTP/1.0 200 OK" \
8307 -c "Protocol is TLSv1.3" \
8308 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8309 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8310 -c "NamedGroup: secp521r1 ( 19 )" \
8311 -c "Verifying peer X.509 certificate... ok" \
8312 -C "received HelloRetryRequest message"
8313
8314requires_gnutls_tls1_3
8315requires_gnutls_next_no_ticket
8316requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8317requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8318requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8319requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8320requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8321requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8322run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8323 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
8324 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8325 0 \
8326 -c "HTTP/1.0 200 OK" \
8327 -c "Protocol is TLSv1.3" \
8328 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8329 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8330 -c "NamedGroup: secp521r1 ( 19 )" \
8331 -c "Verifying peer X.509 certificate... ok" \
8332 -C "received HelloRetryRequest message"
8333
8334requires_gnutls_tls1_3
8335requires_gnutls_next_no_ticket
8336requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8337requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8338requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8339requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8340requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8341requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8342requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8343run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8344 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
8345 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8346 0 \
8347 -c "HTTP/1.0 200 OK" \
8348 -c "Protocol is TLSv1.3" \
8349 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8350 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8351 -c "NamedGroup: secp521r1 ( 19 )" \
8352 -c "Verifying peer X.509 certificate... ok" \
8353 -C "received HelloRetryRequest message"
8354
8355requires_gnutls_tls1_3
8356requires_gnutls_next_no_ticket
8357requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8358requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8359requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8360requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8361requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8362requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8363run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8364 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
8365 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8366 0 \
8367 -c "HTTP/1.0 200 OK" \
8368 -c "Protocol is TLSv1.3" \
8369 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8370 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8371 -c "NamedGroup: x25519 ( 1d )" \
8372 -c "Verifying peer X.509 certificate... ok" \
8373 -C "received HelloRetryRequest message"
8374
8375requires_gnutls_tls1_3
8376requires_gnutls_next_no_ticket
8377requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8378requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8379requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8380requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8381requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8382requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8383run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8384 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
8385 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8386 0 \
8387 -c "HTTP/1.0 200 OK" \
8388 -c "Protocol is TLSv1.3" \
8389 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8390 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8391 -c "NamedGroup: x25519 ( 1d )" \
8392 -c "Verifying peer X.509 certificate... ok" \
8393 -C "received HelloRetryRequest message"
8394
8395requires_gnutls_tls1_3
8396requires_gnutls_next_no_ticket
8397requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8398requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8399requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8400requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8401requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8402requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8403run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8404 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
8405 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8406 0 \
8407 -c "HTTP/1.0 200 OK" \
8408 -c "Protocol is TLSv1.3" \
8409 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8410 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8411 -c "NamedGroup: x25519 ( 1d )" \
8412 -c "Verifying peer X.509 certificate... ok" \
8413 -C "received HelloRetryRequest message"
8414
8415requires_gnutls_tls1_3
8416requires_gnutls_next_no_ticket
8417requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8418requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8419requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8420requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8421requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8422requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8423requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8424run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8425 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
8426 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8427 0 \
8428 -c "HTTP/1.0 200 OK" \
8429 -c "Protocol is TLSv1.3" \
8430 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8431 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8432 -c "NamedGroup: x25519 ( 1d )" \
8433 -c "Verifying peer X.509 certificate... ok" \
8434 -C "received HelloRetryRequest message"
8435
8436requires_gnutls_tls1_3
8437requires_gnutls_next_no_ticket
8438requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8439requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8440requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8441requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8442requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8443requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8444run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8445 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
8446 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8447 0 \
8448 -c "HTTP/1.0 200 OK" \
8449 -c "Protocol is TLSv1.3" \
8450 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8451 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8452 -c "NamedGroup: x448 ( 1e )" \
8453 -c "Verifying peer X.509 certificate... ok" \
8454 -C "received HelloRetryRequest message"
8455
8456requires_gnutls_tls1_3
8457requires_gnutls_next_no_ticket
8458requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8459requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8460requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8461requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8462requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8463requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8464run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8465 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
8466 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8467 0 \
8468 -c "HTTP/1.0 200 OK" \
8469 -c "Protocol is TLSv1.3" \
8470 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8471 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8472 -c "NamedGroup: x448 ( 1e )" \
8473 -c "Verifying peer X.509 certificate... ok" \
8474 -C "received HelloRetryRequest message"
8475
8476requires_gnutls_tls1_3
8477requires_gnutls_next_no_ticket
8478requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8479requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8480requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8481requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8482requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8483requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8484run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8485 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
8486 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8487 0 \
8488 -c "HTTP/1.0 200 OK" \
8489 -c "Protocol is TLSv1.3" \
8490 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8491 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8492 -c "NamedGroup: x448 ( 1e )" \
8493 -c "Verifying peer X.509 certificate... ok" \
8494 -C "received HelloRetryRequest message"
8495
8496requires_gnutls_tls1_3
8497requires_gnutls_next_no_ticket
8498requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8499requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8500requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8501requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8502requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8503requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8504requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8505run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8506 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
8507 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8508 0 \
8509 -c "HTTP/1.0 200 OK" \
8510 -c "Protocol is TLSv1.3" \
8511 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8512 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8513 -c "NamedGroup: x448 ( 1e )" \
8514 -c "Verifying peer X.509 certificate... ok" \
8515 -C "received HelloRetryRequest message"
8516
8517requires_gnutls_tls1_3
8518requires_gnutls_next_no_ticket
8519requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8520requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8521requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8522requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8523requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8524requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]8525requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8526run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8527 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8528 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8529 0 \
8530 -c "HTTP/1.0 200 OK" \
8531 -c "Protocol is TLSv1.3" \
8532 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8533 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8534 -c "NamedGroup: ffdhe2048 ( 100 )" \
8535 -c "Verifying peer X.509 certificate... ok" \
8536 -C "received HelloRetryRequest message"
8537
8538requires_gnutls_tls1_3
8539requires_gnutls_next_no_ticket
8540requires_gnutls_next_disable_tls13_compat
8541requires_config_enabled MBEDTLS_SSL_CLI_C
8542requires_config_enabled MBEDTLS_DEBUG_C
8543requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8544requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8545requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]8546requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8547run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8548 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8549 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8550 0 \
8551 -c "HTTP/1.0 200 OK" \
8552 -c "Protocol is TLSv1.3" \
8553 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8554 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8555 -c "NamedGroup: ffdhe2048 ( 100 )" \
8556 -c "Verifying peer X.509 certificate... ok" \
8557 -C "received HelloRetryRequest message"
8558
8559requires_gnutls_tls1_3
8560requires_gnutls_next_no_ticket
8561requires_gnutls_next_disable_tls13_compat
8562requires_config_enabled MBEDTLS_SSL_CLI_C
8563requires_config_enabled MBEDTLS_DEBUG_C
8564requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8565requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8566requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]8567requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8568run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8569 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8570 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8571 0 \
8572 -c "HTTP/1.0 200 OK" \
8573 -c "Protocol is TLSv1.3" \
8574 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8575 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8576 -c "NamedGroup: ffdhe2048 ( 100 )" \
8577 -c "Verifying peer X.509 certificate... ok" \
8578 -C "received HelloRetryRequest message"
8579
8580requires_gnutls_tls1_3
8581requires_gnutls_next_no_ticket
8582requires_gnutls_next_disable_tls13_compat
8583requires_config_enabled MBEDTLS_SSL_CLI_C
8584requires_config_enabled MBEDTLS_DEBUG_C
8585requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8586requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8587requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8588requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]8589requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8590run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8591 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8592 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8593 0 \
8594 -c "HTTP/1.0 200 OK" \
8595 -c "Protocol is TLSv1.3" \
8596 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8597 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8598 -c "NamedGroup: ffdhe2048 ( 100 )" \
8599 -c "Verifying peer X.509 certificate... ok" \
8600 -C "received HelloRetryRequest message"
8601
8602requires_gnutls_tls1_3
8603requires_gnutls_next_no_ticket
8604requires_gnutls_next_disable_tls13_compat
8605requires_config_enabled MBEDTLS_SSL_CLI_C
8606requires_config_enabled MBEDTLS_DEBUG_C
8607requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8608requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8609requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8610run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8611 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
8612 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8613 0 \
8614 -c "HTTP/1.0 200 OK" \
8615 -c "Protocol is TLSv1.3" \
8616 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8617 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8618 -c "NamedGroup: secp256r1 ( 17 )" \
8619 -c "Verifying peer X.509 certificate... ok" \
8620 -C "received HelloRetryRequest message"
8621
8622requires_gnutls_tls1_3
8623requires_gnutls_next_no_ticket
8624requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8625requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8626requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8627requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8628requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8629requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8630run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8631 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
8632 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8633 0 \
8634 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8635 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8636 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8637 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8638 -c "NamedGroup: secp256r1 ( 17 )" \
8639 -c "Verifying peer X.509 certificate... ok" \
8640 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8641
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8642requires_gnutls_tls1_3
8643requires_gnutls_next_no_ticket
8644requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8645requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8646requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8647requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8648requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8649requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8650run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8651 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
8652 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8653 0 \
8654 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8655 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8656 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8657 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8658 -c "NamedGroup: secp256r1 ( 17 )" \
8659 -c "Verifying peer X.509 certificate... ok" \
8660 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8661
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8662requires_gnutls_tls1_3
8663requires_gnutls_next_no_ticket
8664requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8665requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8666requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8667requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8668requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8669requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8670requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8671run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8672 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
8673 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8674 0 \
8675 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8676 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8677 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8678 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8679 -c "NamedGroup: secp256r1 ( 17 )" \
8680 -c "Verifying peer X.509 certificate... ok" \
8681 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8682
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8683requires_gnutls_tls1_3
8684requires_gnutls_next_no_ticket
8685requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8686requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8687requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8688requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8689requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8690requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8691run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8692 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
8693 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8694 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8695 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8696 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8697 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8698 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8699 -c "NamedGroup: secp384r1 ( 18 )" \
8700 -c "Verifying peer X.509 certificate... ok" \
8701 -C "received HelloRetryRequest message"
8702
8703requires_gnutls_tls1_3
8704requires_gnutls_next_no_ticket
8705requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8706requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8707requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8708requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8709requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8710requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8711run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8712 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
8713 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8714 0 \
8715 -c "HTTP/1.0 200 OK" \
8716 -c "Protocol is TLSv1.3" \
8717 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8718 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8719 -c "NamedGroup: secp384r1 ( 18 )" \
8720 -c "Verifying peer X.509 certificate... ok" \
8721 -C "received HelloRetryRequest message"
8722
8723requires_gnutls_tls1_3
8724requires_gnutls_next_no_ticket
8725requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8726requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8727requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8728requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8729requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8730requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8731run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8732 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
8733 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8734 0 \
8735 -c "HTTP/1.0 200 OK" \
8736 -c "Protocol is TLSv1.3" \
8737 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8738 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8739 -c "NamedGroup: secp384r1 ( 18 )" \
8740 -c "Verifying peer X.509 certificate... ok" \
8741 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8742
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8743requires_gnutls_tls1_3
8744requires_gnutls_next_no_ticket
8745requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8746requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8747requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8748requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8749requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8750requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8751requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8752run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8753 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
8754 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8755 0 \
8756 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8757 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8758 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8759 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8760 -c "NamedGroup: secp384r1 ( 18 )" \
8761 -c "Verifying peer X.509 certificate... ok" \
8762 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8763
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8764requires_gnutls_tls1_3
8765requires_gnutls_next_no_ticket
8766requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8767requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8768requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8769requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8770requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8771requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8772run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8773 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
8774 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8775 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8776 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8777 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8778 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8779 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8780 -c "NamedGroup: secp521r1 ( 19 )" \
8781 -c "Verifying peer X.509 certificate... ok" \
8782 -C "received HelloRetryRequest message"
8783
8784requires_gnutls_tls1_3
8785requires_gnutls_next_no_ticket
8786requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8787requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8788requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8789requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8790requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8791requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8792run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8793 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
8794 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8795 0 \
8796 -c "HTTP/1.0 200 OK" \
8797 -c "Protocol is TLSv1.3" \
8798 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8799 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8800 -c "NamedGroup: secp521r1 ( 19 )" \
8801 -c "Verifying peer X.509 certificate... ok" \
8802 -C "received HelloRetryRequest message"
8803
8804requires_gnutls_tls1_3
8805requires_gnutls_next_no_ticket
8806requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8807requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8808requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8809requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8810requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8811requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8812run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8813 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
8814 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8815 0 \
8816 -c "HTTP/1.0 200 OK" \
8817 -c "Protocol is TLSv1.3" \
8818 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8819 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8820 -c "NamedGroup: secp521r1 ( 19 )" \
8821 -c "Verifying peer X.509 certificate... ok" \
8822 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8823
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8824requires_gnutls_tls1_3
8825requires_gnutls_next_no_ticket
8826requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8827requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8828requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8829requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8830requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8831requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8832requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8833run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8834 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
8835 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8836 0 \
8837 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8838 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8839 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8840 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8841 -c "NamedGroup: secp521r1 ( 19 )" \
8842 -c "Verifying peer X.509 certificate... ok" \
8843 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8844
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8845requires_gnutls_tls1_3
8846requires_gnutls_next_no_ticket
8847requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8848requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8849requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8850requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8851requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8852requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8853run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8854 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
8855 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8856 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8857 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8858 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8859 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8860 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8861 -c "NamedGroup: x25519 ( 1d )" \
8862 -c "Verifying peer X.509 certificate... ok" \
8863 -C "received HelloRetryRequest message"
8864
8865requires_gnutls_tls1_3
8866requires_gnutls_next_no_ticket
8867requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8868requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8869requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8870requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8871requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8872requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8873run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8874 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
8875 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8876 0 \
8877 -c "HTTP/1.0 200 OK" \
8878 -c "Protocol is TLSv1.3" \
8879 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8880 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8881 -c "NamedGroup: x25519 ( 1d )" \
8882 -c "Verifying peer X.509 certificate... ok" \
8883 -C "received HelloRetryRequest message"
8884
8885requires_gnutls_tls1_3
8886requires_gnutls_next_no_ticket
8887requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8888requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8889requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8890requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8891requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8892requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8893run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8894 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
8895 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8896 0 \
8897 -c "HTTP/1.0 200 OK" \
8898 -c "Protocol is TLSv1.3" \
8899 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8900 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8901 -c "NamedGroup: x25519 ( 1d )" \
8902 -c "Verifying peer X.509 certificate... ok" \
8903 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8904
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8905requires_gnutls_tls1_3
8906requires_gnutls_next_no_ticket
8907requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8908requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8909requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8910requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8911requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8912requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8913requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8914run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8915 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
8916 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8917 0 \
8918 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8919 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8920 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8921 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8922 -c "NamedGroup: x25519 ( 1d )" \
8923 -c "Verifying peer X.509 certificate... ok" \
8924 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8925
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8926requires_gnutls_tls1_3
8927requires_gnutls_next_no_ticket
8928requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8929requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8930requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8931requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8932requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8933requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8934run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8935 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
8936 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8937 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8938 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8939 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8940 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8941 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8942 -c "NamedGroup: x448 ( 1e )" \
8943 -c "Verifying peer X.509 certificate... ok" \
8944 -C "received HelloRetryRequest message"
8945
8946requires_gnutls_tls1_3
8947requires_gnutls_next_no_ticket
8948requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8949requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8950requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8951requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8952requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8953requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8954run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8955 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
8956 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8957 0 \
8958 -c "HTTP/1.0 200 OK" \
8959 -c "Protocol is TLSv1.3" \
8960 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8961 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8962 -c "NamedGroup: x448 ( 1e )" \
8963 -c "Verifying peer X.509 certificate... ok" \
8964 -C "received HelloRetryRequest message"
8965
8966requires_gnutls_tls1_3
8967requires_gnutls_next_no_ticket
8968requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8969requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8970requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8971requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8972requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8973requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8974run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8975 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
8976 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8977 0 \
8978 -c "HTTP/1.0 200 OK" \
8979 -c "Protocol is TLSv1.3" \
8980 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8981 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8982 -c "NamedGroup: x448 ( 1e )" \
8983 -c "Verifying peer X.509 certificate... ok" \
8984 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8985
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8986requires_gnutls_tls1_3
8987requires_gnutls_next_no_ticket
8988requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8989requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8990requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8991requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8992requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8993requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8994requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8995run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]8996 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
8997 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8998 0 \
8999 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9000 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9001 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]9002 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9003 -c "NamedGroup: x448 ( 1e )" \
9004 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]9005 -C "received HelloRetryRequest message"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]9006
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9007requires_gnutls_tls1_3
9008requires_gnutls_next_no_ticket
9009requires_gnutls_next_disable_tls13_compat
9010requires_config_enabled MBEDTLS_SSL_CLI_C
9011requires_config_enabled MBEDTLS_DEBUG_C
9012requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9013requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9014requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9015requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9016run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9017 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9018 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9019 0 \
9020 -c "HTTP/1.0 200 OK" \
9021 -c "Protocol is TLSv1.3" \
9022 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9023 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9024 -c "NamedGroup: ffdhe2048 ( 100 )" \
9025 -c "Verifying peer X.509 certificate... ok" \
9026 -C "received HelloRetryRequest message"
9027
9028requires_gnutls_tls1_3
9029requires_gnutls_next_no_ticket
9030requires_gnutls_next_disable_tls13_compat
9031requires_config_enabled MBEDTLS_SSL_CLI_C
9032requires_config_enabled MBEDTLS_DEBUG_C
9033requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9034requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9035requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9036requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9037run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9038 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9039 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9040 0 \
9041 -c "HTTP/1.0 200 OK" \
9042 -c "Protocol is TLSv1.3" \
9043 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9044 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9045 -c "NamedGroup: ffdhe2048 ( 100 )" \
9046 -c "Verifying peer X.509 certificate... ok" \
9047 -C "received HelloRetryRequest message"
9048
9049requires_gnutls_tls1_3
9050requires_gnutls_next_no_ticket
9051requires_gnutls_next_disable_tls13_compat
9052requires_config_enabled MBEDTLS_SSL_CLI_C
9053requires_config_enabled MBEDTLS_DEBUG_C
9054requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9055requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9056requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9057requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9058run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9059 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9060 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9061 0 \
9062 -c "HTTP/1.0 200 OK" \
9063 -c "Protocol is TLSv1.3" \
9064 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9065 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9066 -c "NamedGroup: ffdhe2048 ( 100 )" \
9067 -c "Verifying peer X.509 certificate... ok" \
9068 -C "received HelloRetryRequest message"
9069
9070requires_gnutls_tls1_3
9071requires_gnutls_next_no_ticket
9072requires_gnutls_next_disable_tls13_compat
9073requires_config_enabled MBEDTLS_SSL_CLI_C
9074requires_config_enabled MBEDTLS_DEBUG_C
9075requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9076requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9077requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9078requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9079requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9080run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9081 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9082 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9083 0 \
9084 -c "HTTP/1.0 200 OK" \
9085 -c "Protocol is TLSv1.3" \
9086 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9087 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9088 -c "NamedGroup: ffdhe2048 ( 100 )" \
9089 -c "Verifying peer X.509 certificate... ok" \
9090 -C "received HelloRetryRequest message"
9091
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9092requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9093requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9094requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9095requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9096requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9097requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9098requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9099requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9100requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9101requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9102run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9103 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9104 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9105 0 \
9106 -s "Protocol is TLSv1.3" \
9107 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9108 -s "received signature algorithm: 0x403" \
9109 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9110 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9111 -c "Protocol is TLSv1.3" \
9112 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9113 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9114 -c "NamedGroup: secp256r1 ( 17 )" \
9115 -c "Verifying peer X.509 certificate... ok" \
9116 -C "received HelloRetryRequest message"
9117
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9118requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9119requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9120requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9121requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9122requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9123requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9124requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9125requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9126requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9127requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9128run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9129 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9130 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9131 0 \
9132 -s "Protocol is TLSv1.3" \
9133 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9134 -s "received signature algorithm: 0x503" \
9135 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9136 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9137 -c "Protocol is TLSv1.3" \
9138 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9139 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9140 -c "NamedGroup: secp256r1 ( 17 )" \
9141 -c "Verifying peer X.509 certificate... ok" \
9142 -C "received HelloRetryRequest message"
9143
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9144requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9145requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9146requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9147requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9148requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9149requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9150requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9151requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9152requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9153requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9154run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9155 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9156 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9157 0 \
9158 -s "Protocol is TLSv1.3" \
9159 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9160 -s "received signature algorithm: 0x603" \
9161 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9162 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9163 -c "Protocol is TLSv1.3" \
9164 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9165 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9166 -c "NamedGroup: secp256r1 ( 17 )" \
9167 -c "Verifying peer X.509 certificate... ok" \
9168 -C "received HelloRetryRequest message"
9169
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9170requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9171requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9172requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9173requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9174requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9175requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9176requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9177requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9178requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9179requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9180requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9181requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9182run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9183 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9184 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9185 0 \
9186 -s "Protocol is TLSv1.3" \
9187 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9188 -s "received signature algorithm: 0x804" \
9189 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9190 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9191 -c "Protocol is TLSv1.3" \
9192 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9193 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9194 -c "NamedGroup: secp256r1 ( 17 )" \
9195 -c "Verifying peer X.509 certificate... ok" \
9196 -C "received HelloRetryRequest message"
9197
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9198requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9199requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9200requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9201requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9202requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9203requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9204requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9205requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9206requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9207requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9208run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9209 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9210 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9211 0 \
9212 -s "Protocol is TLSv1.3" \
9213 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9214 -s "received signature algorithm: 0x403" \
9215 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9216 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9217 -c "Protocol is TLSv1.3" \
9218 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9219 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9220 -c "NamedGroup: secp384r1 ( 18 )" \
9221 -c "Verifying peer X.509 certificate... ok" \
9222 -C "received HelloRetryRequest message"
9223
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9224requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9225requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9226requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9227requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9228requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9229requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9230requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9231requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9232requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9233requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9234run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9235 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9236 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9237 0 \
9238 -s "Protocol is TLSv1.3" \
9239 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9240 -s "received signature algorithm: 0x503" \
9241 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9242 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9243 -c "Protocol is TLSv1.3" \
9244 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9245 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9246 -c "NamedGroup: secp384r1 ( 18 )" \
9247 -c "Verifying peer X.509 certificate... ok" \
9248 -C "received HelloRetryRequest message"
9249
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9250requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9251requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9252requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9253requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9254requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9255requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9256requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9257requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9258requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9259requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9260run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9261 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9262 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9263 0 \
9264 -s "Protocol is TLSv1.3" \
9265 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9266 -s "received signature algorithm: 0x603" \
9267 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9268 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9269 -c "Protocol is TLSv1.3" \
9270 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9271 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9272 -c "NamedGroup: secp384r1 ( 18 )" \
9273 -c "Verifying peer X.509 certificate... ok" \
9274 -C "received HelloRetryRequest message"
9275
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9276requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9277requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9278requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9279requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9280requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9281requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9282requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9283requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9284requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9285requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9286requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9287requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9288run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9289 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9290 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9291 0 \
9292 -s "Protocol is TLSv1.3" \
9293 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9294 -s "received signature algorithm: 0x804" \
9295 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9296 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9297 -c "Protocol is TLSv1.3" \
9298 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9299 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9300 -c "NamedGroup: secp384r1 ( 18 )" \
9301 -c "Verifying peer X.509 certificate... ok" \
9302 -C "received HelloRetryRequest message"
9303
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9304requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9305requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9306requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9307requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9308requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9309requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9310requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9311requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9312requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9313requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9314run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9315 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9316 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9317 0 \
9318 -s "Protocol is TLSv1.3" \
9319 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9320 -s "received signature algorithm: 0x403" \
9321 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9322 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9323 -c "Protocol is TLSv1.3" \
9324 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9325 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9326 -c "NamedGroup: secp521r1 ( 19 )" \
9327 -c "Verifying peer X.509 certificate... ok" \
9328 -C "received HelloRetryRequest message"
9329
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9330requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9331requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9332requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9333requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9334requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9335requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9336requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9337requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9338requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9339requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9340run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9341 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9342 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9343 0 \
9344 -s "Protocol is TLSv1.3" \
9345 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9346 -s "received signature algorithm: 0x503" \
9347 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9348 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9349 -c "Protocol is TLSv1.3" \
9350 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9351 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9352 -c "NamedGroup: secp521r1 ( 19 )" \
9353 -c "Verifying peer X.509 certificate... ok" \
9354 -C "received HelloRetryRequest message"
9355
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9356requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9357requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9358requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9359requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9360requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9361requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9362requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9363requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9364requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9365requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9366run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9367 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9368 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9369 0 \
9370 -s "Protocol is TLSv1.3" \
9371 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9372 -s "received signature algorithm: 0x603" \
9373 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9374 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9375 -c "Protocol is TLSv1.3" \
9376 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9377 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9378 -c "NamedGroup: secp521r1 ( 19 )" \
9379 -c "Verifying peer X.509 certificate... ok" \
9380 -C "received HelloRetryRequest message"
9381
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9382requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9383requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9384requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9385requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9386requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9387requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9388requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9389requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9390requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9391requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9392requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9393requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9394run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9395 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9396 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9397 0 \
9398 -s "Protocol is TLSv1.3" \
9399 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9400 -s "received signature algorithm: 0x804" \
9401 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9402 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9403 -c "Protocol is TLSv1.3" \
9404 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9405 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9406 -c "NamedGroup: secp521r1 ( 19 )" \
9407 -c "Verifying peer X.509 certificate... ok" \
9408 -C "received HelloRetryRequest message"
9409
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9410requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9411requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9412requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9413requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9414requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9415requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9416requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9417requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9418requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9419requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9420run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9421 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9422 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9423 0 \
9424 -s "Protocol is TLSv1.3" \
9425 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9426 -s "received signature algorithm: 0x403" \
9427 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9428 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9429 -c "Protocol is TLSv1.3" \
9430 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9431 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9432 -c "NamedGroup: x25519 ( 1d )" \
9433 -c "Verifying peer X.509 certificate... ok" \
9434 -C "received HelloRetryRequest message"
9435
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9436requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9437requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9438requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9439requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9440requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9441requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9442requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9443requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9444requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9445requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9446run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9447 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9448 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9449 0 \
9450 -s "Protocol is TLSv1.3" \
9451 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9452 -s "received signature algorithm: 0x503" \
9453 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9454 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9455 -c "Protocol is TLSv1.3" \
9456 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9457 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9458 -c "NamedGroup: x25519 ( 1d )" \
9459 -c "Verifying peer X.509 certificate... ok" \
9460 -C "received HelloRetryRequest message"
9461
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9462requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9463requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9464requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9465requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9466requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9467requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9468requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9469requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9470requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9471requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9472run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9473 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9474 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9475 0 \
9476 -s "Protocol is TLSv1.3" \
9477 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9478 -s "received signature algorithm: 0x603" \
9479 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9480 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9481 -c "Protocol is TLSv1.3" \
9482 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9483 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9484 -c "NamedGroup: x25519 ( 1d )" \
9485 -c "Verifying peer X.509 certificate... ok" \
9486 -C "received HelloRetryRequest message"
9487
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9488requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9489requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9490requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9491requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9492requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9493requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9494requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9495requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9496requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9497requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9498requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9499requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9500run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9501 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9502 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9503 0 \
9504 -s "Protocol is TLSv1.3" \
9505 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9506 -s "received signature algorithm: 0x804" \
9507 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9508 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9509 -c "Protocol is TLSv1.3" \
9510 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9511 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9512 -c "NamedGroup: x25519 ( 1d )" \
9513 -c "Verifying peer X.509 certificate... ok" \
9514 -C "received HelloRetryRequest message"
9515
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9516requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9517requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9518requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9519requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9520requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9521requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9522requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9523requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9524requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9525requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9526run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9527 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9528 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9529 0 \
9530 -s "Protocol is TLSv1.3" \
9531 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9532 -s "received signature algorithm: 0x403" \
9533 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9534 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9535 -c "Protocol is TLSv1.3" \
9536 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9537 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9538 -c "NamedGroup: x448 ( 1e )" \
9539 -c "Verifying peer X.509 certificate... ok" \
9540 -C "received HelloRetryRequest message"
9541
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9542requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9543requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9544requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9545requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9546requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9547requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9548requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9549requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9550requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9551requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9552run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9553 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9554 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9555 0 \
9556 -s "Protocol is TLSv1.3" \
9557 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9558 -s "received signature algorithm: 0x503" \
9559 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9560 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9561 -c "Protocol is TLSv1.3" \
9562 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9563 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9564 -c "NamedGroup: x448 ( 1e )" \
9565 -c "Verifying peer X.509 certificate... ok" \
9566 -C "received HelloRetryRequest message"
9567
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9568requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9569requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9570requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9571requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9572requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9573requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9574requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9575requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9576requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9577requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9578run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9579 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9580 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9581 0 \
9582 -s "Protocol is TLSv1.3" \
9583 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9584 -s "received signature algorithm: 0x603" \
9585 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9586 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9587 -c "Protocol is TLSv1.3" \
9588 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9589 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9590 -c "NamedGroup: x448 ( 1e )" \
9591 -c "Verifying peer X.509 certificate... ok" \
9592 -C "received HelloRetryRequest message"
9593
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9594requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9595requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9596requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9597requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9598requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9599requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9600requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9601requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9602requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9603requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9604requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9605requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9606run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9607 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9608 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9609 0 \
9610 -s "Protocol is TLSv1.3" \
9611 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9612 -s "received signature algorithm: 0x804" \
9613 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9614 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9615 -c "Protocol is TLSv1.3" \
9616 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9617 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9618 -c "NamedGroup: x448 ( 1e )" \
9619 -c "Verifying peer X.509 certificate... ok" \
9620 -C "received HelloRetryRequest message"
9621
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9622requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9623requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9624requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9625requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9626requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9627requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9628requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9629requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9630requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9631requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9632requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9633requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9634run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9635 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9636 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9637 0 \
9638 -s "Protocol is TLSv1.3" \
9639 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9640 -s "received signature algorithm: 0x403" \
9641 -s "got named group: ffdhe2048(0100)" \
9642 -s "Certificate verification was skipped" \
9643 -c "Protocol is TLSv1.3" \
9644 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9645 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9646 -c "NamedGroup: ffdhe2048 ( 100 )" \
9647 -c "Verifying peer X.509 certificate... ok" \
9648 -C "received HelloRetryRequest message"
9649
9650requires_config_enabled MBEDTLS_SSL_SRV_C
9651requires_config_enabled MBEDTLS_DEBUG_C
9652requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9653requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9654requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9655requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9656requires_config_enabled MBEDTLS_SSL_CLI_C
9657requires_config_enabled MBEDTLS_DEBUG_C
9658requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9659requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9660requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9661requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9662run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9663 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9664 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9665 0 \
9666 -s "Protocol is TLSv1.3" \
9667 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9668 -s "received signature algorithm: 0x503" \
9669 -s "got named group: ffdhe2048(0100)" \
9670 -s "Certificate verification was skipped" \
9671 -c "Protocol is TLSv1.3" \
9672 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9673 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9674 -c "NamedGroup: ffdhe2048 ( 100 )" \
9675 -c "Verifying peer X.509 certificate... ok" \
9676 -C "received HelloRetryRequest message"
9677
9678requires_config_enabled MBEDTLS_SSL_SRV_C
9679requires_config_enabled MBEDTLS_DEBUG_C
9680requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9681requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9682requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9683requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9684requires_config_enabled MBEDTLS_SSL_CLI_C
9685requires_config_enabled MBEDTLS_DEBUG_C
9686requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9687requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9688requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9689requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9690run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9691 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9692 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9693 0 \
9694 -s "Protocol is TLSv1.3" \
9695 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9696 -s "received signature algorithm: 0x603" \
9697 -s "got named group: ffdhe2048(0100)" \
9698 -s "Certificate verification was skipped" \
9699 -c "Protocol is TLSv1.3" \
9700 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9701 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9702 -c "NamedGroup: ffdhe2048 ( 100 )" \
9703 -c "Verifying peer X.509 certificate... ok" \
9704 -C "received HelloRetryRequest message"
9705
9706requires_config_enabled MBEDTLS_SSL_SRV_C
9707requires_config_enabled MBEDTLS_DEBUG_C
9708requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9709requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9710requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9711requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9712requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9713requires_config_enabled MBEDTLS_SSL_CLI_C
9714requires_config_enabled MBEDTLS_DEBUG_C
9715requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9716requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9717requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9718requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9719requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9720run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9721 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9722 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9723 0 \
9724 -s "Protocol is TLSv1.3" \
9725 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9726 -s "received signature algorithm: 0x804" \
9727 -s "got named group: ffdhe2048(0100)" \
9728 -s "Certificate verification was skipped" \
9729 -c "Protocol is TLSv1.3" \
9730 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9731 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9732 -c "NamedGroup: ffdhe2048 ( 100 )" \
9733 -c "Verifying peer X.509 certificate... ok" \
9734 -C "received HelloRetryRequest message"
9735
9736requires_config_enabled MBEDTLS_SSL_SRV_C
9737requires_config_enabled MBEDTLS_DEBUG_C
9738requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9739requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9740requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9741requires_config_enabled MBEDTLS_SSL_CLI_C
9742requires_config_enabled MBEDTLS_DEBUG_C
9743requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9744requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9745requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9746run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9747 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9748 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9749 0 \
9750 -s "Protocol is TLSv1.3" \
9751 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9752 -s "received signature algorithm: 0x403" \
9753 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9754 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9755 -c "Protocol is TLSv1.3" \
9756 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
9757 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9758 -c "NamedGroup: secp256r1 ( 17 )" \
9759 -c "Verifying peer X.509 certificate... ok" \
9760 -C "received HelloRetryRequest message"
9761
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9762requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9763requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9764requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9765requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9766requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9767requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9768requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9769requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9770requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9771requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9772run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9773 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9774 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9775 0 \
9776 -s "Protocol is TLSv1.3" \
9777 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9778 -s "received signature algorithm: 0x503" \
9779 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9780 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9781 -c "Protocol is TLSv1.3" \
9782 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
9783 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9784 -c "NamedGroup: secp256r1 ( 17 )" \
9785 -c "Verifying peer X.509 certificate... ok" \
9786 -C "received HelloRetryRequest message"
9787
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9788requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9789requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9790requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9791requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9792requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9793requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9794requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9795requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9796requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9797requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9798run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9799 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9800 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9801 0 \
9802 -s "Protocol is TLSv1.3" \
9803 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9804 -s "received signature algorithm: 0x603" \
9805 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9806 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9807 -c "Protocol is TLSv1.3" \
9808 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
9809 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9810 -c "NamedGroup: secp256r1 ( 17 )" \
9811 -c "Verifying peer X.509 certificate... ok" \
9812 -C "received HelloRetryRequest message"
9813
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9814requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9815requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9816requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9817requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9818requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9819requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9820requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9821requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9822requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9823requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9824requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9825requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9826run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9827 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9828 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9829 0 \
9830 -s "Protocol is TLSv1.3" \
9831 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9832 -s "received signature algorithm: 0x804" \
9833 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9834 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9835 -c "Protocol is TLSv1.3" \
9836 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
9837 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9838 -c "NamedGroup: secp256r1 ( 17 )" \
9839 -c "Verifying peer X.509 certificate... ok" \
9840 -C "received HelloRetryRequest message"
9841
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9842requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9843requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9844requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9845requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9846requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9847requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9848requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9849requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9850requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9851requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9852run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9853 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9854 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9855 0 \
9856 -s "Protocol is TLSv1.3" \
9857 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9858 -s "received signature algorithm: 0x403" \
9859 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9860 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9861 -c "Protocol is TLSv1.3" \
9862 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
9863 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9864 -c "NamedGroup: secp384r1 ( 18 )" \
9865 -c "Verifying peer X.509 certificate... ok" \
9866 -C "received HelloRetryRequest message"
9867
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9868requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9869requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9870requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9871requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9872requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9873requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9874requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9875requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9876requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9877requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9878run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9879 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9880 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9881 0 \
9882 -s "Protocol is TLSv1.3" \
9883 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9884 -s "received signature algorithm: 0x503" \
9885 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9886 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9887 -c "Protocol is TLSv1.3" \
9888 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
9889 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9890 -c "NamedGroup: secp384r1 ( 18 )" \
9891 -c "Verifying peer X.509 certificate... ok" \
9892 -C "received HelloRetryRequest message"
9893
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9894requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9895requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9896requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9897requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9898requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9899requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9900requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9901requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9902requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9903requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9904run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9905 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9906 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9907 0 \
9908 -s "Protocol is TLSv1.3" \
9909 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9910 -s "received signature algorithm: 0x603" \
9911 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9912 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9913 -c "Protocol is TLSv1.3" \
9914 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
9915 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9916 -c "NamedGroup: secp384r1 ( 18 )" \
9917 -c "Verifying peer X.509 certificate... ok" \
9918 -C "received HelloRetryRequest message"
9919
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9920requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9921requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9922requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9923requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9924requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9925requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9926requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9927requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9928requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9929requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9930requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9931requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9932run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9933 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9934 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9935 0 \
9936 -s "Protocol is TLSv1.3" \
9937 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9938 -s "received signature algorithm: 0x804" \
9939 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9940 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9941 -c "Protocol is TLSv1.3" \
9942 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
9943 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9944 -c "NamedGroup: secp384r1 ( 18 )" \
9945 -c "Verifying peer X.509 certificate... ok" \
9946 -C "received HelloRetryRequest message"
9947
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9948requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9949requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9950requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9951requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9952requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9953requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9954requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9955requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9956requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9957requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9958run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9959 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9960 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9961 0 \
9962 -s "Protocol is TLSv1.3" \
9963 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9964 -s "received signature algorithm: 0x403" \
9965 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9966 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9967 -c "Protocol is TLSv1.3" \
9968 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
9969 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9970 -c "NamedGroup: secp521r1 ( 19 )" \
9971 -c "Verifying peer X.509 certificate... ok" \
9972 -C "received HelloRetryRequest message"
9973
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9974requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9975requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9976requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9977requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9978requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9979requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9980requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9981requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9982requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9983requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9984run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]9985 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9986 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9987 0 \
9988 -s "Protocol is TLSv1.3" \
9989 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9990 -s "received signature algorithm: 0x503" \
9991 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9992 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9993 -c "Protocol is TLSv1.3" \
9994 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
9995 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9996 -c "NamedGroup: secp521r1 ( 19 )" \
9997 -c "Verifying peer X.509 certificate... ok" \
9998 -C "received HelloRetryRequest message"
9999
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10000requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10001requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10002requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10003requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10004requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10005requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10006requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10007requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10008requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10009requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10010run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10011 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10012 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10013 0 \
10014 -s "Protocol is TLSv1.3" \
10015 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10016 -s "received signature algorithm: 0x603" \
10017 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10018 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10019 -c "Protocol is TLSv1.3" \
10020 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10021 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10022 -c "NamedGroup: secp521r1 ( 19 )" \
10023 -c "Verifying peer X.509 certificate... ok" \
10024 -C "received HelloRetryRequest message"
10025
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10026requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10027requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10028requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10029requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10030requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10031requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10032requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10033requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10034requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10035requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10036requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10037requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10038run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10039 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10040 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10041 0 \
10042 -s "Protocol is TLSv1.3" \
10043 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10044 -s "received signature algorithm: 0x804" \
10045 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10046 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10047 -c "Protocol is TLSv1.3" \
10048 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10049 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10050 -c "NamedGroup: secp521r1 ( 19 )" \
10051 -c "Verifying peer X.509 certificate... ok" \
10052 -C "received HelloRetryRequest message"
10053
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10054requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10055requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10056requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10057requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10058requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10059requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10060requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10061requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10062requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10063requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10064run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10065 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10066 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10067 0 \
10068 -s "Protocol is TLSv1.3" \
10069 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10070 -s "received signature algorithm: 0x403" \
10071 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10072 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10073 -c "Protocol is TLSv1.3" \
10074 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10075 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10076 -c "NamedGroup: x25519 ( 1d )" \
10077 -c "Verifying peer X.509 certificate... ok" \
10078 -C "received HelloRetryRequest message"
10079
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10080requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10081requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10082requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10083requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10084requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10085requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10086requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10087requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10088requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10089requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10090run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10091 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10092 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10093 0 \
10094 -s "Protocol is TLSv1.3" \
10095 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10096 -s "received signature algorithm: 0x503" \
10097 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10098 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10099 -c "Protocol is TLSv1.3" \
10100 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10101 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10102 -c "NamedGroup: x25519 ( 1d )" \
10103 -c "Verifying peer X.509 certificate... ok" \
10104 -C "received HelloRetryRequest message"
10105
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10106requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10107requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10108requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10109requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10110requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10111requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10112requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10113requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10114requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10115requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10116run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10117 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10118 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10119 0 \
10120 -s "Protocol is TLSv1.3" \
10121 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10122 -s "received signature algorithm: 0x603" \
10123 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10124 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10125 -c "Protocol is TLSv1.3" \
10126 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10127 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10128 -c "NamedGroup: x25519 ( 1d )" \
10129 -c "Verifying peer X.509 certificate... ok" \
10130 -C "received HelloRetryRequest message"
10131
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10132requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10133requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10134requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10135requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10136requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10137requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10138requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10139requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10140requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10141requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10142requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10143requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10144run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10145 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10146 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10147 0 \
10148 -s "Protocol is TLSv1.3" \
10149 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10150 -s "received signature algorithm: 0x804" \
10151 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10152 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10153 -c "Protocol is TLSv1.3" \
10154 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10155 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10156 -c "NamedGroup: x25519 ( 1d )" \
10157 -c "Verifying peer X.509 certificate... ok" \
10158 -C "received HelloRetryRequest message"
10159
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10160requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10161requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10162requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10163requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10164requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10165requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10166requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10167requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10168requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10169requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10170run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10171 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10172 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10173 0 \
10174 -s "Protocol is TLSv1.3" \
10175 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10176 -s "received signature algorithm: 0x403" \
10177 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10178 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10179 -c "Protocol is TLSv1.3" \
10180 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10181 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10182 -c "NamedGroup: x448 ( 1e )" \
10183 -c "Verifying peer X.509 certificate... ok" \
10184 -C "received HelloRetryRequest message"
10185
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10186requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10187requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10188requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10189requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10190requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10191requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10192requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10193requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10194requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10195requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10196run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10197 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10198 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10199 0 \
10200 -s "Protocol is TLSv1.3" \
10201 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10202 -s "received signature algorithm: 0x503" \
10203 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10204 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10205 -c "Protocol is TLSv1.3" \
10206 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10207 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10208 -c "NamedGroup: x448 ( 1e )" \
10209 -c "Verifying peer X.509 certificate... ok" \
10210 -C "received HelloRetryRequest message"
10211
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10212requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10213requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10214requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10215requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10216requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10217requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10218requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10219requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10220requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10221requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10222run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10223 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10224 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10225 0 \
10226 -s "Protocol is TLSv1.3" \
10227 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10228 -s "received signature algorithm: 0x603" \
10229 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10230 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10231 -c "Protocol is TLSv1.3" \
10232 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10233 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10234 -c "NamedGroup: x448 ( 1e )" \
10235 -c "Verifying peer X.509 certificate... ok" \
10236 -C "received HelloRetryRequest message"
10237
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10238requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10239requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10240requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10241requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10242requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10243requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10244requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10245requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10246requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10247requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10248requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10249requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10250run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10251 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10252 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10253 0 \
10254 -s "Protocol is TLSv1.3" \
10255 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10256 -s "received signature algorithm: 0x804" \
10257 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10258 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10259 -c "Protocol is TLSv1.3" \
10260 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10261 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10262 -c "NamedGroup: x448 ( 1e )" \
10263 -c "Verifying peer X.509 certificate... ok" \
10264 -C "received HelloRetryRequest message"
10265
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10266requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10267requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10268requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10269requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10270requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10271requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10272requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10273requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10274requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10275requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10276requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10277requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10278run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10279 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10280 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10281 0 \
10282 -s "Protocol is TLSv1.3" \
10283 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10284 -s "received signature algorithm: 0x403" \
10285 -s "got named group: ffdhe2048(0100)" \
10286 -s "Certificate verification was skipped" \
10287 -c "Protocol is TLSv1.3" \
10288 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10289 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10290 -c "NamedGroup: ffdhe2048 ( 100 )" \
10291 -c "Verifying peer X.509 certificate... ok" \
10292 -C "received HelloRetryRequest message"
10293
10294requires_config_enabled MBEDTLS_SSL_SRV_C
10295requires_config_enabled MBEDTLS_DEBUG_C
10296requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10297requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10298requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10299requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10300requires_config_enabled MBEDTLS_SSL_CLI_C
10301requires_config_enabled MBEDTLS_DEBUG_C
10302requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10303requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10304requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10305requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10306run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10307 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10308 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10309 0 \
10310 -s "Protocol is TLSv1.3" \
10311 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10312 -s "received signature algorithm: 0x503" \
10313 -s "got named group: ffdhe2048(0100)" \
10314 -s "Certificate verification was skipped" \
10315 -c "Protocol is TLSv1.3" \
10316 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10317 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10318 -c "NamedGroup: ffdhe2048 ( 100 )" \
10319 -c "Verifying peer X.509 certificate... ok" \
10320 -C "received HelloRetryRequest message"
10321
10322requires_config_enabled MBEDTLS_SSL_SRV_C
10323requires_config_enabled MBEDTLS_DEBUG_C
10324requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10325requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10326requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10327requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10328requires_config_enabled MBEDTLS_SSL_CLI_C
10329requires_config_enabled MBEDTLS_DEBUG_C
10330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10331requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10332requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10333requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10334run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10335 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10336 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10337 0 \
10338 -s "Protocol is TLSv1.3" \
10339 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10340 -s "received signature algorithm: 0x603" \
10341 -s "got named group: ffdhe2048(0100)" \
10342 -s "Certificate verification was skipped" \
10343 -c "Protocol is TLSv1.3" \
10344 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10345 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10346 -c "NamedGroup: ffdhe2048 ( 100 )" \
10347 -c "Verifying peer X.509 certificate... ok" \
10348 -C "received HelloRetryRequest message"
10349
10350requires_config_enabled MBEDTLS_SSL_SRV_C
10351requires_config_enabled MBEDTLS_DEBUG_C
10352requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10353requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10354requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10355requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10356requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10357requires_config_enabled MBEDTLS_SSL_CLI_C
10358requires_config_enabled MBEDTLS_DEBUG_C
10359requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10360requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10361requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10362requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10363requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10364run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10365 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10366 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10367 0 \
10368 -s "Protocol is TLSv1.3" \
10369 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10370 -s "received signature algorithm: 0x804" \
10371 -s "got named group: ffdhe2048(0100)" \
10372 -s "Certificate verification was skipped" \
10373 -c "Protocol is TLSv1.3" \
10374 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10375 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10376 -c "NamedGroup: ffdhe2048 ( 100 )" \
10377 -c "Verifying peer X.509 certificate... ok" \
10378 -C "received HelloRetryRequest message"
10379
10380requires_config_enabled MBEDTLS_SSL_SRV_C
10381requires_config_enabled MBEDTLS_DEBUG_C
10382requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10383requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10384requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10385requires_config_enabled MBEDTLS_SSL_CLI_C
10386requires_config_enabled MBEDTLS_DEBUG_C
10387requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10388requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10389requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10390run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10391 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10392 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10393 0 \
10394 -s "Protocol is TLSv1.3" \
10395 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10396 -s "received signature algorithm: 0x403" \
10397 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10398 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10399 -c "Protocol is TLSv1.3" \
10400 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10401 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10402 -c "NamedGroup: secp256r1 ( 17 )" \
10403 -c "Verifying peer X.509 certificate... ok" \
10404 -C "received HelloRetryRequest message"
10405
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10406requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10407requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10408requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10409requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10410requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10411requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10412requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10413requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10414requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10415requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10416run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10417 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10418 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10419 0 \
10420 -s "Protocol is TLSv1.3" \
10421 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10422 -s "received signature algorithm: 0x503" \
10423 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10424 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10425 -c "Protocol is TLSv1.3" \
10426 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10427 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10428 -c "NamedGroup: secp256r1 ( 17 )" \
10429 -c "Verifying peer X.509 certificate... ok" \
10430 -C "received HelloRetryRequest message"
10431
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10432requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10433requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10434requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10435requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10436requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10437requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10438requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10439requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10440requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10441requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10442run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10443 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10444 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10445 0 \
10446 -s "Protocol is TLSv1.3" \
10447 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10448 -s "received signature algorithm: 0x603" \
10449 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10450 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10451 -c "Protocol is TLSv1.3" \
10452 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10453 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10454 -c "NamedGroup: secp256r1 ( 17 )" \
10455 -c "Verifying peer X.509 certificate... ok" \
10456 -C "received HelloRetryRequest message"
10457
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10458requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10459requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10460requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10461requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10462requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10463requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10464requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10465requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10466requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10467requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10468requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10469requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10470run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10471 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10472 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10473 0 \
10474 -s "Protocol is TLSv1.3" \
10475 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10476 -s "received signature algorithm: 0x804" \
10477 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10478 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10479 -c "Protocol is TLSv1.3" \
10480 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10481 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10482 -c "NamedGroup: secp256r1 ( 17 )" \
10483 -c "Verifying peer X.509 certificate... ok" \
10484 -C "received HelloRetryRequest message"
10485
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10486requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10487requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10488requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10489requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10490requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10491requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10492requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10493requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10494requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10495requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10496run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10497 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10498 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10499 0 \
10500 -s "Protocol is TLSv1.3" \
10501 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10502 -s "received signature algorithm: 0x403" \
10503 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10504 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10505 -c "Protocol is TLSv1.3" \
10506 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10507 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10508 -c "NamedGroup: secp384r1 ( 18 )" \
10509 -c "Verifying peer X.509 certificate... ok" \
10510 -C "received HelloRetryRequest message"
10511
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10512requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10513requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10514requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10515requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10516requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10517requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10518requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10519requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10520requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10521requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10522run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10523 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10524 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10525 0 \
10526 -s "Protocol is TLSv1.3" \
10527 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10528 -s "received signature algorithm: 0x503" \
10529 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10530 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10531 -c "Protocol is TLSv1.3" \
10532 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10533 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10534 -c "NamedGroup: secp384r1 ( 18 )" \
10535 -c "Verifying peer X.509 certificate... ok" \
10536 -C "received HelloRetryRequest message"
10537
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10538requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10539requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10540requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10541requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10542requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10543requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10544requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10545requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10546requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10547requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10548run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10549 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10550 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10551 0 \
10552 -s "Protocol is TLSv1.3" \
10553 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10554 -s "received signature algorithm: 0x603" \
10555 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10556 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10557 -c "Protocol is TLSv1.3" \
10558 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10559 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10560 -c "NamedGroup: secp384r1 ( 18 )" \
10561 -c "Verifying peer X.509 certificate... ok" \
10562 -C "received HelloRetryRequest message"
10563
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10564requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10565requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10566requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10567requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10568requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10569requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10570requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10571requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10572requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10573requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10574requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10575requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10576run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10577 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10578 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10579 0 \
10580 -s "Protocol is TLSv1.3" \
10581 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10582 -s "received signature algorithm: 0x804" \
10583 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10584 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10585 -c "Protocol is TLSv1.3" \
10586 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10587 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10588 -c "NamedGroup: secp384r1 ( 18 )" \
10589 -c "Verifying peer X.509 certificate... ok" \
10590 -C "received HelloRetryRequest message"
10591
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10592requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10593requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10594requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10595requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10596requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10597requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10598requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10599requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10600requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10601requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10602run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10603 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10604 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10605 0 \
10606 -s "Protocol is TLSv1.3" \
10607 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10608 -s "received signature algorithm: 0x403" \
10609 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10610 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10611 -c "Protocol is TLSv1.3" \
10612 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10613 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10614 -c "NamedGroup: secp521r1 ( 19 )" \
10615 -c "Verifying peer X.509 certificate... ok" \
10616 -C "received HelloRetryRequest message"
10617
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10618requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10619requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10620requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10621requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10622requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10623requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10624requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10625requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10626requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10627requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10628run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10629 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10630 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10631 0 \
10632 -s "Protocol is TLSv1.3" \
10633 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10634 -s "received signature algorithm: 0x503" \
10635 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10636 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10637 -c "Protocol is TLSv1.3" \
10638 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10639 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10640 -c "NamedGroup: secp521r1 ( 19 )" \
10641 -c "Verifying peer X.509 certificate... ok" \
10642 -C "received HelloRetryRequest message"
10643
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10644requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10645requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10646requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10647requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10648requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10649requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10650requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10651requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10652requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10653requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10654run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10655 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10656 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10657 0 \
10658 -s "Protocol is TLSv1.3" \
10659 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10660 -s "received signature algorithm: 0x603" \
10661 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10662 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10663 -c "Protocol is TLSv1.3" \
10664 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10665 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10666 -c "NamedGroup: secp521r1 ( 19 )" \
10667 -c "Verifying peer X.509 certificate... ok" \
10668 -C "received HelloRetryRequest message"
10669
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10670requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10671requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10672requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10673requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10674requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10675requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10676requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10677requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10678requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10679requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10680requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10681requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10682run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10683 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10684 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10685 0 \
10686 -s "Protocol is TLSv1.3" \
10687 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10688 -s "received signature algorithm: 0x804" \
10689 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10690 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10691 -c "Protocol is TLSv1.3" \
10692 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10693 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10694 -c "NamedGroup: secp521r1 ( 19 )" \
10695 -c "Verifying peer X.509 certificate... ok" \
10696 -C "received HelloRetryRequest message"
10697
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10698requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10699requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10700requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10701requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10702requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10703requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10704requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10705requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10706requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10707requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10708run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10709 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10710 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10711 0 \
10712 -s "Protocol is TLSv1.3" \
10713 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10714 -s "received signature algorithm: 0x403" \
10715 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10716 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10717 -c "Protocol is TLSv1.3" \
10718 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10719 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10720 -c "NamedGroup: x25519 ( 1d )" \
10721 -c "Verifying peer X.509 certificate... ok" \
10722 -C "received HelloRetryRequest message"
10723
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10724requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10725requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10726requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10727requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10728requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10729requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10730requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10731requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10732requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10733requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10734run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10735 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10736 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10737 0 \
10738 -s "Protocol is TLSv1.3" \
10739 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10740 -s "received signature algorithm: 0x503" \
10741 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10742 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10743 -c "Protocol is TLSv1.3" \
10744 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10745 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10746 -c "NamedGroup: x25519 ( 1d )" \
10747 -c "Verifying peer X.509 certificate... ok" \
10748 -C "received HelloRetryRequest message"
10749
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10750requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10751requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10752requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10753requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10754requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10755requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10756requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10757requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10758requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10759requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10760run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10761 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10762 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10763 0 \
10764 -s "Protocol is TLSv1.3" \
10765 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10766 -s "received signature algorithm: 0x603" \
10767 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10768 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10769 -c "Protocol is TLSv1.3" \
10770 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10771 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10772 -c "NamedGroup: x25519 ( 1d )" \
10773 -c "Verifying peer X.509 certificate... ok" \
10774 -C "received HelloRetryRequest message"
10775
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10776requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10777requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10778requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10779requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10780requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10781requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10782requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10783requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10784requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10785requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10786requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10787requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10788run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10789 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10790 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10791 0 \
10792 -s "Protocol is TLSv1.3" \
10793 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10794 -s "received signature algorithm: 0x804" \
10795 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10796 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10797 -c "Protocol is TLSv1.3" \
10798 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10799 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10800 -c "NamedGroup: x25519 ( 1d )" \
10801 -c "Verifying peer X.509 certificate... ok" \
10802 -C "received HelloRetryRequest message"
10803
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10804requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10805requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10806requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10807requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10808requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10809requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10810requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10811requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10812requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10813requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10814run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10815 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10816 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10817 0 \
10818 -s "Protocol is TLSv1.3" \
10819 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10820 -s "received signature algorithm: 0x403" \
10821 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10822 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10823 -c "Protocol is TLSv1.3" \
10824 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10825 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10826 -c "NamedGroup: x448 ( 1e )" \
10827 -c "Verifying peer X.509 certificate... ok" \
10828 -C "received HelloRetryRequest message"
10829
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10830requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10831requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10832requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10833requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10834requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10835requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10836requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10837requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10838requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10839requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10840run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10841 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10842 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10843 0 \
10844 -s "Protocol is TLSv1.3" \
10845 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10846 -s "received signature algorithm: 0x503" \
10847 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10848 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10849 -c "Protocol is TLSv1.3" \
10850 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10851 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10852 -c "NamedGroup: x448 ( 1e )" \
10853 -c "Verifying peer X.509 certificate... ok" \
10854 -C "received HelloRetryRequest message"
10855
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10856requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10857requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10858requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10859requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10860requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10861requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10862requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10863requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10864requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10865requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10866run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10867 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10868 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10869 0 \
10870 -s "Protocol is TLSv1.3" \
10871 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10872 -s "received signature algorithm: 0x603" \
10873 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10874 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10875 -c "Protocol is TLSv1.3" \
10876 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10877 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10878 -c "NamedGroup: x448 ( 1e )" \
10879 -c "Verifying peer X.509 certificate... ok" \
10880 -C "received HelloRetryRequest message"
10881
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10882requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10883requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10885requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10886requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10887requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10888requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10889requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10890requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10891requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10892requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10893requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10894run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10895 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10896 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10897 0 \
10898 -s "Protocol is TLSv1.3" \
10899 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10900 -s "received signature algorithm: 0x804" \
10901 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10902 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10903 -c "Protocol is TLSv1.3" \
10904 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10905 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10906 -c "NamedGroup: x448 ( 1e )" \
10907 -c "Verifying peer X.509 certificate... ok" \
10908 -C "received HelloRetryRequest message"
10909
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10910requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10911requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10912requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10913requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10914requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10915requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10916requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10917requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10918requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10919requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10920requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10921requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10922run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10923 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10924 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10925 0 \
10926 -s "Protocol is TLSv1.3" \
10927 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10928 -s "received signature algorithm: 0x403" \
10929 -s "got named group: ffdhe2048(0100)" \
10930 -s "Certificate verification was skipped" \
10931 -c "Protocol is TLSv1.3" \
10932 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10933 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10934 -c "NamedGroup: ffdhe2048 ( 100 )" \
10935 -c "Verifying peer X.509 certificate... ok" \
10936 -C "received HelloRetryRequest message"
10937
10938requires_config_enabled MBEDTLS_SSL_SRV_C
10939requires_config_enabled MBEDTLS_DEBUG_C
10940requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10941requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10942requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10943requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10944requires_config_enabled MBEDTLS_SSL_CLI_C
10945requires_config_enabled MBEDTLS_DEBUG_C
10946requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10947requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10948requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10949requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10950run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10951 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10952 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10953 0 \
10954 -s "Protocol is TLSv1.3" \
10955 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10956 -s "received signature algorithm: 0x503" \
10957 -s "got named group: ffdhe2048(0100)" \
10958 -s "Certificate verification was skipped" \
10959 -c "Protocol is TLSv1.3" \
10960 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10961 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10962 -c "NamedGroup: ffdhe2048 ( 100 )" \
10963 -c "Verifying peer X.509 certificate... ok" \
10964 -C "received HelloRetryRequest message"
10965
10966requires_config_enabled MBEDTLS_SSL_SRV_C
10967requires_config_enabled MBEDTLS_DEBUG_C
10968requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10969requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10970requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10971requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10972requires_config_enabled MBEDTLS_SSL_CLI_C
10973requires_config_enabled MBEDTLS_DEBUG_C
10974requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10975requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10976requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10977requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10978run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]10979 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10980 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10981 0 \
10982 -s "Protocol is TLSv1.3" \
10983 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10984 -s "received signature algorithm: 0x603" \
10985 -s "got named group: ffdhe2048(0100)" \
10986 -s "Certificate verification was skipped" \
10987 -c "Protocol is TLSv1.3" \
10988 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10989 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10990 -c "NamedGroup: ffdhe2048 ( 100 )" \
10991 -c "Verifying peer X.509 certificate... ok" \
10992 -C "received HelloRetryRequest message"
10993
10994requires_config_enabled MBEDTLS_SSL_SRV_C
10995requires_config_enabled MBEDTLS_DEBUG_C
10996requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10997requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10998requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10999requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11000requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11001requires_config_enabled MBEDTLS_SSL_CLI_C
11002requires_config_enabled MBEDTLS_DEBUG_C
11003requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11004requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11005requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11006requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11007requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11008run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11009 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11010 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11011 0 \
11012 -s "Protocol is TLSv1.3" \
11013 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11014 -s "received signature algorithm: 0x804" \
11015 -s "got named group: ffdhe2048(0100)" \
11016 -s "Certificate verification was skipped" \
11017 -c "Protocol is TLSv1.3" \
11018 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11019 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11020 -c "NamedGroup: ffdhe2048 ( 100 )" \
11021 -c "Verifying peer X.509 certificate... ok" \
11022 -C "received HelloRetryRequest message"
11023
11024requires_config_enabled MBEDTLS_SSL_SRV_C
11025requires_config_enabled MBEDTLS_DEBUG_C
11026requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11027requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11028requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11029requires_config_enabled MBEDTLS_SSL_CLI_C
11030requires_config_enabled MBEDTLS_DEBUG_C
11031requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11032requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11033requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11034run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11035 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11036 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11037 0 \
11038 -s "Protocol is TLSv1.3" \
11039 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11040 -s "received signature algorithm: 0x403" \
11041 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11042 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11043 -c "Protocol is TLSv1.3" \
11044 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11045 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11046 -c "NamedGroup: secp256r1 ( 17 )" \
11047 -c "Verifying peer X.509 certificate... ok" \
11048 -C "received HelloRetryRequest message"
11049
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11050requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11051requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11052requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11053requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11054requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11055requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11056requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11057requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11058requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11059requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11060run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11061 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11062 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11063 0 \
11064 -s "Protocol is TLSv1.3" \
11065 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11066 -s "received signature algorithm: 0x503" \
11067 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11068 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11069 -c "Protocol is TLSv1.3" \
11070 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11071 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11072 -c "NamedGroup: secp256r1 ( 17 )" \
11073 -c "Verifying peer X.509 certificate... ok" \
11074 -C "received HelloRetryRequest message"
11075
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11076requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11077requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11078requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11079requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11080requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11081requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11082requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11083requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11084requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11085requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11086run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11087 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11088 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11089 0 \
11090 -s "Protocol is TLSv1.3" \
11091 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11092 -s "received signature algorithm: 0x603" \
11093 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11094 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11095 -c "Protocol is TLSv1.3" \
11096 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11097 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11098 -c "NamedGroup: secp256r1 ( 17 )" \
11099 -c "Verifying peer X.509 certificate... ok" \
11100 -C "received HelloRetryRequest message"
11101
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11102requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11103requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11104requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11105requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11106requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11107requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11108requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11109requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11110requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11111requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11112requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11113requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11114run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11115 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11116 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11117 0 \
11118 -s "Protocol is TLSv1.3" \
11119 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11120 -s "received signature algorithm: 0x804" \
11121 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11122 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11123 -c "Protocol is TLSv1.3" \
11124 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11125 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11126 -c "NamedGroup: secp256r1 ( 17 )" \
11127 -c "Verifying peer X.509 certificate... ok" \
11128 -C "received HelloRetryRequest message"
11129
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11130requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11131requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11132requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11133requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11134requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11135requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11136requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11137requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11138requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11139requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11140run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11141 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11142 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11143 0 \
11144 -s "Protocol is TLSv1.3" \
11145 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11146 -s "received signature algorithm: 0x403" \
11147 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11148 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11149 -c "Protocol is TLSv1.3" \
11150 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11151 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11152 -c "NamedGroup: secp384r1 ( 18 )" \
11153 -c "Verifying peer X.509 certificate... ok" \
11154 -C "received HelloRetryRequest message"
11155
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11156requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11157requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11158requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11159requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11160requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11161requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11162requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11163requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11164requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11165requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11166run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11167 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11168 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11169 0 \
11170 -s "Protocol is TLSv1.3" \
11171 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11172 -s "received signature algorithm: 0x503" \
11173 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11174 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11175 -c "Protocol is TLSv1.3" \
11176 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11177 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11178 -c "NamedGroup: secp384r1 ( 18 )" \
11179 -c "Verifying peer X.509 certificate... ok" \
11180 -C "received HelloRetryRequest message"
11181
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11182requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11183requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11184requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11185requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11186requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11187requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11188requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11189requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11190requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11191requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11192run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11193 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11194 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11195 0 \
11196 -s "Protocol is TLSv1.3" \
11197 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11198 -s "received signature algorithm: 0x603" \
11199 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11200 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11201 -c "Protocol is TLSv1.3" \
11202 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11203 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11204 -c "NamedGroup: secp384r1 ( 18 )" \
11205 -c "Verifying peer X.509 certificate... ok" \
11206 -C "received HelloRetryRequest message"
11207
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11208requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11209requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11210requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11211requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11212requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11213requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11214requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11215requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11216requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11217requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11218requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11219requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11220run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11221 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11222 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11223 0 \
11224 -s "Protocol is TLSv1.3" \
11225 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11226 -s "received signature algorithm: 0x804" \
11227 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11228 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11229 -c "Protocol is TLSv1.3" \
11230 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11231 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11232 -c "NamedGroup: secp384r1 ( 18 )" \
11233 -c "Verifying peer X.509 certificate... ok" \
11234 -C "received HelloRetryRequest message"
11235
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11236requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11237requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11238requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11239requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11240requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11241requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11242requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11243requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11244requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11245requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11246run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11247 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11248 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11249 0 \
11250 -s "Protocol is TLSv1.3" \
11251 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11252 -s "received signature algorithm: 0x403" \
11253 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11254 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11255 -c "Protocol is TLSv1.3" \
11256 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11257 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11258 -c "NamedGroup: secp521r1 ( 19 )" \
11259 -c "Verifying peer X.509 certificate... ok" \
11260 -C "received HelloRetryRequest message"
11261
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11262requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11263requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11264requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11265requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11266requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11267requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11268requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11269requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11270requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11271requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11272run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11273 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11274 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11275 0 \
11276 -s "Protocol is TLSv1.3" \
11277 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11278 -s "received signature algorithm: 0x503" \
11279 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11280 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11281 -c "Protocol is TLSv1.3" \
11282 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11283 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11284 -c "NamedGroup: secp521r1 ( 19 )" \
11285 -c "Verifying peer X.509 certificate... ok" \
11286 -C "received HelloRetryRequest message"
11287
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11288requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11289requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11290requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11291requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11292requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11293requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11294requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11295requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11296requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11297requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11298run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11299 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11300 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11301 0 \
11302 -s "Protocol is TLSv1.3" \
11303 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11304 -s "received signature algorithm: 0x603" \
11305 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11306 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11307 -c "Protocol is TLSv1.3" \
11308 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11309 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11310 -c "NamedGroup: secp521r1 ( 19 )" \
11311 -c "Verifying peer X.509 certificate... ok" \
11312 -C "received HelloRetryRequest message"
11313
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11314requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11315requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11316requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11317requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11318requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11319requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11320requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11321requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11322requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11323requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11324requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11325requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11326run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11327 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11328 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11329 0 \
11330 -s "Protocol is TLSv1.3" \
11331 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11332 -s "received signature algorithm: 0x804" \
11333 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11334 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11335 -c "Protocol is TLSv1.3" \
11336 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11337 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11338 -c "NamedGroup: secp521r1 ( 19 )" \
11339 -c "Verifying peer X.509 certificate... ok" \
11340 -C "received HelloRetryRequest message"
11341
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11342requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11343requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11344requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11345requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11346requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11347requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11348requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11349requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11350requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11351requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11352run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11353 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11354 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11355 0 \
11356 -s "Protocol is TLSv1.3" \
11357 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11358 -s "received signature algorithm: 0x403" \
11359 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11360 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11361 -c "Protocol is TLSv1.3" \
11362 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11363 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11364 -c "NamedGroup: x25519 ( 1d )" \
11365 -c "Verifying peer X.509 certificate... ok" \
11366 -C "received HelloRetryRequest message"
11367
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11368requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11369requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11370requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11371requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11372requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11373requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11374requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11375requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11376requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11377requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11378run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11379 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11380 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11381 0 \
11382 -s "Protocol is TLSv1.3" \
11383 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11384 -s "received signature algorithm: 0x503" \
11385 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11386 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11387 -c "Protocol is TLSv1.3" \
11388 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11389 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11390 -c "NamedGroup: x25519 ( 1d )" \
11391 -c "Verifying peer X.509 certificate... ok" \
11392 -C "received HelloRetryRequest message"
11393
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11394requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11395requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11396requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11397requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11398requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11399requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11400requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11401requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11402requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11403requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11404run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11405 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11406 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11407 0 \
11408 -s "Protocol is TLSv1.3" \
11409 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11410 -s "received signature algorithm: 0x603" \
11411 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11412 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11413 -c "Protocol is TLSv1.3" \
11414 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11415 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11416 -c "NamedGroup: x25519 ( 1d )" \
11417 -c "Verifying peer X.509 certificate... ok" \
11418 -C "received HelloRetryRequest message"
11419
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11420requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11421requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11422requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11423requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11424requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11425requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11426requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11427requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11428requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11429requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11430requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11431requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11432run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11433 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11434 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11435 0 \
11436 -s "Protocol is TLSv1.3" \
11437 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11438 -s "received signature algorithm: 0x804" \
11439 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11440 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11441 -c "Protocol is TLSv1.3" \
11442 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11443 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11444 -c "NamedGroup: x25519 ( 1d )" \
11445 -c "Verifying peer X.509 certificate... ok" \
11446 -C "received HelloRetryRequest message"
11447
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11448requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11449requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11450requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11451requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11452requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11453requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11454requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11455requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11456requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11457requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11458run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11459 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11460 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11461 0 \
11462 -s "Protocol is TLSv1.3" \
11463 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11464 -s "received signature algorithm: 0x403" \
11465 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11466 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11467 -c "Protocol is TLSv1.3" \
11468 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11469 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11470 -c "NamedGroup: x448 ( 1e )" \
11471 -c "Verifying peer X.509 certificate... ok" \
11472 -C "received HelloRetryRequest message"
11473
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11474requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11475requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11476requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11477requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11478requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11479requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11480requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11481requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11482requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11483requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11484run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11485 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11486 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11487 0 \
11488 -s "Protocol is TLSv1.3" \
11489 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11490 -s "received signature algorithm: 0x503" \
11491 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11492 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11493 -c "Protocol is TLSv1.3" \
11494 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11495 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11496 -c "NamedGroup: x448 ( 1e )" \
11497 -c "Verifying peer X.509 certificate... ok" \
11498 -C "received HelloRetryRequest message"
11499
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11500requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11501requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11502requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11503requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11504requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11505requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11506requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11507requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11508requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11509requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11510run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11511 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11512 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11513 0 \
11514 -s "Protocol is TLSv1.3" \
11515 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11516 -s "received signature algorithm: 0x603" \
11517 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11518 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11519 -c "Protocol is TLSv1.3" \
11520 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11521 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11522 -c "NamedGroup: x448 ( 1e )" \
11523 -c "Verifying peer X.509 certificate... ok" \
11524 -C "received HelloRetryRequest message"
11525
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11526requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11527requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11528requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11529requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11530requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11531requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11532requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11533requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11534requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11535requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11536requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11537requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11538run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11539 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11540 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11541 0 \
11542 -s "Protocol is TLSv1.3" \
11543 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11544 -s "received signature algorithm: 0x804" \
11545 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11546 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11547 -c "Protocol is TLSv1.3" \
11548 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11549 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11550 -c "NamedGroup: x448 ( 1e )" \
11551 -c "Verifying peer X.509 certificate... ok" \
11552 -C "received HelloRetryRequest message"
11553
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11554requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11555requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11556requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11557requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11558requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11559requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11560requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11561requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11562requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11563requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11564requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11565requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11566run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11567 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11568 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11569 0 \
11570 -s "Protocol is TLSv1.3" \
11571 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11572 -s "received signature algorithm: 0x403" \
11573 -s "got named group: ffdhe2048(0100)" \
11574 -s "Certificate verification was skipped" \
11575 -c "Protocol is TLSv1.3" \
11576 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11577 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11578 -c "NamedGroup: ffdhe2048 ( 100 )" \
11579 -c "Verifying peer X.509 certificate... ok" \
11580 -C "received HelloRetryRequest message"
11581
11582requires_config_enabled MBEDTLS_SSL_SRV_C
11583requires_config_enabled MBEDTLS_DEBUG_C
11584requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11585requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11586requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11587requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11588requires_config_enabled MBEDTLS_SSL_CLI_C
11589requires_config_enabled MBEDTLS_DEBUG_C
11590requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11591requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11592requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11593requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11594run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11595 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11596 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11597 0 \
11598 -s "Protocol is TLSv1.3" \
11599 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11600 -s "received signature algorithm: 0x503" \
11601 -s "got named group: ffdhe2048(0100)" \
11602 -s "Certificate verification was skipped" \
11603 -c "Protocol is TLSv1.3" \
11604 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11605 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11606 -c "NamedGroup: ffdhe2048 ( 100 )" \
11607 -c "Verifying peer X.509 certificate... ok" \
11608 -C "received HelloRetryRequest message"
11609
11610requires_config_enabled MBEDTLS_SSL_SRV_C
11611requires_config_enabled MBEDTLS_DEBUG_C
11612requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11613requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11614requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11615requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11616requires_config_enabled MBEDTLS_SSL_CLI_C
11617requires_config_enabled MBEDTLS_DEBUG_C
11618requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11619requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11620requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11621requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11622run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11623 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11624 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11625 0 \
11626 -s "Protocol is TLSv1.3" \
11627 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11628 -s "received signature algorithm: 0x603" \
11629 -s "got named group: ffdhe2048(0100)" \
11630 -s "Certificate verification was skipped" \
11631 -c "Protocol is TLSv1.3" \
11632 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11633 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11634 -c "NamedGroup: ffdhe2048 ( 100 )" \
11635 -c "Verifying peer X.509 certificate... ok" \
11636 -C "received HelloRetryRequest message"
11637
11638requires_config_enabled MBEDTLS_SSL_SRV_C
11639requires_config_enabled MBEDTLS_DEBUG_C
11640requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11641requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11642requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11643requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11644requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11645requires_config_enabled MBEDTLS_SSL_CLI_C
11646requires_config_enabled MBEDTLS_DEBUG_C
11647requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11648requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11649requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11650requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11651requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11652run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11653 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11654 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11655 0 \
11656 -s "Protocol is TLSv1.3" \
11657 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11658 -s "received signature algorithm: 0x804" \
11659 -s "got named group: ffdhe2048(0100)" \
11660 -s "Certificate verification was skipped" \
11661 -c "Protocol is TLSv1.3" \
11662 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11663 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11664 -c "NamedGroup: ffdhe2048 ( 100 )" \
11665 -c "Verifying peer X.509 certificate... ok" \
11666 -C "received HelloRetryRequest message"
11667
11668requires_config_enabled MBEDTLS_SSL_SRV_C
11669requires_config_enabled MBEDTLS_DEBUG_C
11670requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11671requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11672requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11673requires_config_enabled MBEDTLS_SSL_CLI_C
11674requires_config_enabled MBEDTLS_DEBUG_C
11675requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11676requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11677requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11678run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11679 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11680 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11681 0 \
11682 -s "Protocol is TLSv1.3" \
11683 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11684 -s "received signature algorithm: 0x403" \
11685 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11686 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11687 -c "Protocol is TLSv1.3" \
11688 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11689 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11690 -c "NamedGroup: secp256r1 ( 17 )" \
11691 -c "Verifying peer X.509 certificate... ok" \
11692 -C "received HelloRetryRequest message"
11693
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11694requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11695requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11696requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11697requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11698requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11699requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11700requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11701requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11702requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11703requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11704run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11705 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11706 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11707 0 \
11708 -s "Protocol is TLSv1.3" \
11709 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11710 -s "received signature algorithm: 0x503" \
11711 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11712 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11713 -c "Protocol is TLSv1.3" \
11714 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11715 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11716 -c "NamedGroup: secp256r1 ( 17 )" \
11717 -c "Verifying peer X.509 certificate... ok" \
11718 -C "received HelloRetryRequest message"
11719
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11720requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11721requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11722requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11723requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11724requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11725requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11726requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11727requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11728requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11729requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11730run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11731 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11732 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11733 0 \
11734 -s "Protocol is TLSv1.3" \
11735 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11736 -s "received signature algorithm: 0x603" \
11737 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11738 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11739 -c "Protocol is TLSv1.3" \
11740 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11741 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11742 -c "NamedGroup: secp256r1 ( 17 )" \
11743 -c "Verifying peer X.509 certificate... ok" \
11744 -C "received HelloRetryRequest message"
11745
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11746requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11747requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11748requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11749requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11750requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11751requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11752requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11753requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11754requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11755requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11756requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11757requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11758run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11759 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11760 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11761 0 \
11762 -s "Protocol is TLSv1.3" \
11763 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11764 -s "received signature algorithm: 0x804" \
11765 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11766 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11767 -c "Protocol is TLSv1.3" \
11768 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11769 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11770 -c "NamedGroup: secp256r1 ( 17 )" \
11771 -c "Verifying peer X.509 certificate... ok" \
11772 -C "received HelloRetryRequest message"
11773
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11774requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11775requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11776requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11777requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11778requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11779requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11780requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11781requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11782requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11783requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11784run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11785 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11786 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11787 0 \
11788 -s "Protocol is TLSv1.3" \
11789 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11790 -s "received signature algorithm: 0x403" \
11791 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11792 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11793 -c "Protocol is TLSv1.3" \
11794 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11795 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11796 -c "NamedGroup: secp384r1 ( 18 )" \
11797 -c "Verifying peer X.509 certificate... ok" \
11798 -C "received HelloRetryRequest message"
11799
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11800requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11801requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11802requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11803requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11804requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11805requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11806requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11807requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11808requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11809requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11810run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11811 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11812 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11813 0 \
11814 -s "Protocol is TLSv1.3" \
11815 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11816 -s "received signature algorithm: 0x503" \
11817 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11818 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11819 -c "Protocol is TLSv1.3" \
11820 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11821 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11822 -c "NamedGroup: secp384r1 ( 18 )" \
11823 -c "Verifying peer X.509 certificate... ok" \
11824 -C "received HelloRetryRequest message"
11825
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11826requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11827requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11828requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11829requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11830requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11831requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11832requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11833requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11834requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11835requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11836run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11837 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11838 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11839 0 \
11840 -s "Protocol is TLSv1.3" \
11841 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11842 -s "received signature algorithm: 0x603" \
11843 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11844 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11845 -c "Protocol is TLSv1.3" \
11846 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11847 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11848 -c "NamedGroup: secp384r1 ( 18 )" \
11849 -c "Verifying peer X.509 certificate... ok" \
11850 -C "received HelloRetryRequest message"
11851
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11852requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11853requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11854requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11855requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11856requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11857requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11858requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11859requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11860requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11861requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11862requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11863requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11864run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11865 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11866 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11867 0 \
11868 -s "Protocol is TLSv1.3" \
11869 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11870 -s "received signature algorithm: 0x804" \
11871 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11872 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11873 -c "Protocol is TLSv1.3" \
11874 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11875 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11876 -c "NamedGroup: secp384r1 ( 18 )" \
11877 -c "Verifying peer X.509 certificate... ok" \
11878 -C "received HelloRetryRequest message"
11879
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11880requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11881requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11882requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11883requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11884requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11885requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11886requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11887requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11888requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11889requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11890run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11891 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11892 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11893 0 \
11894 -s "Protocol is TLSv1.3" \
11895 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11896 -s "received signature algorithm: 0x403" \
11897 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11898 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11899 -c "Protocol is TLSv1.3" \
11900 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11901 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11902 -c "NamedGroup: secp521r1 ( 19 )" \
11903 -c "Verifying peer X.509 certificate... ok" \
11904 -C "received HelloRetryRequest message"
11905
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11906requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11907requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11908requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11909requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11910requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11911requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11912requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11913requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11914requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11915requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11916run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11917 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11918 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11919 0 \
11920 -s "Protocol is TLSv1.3" \
11921 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11922 -s "received signature algorithm: 0x503" \
11923 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11924 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11925 -c "Protocol is TLSv1.3" \
11926 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11927 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11928 -c "NamedGroup: secp521r1 ( 19 )" \
11929 -c "Verifying peer X.509 certificate... ok" \
11930 -C "received HelloRetryRequest message"
11931
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11932requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11933requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11934requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11935requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11936requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11937requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11938requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11939requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11940requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11941requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11942run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11943 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11944 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11945 0 \
11946 -s "Protocol is TLSv1.3" \
11947 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11948 -s "received signature algorithm: 0x603" \
11949 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11950 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11951 -c "Protocol is TLSv1.3" \
11952 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11953 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11954 -c "NamedGroup: secp521r1 ( 19 )" \
11955 -c "Verifying peer X.509 certificate... ok" \
11956 -C "received HelloRetryRequest message"
11957
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11958requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11959requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11960requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11961requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11962requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11963requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11964requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11965requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11966requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11967requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11968requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11969requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11970run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11971 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11972 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11973 0 \
11974 -s "Protocol is TLSv1.3" \
11975 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11976 -s "received signature algorithm: 0x804" \
11977 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11978 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11979 -c "Protocol is TLSv1.3" \
11980 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11981 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11982 -c "NamedGroup: secp521r1 ( 19 )" \
11983 -c "Verifying peer X.509 certificate... ok" \
11984 -C "received HelloRetryRequest message"
11985
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11986requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11987requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11988requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11989requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11990requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11991requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11992requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11993requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11994requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11995requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11996run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]11997 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11998 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11999 0 \
12000 -s "Protocol is TLSv1.3" \
12001 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12002 -s "received signature algorithm: 0x403" \
12003 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12004 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12005 -c "Protocol is TLSv1.3" \
12006 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12007 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12008 -c "NamedGroup: x25519 ( 1d )" \
12009 -c "Verifying peer X.509 certificate... ok" \
12010 -C "received HelloRetryRequest message"
12011
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12012requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12013requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12014requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12015requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12016requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12017requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12018requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12019requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12020requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12021requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12022run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12023 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12024 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12025 0 \
12026 -s "Protocol is TLSv1.3" \
12027 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12028 -s "received signature algorithm: 0x503" \
12029 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12030 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12031 -c "Protocol is TLSv1.3" \
12032 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12033 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12034 -c "NamedGroup: x25519 ( 1d )" \
12035 -c "Verifying peer X.509 certificate... ok" \
12036 -C "received HelloRetryRequest message"
12037
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12038requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12039requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12040requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12041requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12042requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12043requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12044requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12045requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12046requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12047requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12048run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12049 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12050 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12051 0 \
12052 -s "Protocol is TLSv1.3" \
12053 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12054 -s "received signature algorithm: 0x603" \
12055 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12056 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12057 -c "Protocol is TLSv1.3" \
12058 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12059 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12060 -c "NamedGroup: x25519 ( 1d )" \
12061 -c "Verifying peer X.509 certificate... ok" \
12062 -C "received HelloRetryRequest message"
12063
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12064requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12065requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12066requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12067requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12068requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12069requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12070requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12071requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12072requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12073requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12074requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12075requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12076run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12077 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12078 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12079 0 \
12080 -s "Protocol is TLSv1.3" \
12081 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12082 -s "received signature algorithm: 0x804" \
12083 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12084 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12085 -c "Protocol is TLSv1.3" \
12086 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12087 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12088 -c "NamedGroup: x25519 ( 1d )" \
12089 -c "Verifying peer X.509 certificate... ok" \
12090 -C "received HelloRetryRequest message"
12091
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12092requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12093requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12094requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12095requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12096requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12097requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12098requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12099requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12100requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12101requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12102run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12103 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12104 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12105 0 \
12106 -s "Protocol is TLSv1.3" \
12107 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12108 -s "received signature algorithm: 0x403" \
12109 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12110 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12111 -c "Protocol is TLSv1.3" \
12112 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12113 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12114 -c "NamedGroup: x448 ( 1e )" \
12115 -c "Verifying peer X.509 certificate... ok" \
12116 -C "received HelloRetryRequest message"
12117
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12118requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12119requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12120requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12121requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12122requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12123requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12124requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12125requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12126requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12127requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12128run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12129 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12130 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12131 0 \
12132 -s "Protocol is TLSv1.3" \
12133 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12134 -s "received signature algorithm: 0x503" \
12135 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12136 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12137 -c "Protocol is TLSv1.3" \
12138 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12139 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12140 -c "NamedGroup: x448 ( 1e )" \
12141 -c "Verifying peer X.509 certificate... ok" \
12142 -C "received HelloRetryRequest message"
12143
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12144requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12145requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12146requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12147requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12148requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12149requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12150requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12151requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12152requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12153requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12154run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12155 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12156 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12157 0 \
12158 -s "Protocol is TLSv1.3" \
12159 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12160 -s "received signature algorithm: 0x603" \
12161 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12162 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12163 -c "Protocol is TLSv1.3" \
12164 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12165 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12166 -c "NamedGroup: x448 ( 1e )" \
12167 -c "Verifying peer X.509 certificate... ok" \
12168 -C "received HelloRetryRequest message"
12169
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12170requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12171requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12172requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12173requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12174requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12175requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12176requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12177requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12178requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12179requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12180requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12181requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12182run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12183 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12184 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12185 0 \
12186 -s "Protocol is TLSv1.3" \
12187 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12188 -s "received signature algorithm: 0x804" \
12189 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12190 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12191 -c "Protocol is TLSv1.3" \
12192 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12193 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12194 -c "NamedGroup: x448 ( 1e )" \
12195 -c "Verifying peer X.509 certificate... ok" \
12196 -C "received HelloRetryRequest message"
12197
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12198requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]12199requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12200requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12201requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12202requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12203requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12204requires_config_enabled MBEDTLS_SSL_CLI_C
12205requires_config_enabled MBEDTLS_DEBUG_C
12206requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12207requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12208requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12209requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12210run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12211 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12212 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12213 0 \
12214 -s "Protocol is TLSv1.3" \
12215 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12216 -s "received signature algorithm: 0x403" \
12217 -s "got named group: ffdhe2048(0100)" \
12218 -s "Certificate verification was skipped" \
12219 -c "Protocol is TLSv1.3" \
12220 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12221 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12222 -c "NamedGroup: ffdhe2048 ( 100 )" \
12223 -c "Verifying peer X.509 certificate... ok" \
12224 -C "received HelloRetryRequest message"
12225
12226requires_config_enabled MBEDTLS_SSL_SRV_C
12227requires_config_enabled MBEDTLS_DEBUG_C
12228requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12229requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12230requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12231requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12232requires_config_enabled MBEDTLS_SSL_CLI_C
12233requires_config_enabled MBEDTLS_DEBUG_C
12234requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12235requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12236requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12237requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12238run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12239 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12240 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12241 0 \
12242 -s "Protocol is TLSv1.3" \
12243 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12244 -s "received signature algorithm: 0x503" \
12245 -s "got named group: ffdhe2048(0100)" \
12246 -s "Certificate verification was skipped" \
12247 -c "Protocol is TLSv1.3" \
12248 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12249 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12250 -c "NamedGroup: ffdhe2048 ( 100 )" \
12251 -c "Verifying peer X.509 certificate... ok" \
12252 -C "received HelloRetryRequest message"
12253
12254requires_config_enabled MBEDTLS_SSL_SRV_C
12255requires_config_enabled MBEDTLS_DEBUG_C
12256requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12257requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12258requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12259requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12260requires_config_enabled MBEDTLS_SSL_CLI_C
12261requires_config_enabled MBEDTLS_DEBUG_C
12262requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12263requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12264requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12265requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12266run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12267 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12268 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12269 0 \
12270 -s "Protocol is TLSv1.3" \
12271 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12272 -s "received signature algorithm: 0x603" \
12273 -s "got named group: ffdhe2048(0100)" \
12274 -s "Certificate verification was skipped" \
12275 -c "Protocol is TLSv1.3" \
12276 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12277 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12278 -c "NamedGroup: ffdhe2048 ( 100 )" \
12279 -c "Verifying peer X.509 certificate... ok" \
12280 -C "received HelloRetryRequest message"
12281
12282requires_config_enabled MBEDTLS_SSL_SRV_C
12283requires_config_enabled MBEDTLS_DEBUG_C
12284requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12285requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12286requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12287requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12288requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12289requires_config_enabled MBEDTLS_SSL_CLI_C
12290requires_config_enabled MBEDTLS_DEBUG_C
12291requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12292requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12293requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12294requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12295requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12296run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12297 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12298 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12299 0 \
12300 -s "Protocol is TLSv1.3" \
12301 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12302 -s "received signature algorithm: 0x804" \
12303 -s "got named group: ffdhe2048(0100)" \
12304 -s "Certificate verification was skipped" \
12305 -c "Protocol is TLSv1.3" \
12306 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12307 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12308 -c "NamedGroup: ffdhe2048 ( 100 )" \
12309 -c "Verifying peer X.509 certificate... ok" \
12310 -C "received HelloRetryRequest message"
12311
12312requires_config_enabled MBEDTLS_SSL_SRV_C
12313requires_config_enabled MBEDTLS_DEBUG_C
12314requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12315requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12316requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12317requires_openssl_tls1_3
12318run_test "TLS 1.3 O->m: HRR secp256r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12319 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12320 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12321 0 \
12322 -s "Protocol is TLSv1.3" \
12323 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12324 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12325 -s "HRR selected_group: secp384r1"
12326
12327requires_config_enabled MBEDTLS_SSL_SRV_C
12328requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12329requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12330requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12331requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12332requires_openssl_tls1_3
12333run_test "TLS 1.3 O->m: HRR secp256r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12334 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12335 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12336 0 \
12337 -s "Protocol is TLSv1.3" \
12338 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12339 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12340 -s "HRR selected_group: secp521r1"
12341
12342requires_config_enabled MBEDTLS_SSL_SRV_C
12343requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12344requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12345requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12346requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12347requires_openssl_tls1_3
12348run_test "TLS 1.3 O->m: HRR secp256r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12349 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12350 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12351 0 \
12352 -s "Protocol is TLSv1.3" \
12353 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12354 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12355 -s "HRR selected_group: x25519"
12356
12357requires_config_enabled MBEDTLS_SSL_SRV_C
12358requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12359requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12360requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12361requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12362requires_openssl_tls1_3
12363run_test "TLS 1.3 O->m: HRR secp256r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12364 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12365 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12366 0 \
12367 -s "Protocol is TLSv1.3" \
12368 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12369 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12370 -s "HRR selected_group: x448"
12371
12372requires_config_enabled MBEDTLS_SSL_SRV_C
12373requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12374requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12375requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12376requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12377requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12378requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12379run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12380 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12381 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12382 0 \
12383 -s "Protocol is TLSv1.3" \
12384 -s "got named group: ffdhe2048(0100)" \
12385 -s "Certificate verification was skipped" \
12386 -s "HRR selected_group: ffdhe2048"
12387
12388requires_config_enabled MBEDTLS_SSL_SRV_C
12389requires_config_enabled MBEDTLS_DEBUG_C
12390requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12391requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12392requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12393requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12394run_test "TLS 1.3 O->m: HRR secp384r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12395 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12396 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12397 0 \
12398 -s "Protocol is TLSv1.3" \
12399 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12400 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12401 -s "HRR selected_group: secp256r1"
12402
12403requires_config_enabled MBEDTLS_SSL_SRV_C
12404requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12405requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12406requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12407requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12408requires_openssl_tls1_3
12409run_test "TLS 1.3 O->m: HRR secp384r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12410 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12411 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12412 0 \
12413 -s "Protocol is TLSv1.3" \
12414 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12415 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12416 -s "HRR selected_group: secp521r1"
12417
12418requires_config_enabled MBEDTLS_SSL_SRV_C
12419requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12420requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12421requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12422requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12423requires_openssl_tls1_3
12424run_test "TLS 1.3 O->m: HRR secp384r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12425 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12426 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12427 0 \
12428 -s "Protocol is TLSv1.3" \
12429 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12430 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12431 -s "HRR selected_group: x25519"
12432
12433requires_config_enabled MBEDTLS_SSL_SRV_C
12434requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12435requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12436requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12437requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12438requires_openssl_tls1_3
12439run_test "TLS 1.3 O->m: HRR secp384r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12440 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12441 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12442 0 \
12443 -s "Protocol is TLSv1.3" \
12444 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12445 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12446 -s "HRR selected_group: x448"
12447
12448requires_config_enabled MBEDTLS_SSL_SRV_C
12449requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12450requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12451requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12452requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12453requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12454requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12455run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12456 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12457 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12458 0 \
12459 -s "Protocol is TLSv1.3" \
12460 -s "got named group: ffdhe2048(0100)" \
12461 -s "Certificate verification was skipped" \
12462 -s "HRR selected_group: ffdhe2048"
12463
12464requires_config_enabled MBEDTLS_SSL_SRV_C
12465requires_config_enabled MBEDTLS_DEBUG_C
12466requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12467requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12468requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12469requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12470run_test "TLS 1.3 O->m: HRR secp521r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12471 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12472 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12473 0 \
12474 -s "Protocol is TLSv1.3" \
12475 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12476 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12477 -s "HRR selected_group: secp256r1"
12478
12479requires_config_enabled MBEDTLS_SSL_SRV_C
12480requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12481requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12482requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12483requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12484requires_openssl_tls1_3
12485run_test "TLS 1.3 O->m: HRR secp521r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12486 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12487 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12488 0 \
12489 -s "Protocol is TLSv1.3" \
12490 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12491 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12492 -s "HRR selected_group: secp384r1"
12493
12494requires_config_enabled MBEDTLS_SSL_SRV_C
12495requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12496requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12497requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12498requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12499requires_openssl_tls1_3
12500run_test "TLS 1.3 O->m: HRR secp521r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12501 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12502 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12503 0 \
12504 -s "Protocol is TLSv1.3" \
12505 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12506 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12507 -s "HRR selected_group: x25519"
12508
12509requires_config_enabled MBEDTLS_SSL_SRV_C
12510requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12511requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12512requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12513requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12514requires_openssl_tls1_3
12515run_test "TLS 1.3 O->m: HRR secp521r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12516 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12517 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12518 0 \
12519 -s "Protocol is TLSv1.3" \
12520 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12521 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12522 -s "HRR selected_group: x448"
12523
12524requires_config_enabled MBEDTLS_SSL_SRV_C
12525requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12526requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12527requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12528requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12529requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12530requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12531run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12532 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12533 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12534 0 \
12535 -s "Protocol is TLSv1.3" \
12536 -s "got named group: ffdhe2048(0100)" \
12537 -s "Certificate verification was skipped" \
12538 -s "HRR selected_group: ffdhe2048"
12539
12540requires_config_enabled MBEDTLS_SSL_SRV_C
12541requires_config_enabled MBEDTLS_DEBUG_C
12542requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12543requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12544requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12545requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12546run_test "TLS 1.3 O->m: HRR x25519 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12547 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12548 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12549 0 \
12550 -s "Protocol is TLSv1.3" \
12551 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12552 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12553 -s "HRR selected_group: secp256r1"
12554
12555requires_config_enabled MBEDTLS_SSL_SRV_C
12556requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12557requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12558requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12559requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12560requires_openssl_tls1_3
12561run_test "TLS 1.3 O->m: HRR x25519 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12562 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12563 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12564 0 \
12565 -s "Protocol is TLSv1.3" \
12566 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12567 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12568 -s "HRR selected_group: secp384r1"
12569
12570requires_config_enabled MBEDTLS_SSL_SRV_C
12571requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12572requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12573requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12574requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12575requires_openssl_tls1_3
12576run_test "TLS 1.3 O->m: HRR x25519 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12577 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12578 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12579 0 \
12580 -s "Protocol is TLSv1.3" \
12581 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12582 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12583 -s "HRR selected_group: secp521r1"
12584
12585requires_config_enabled MBEDTLS_SSL_SRV_C
12586requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12587requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12588requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12589requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12590requires_openssl_tls1_3
12591run_test "TLS 1.3 O->m: HRR x25519 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12592 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12593 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12594 0 \
12595 -s "Protocol is TLSv1.3" \
12596 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12597 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12598 -s "HRR selected_group: x448"
12599
12600requires_config_enabled MBEDTLS_SSL_SRV_C
12601requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12602requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12603requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12604requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12605requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12606requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12607run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12608 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12609 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12610 0 \
12611 -s "Protocol is TLSv1.3" \
12612 -s "got named group: ffdhe2048(0100)" \
12613 -s "Certificate verification was skipped" \
12614 -s "HRR selected_group: ffdhe2048"
12615
12616requires_config_enabled MBEDTLS_SSL_SRV_C
12617requires_config_enabled MBEDTLS_DEBUG_C
12618requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12619requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12620requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12621requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12622run_test "TLS 1.3 O->m: HRR x448 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12623 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12624 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12625 0 \
12626 -s "Protocol is TLSv1.3" \
12627 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12628 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12629 -s "HRR selected_group: secp256r1"
12630
12631requires_config_enabled MBEDTLS_SSL_SRV_C
12632requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12633requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12634requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12635requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12636requires_openssl_tls1_3
12637run_test "TLS 1.3 O->m: HRR x448 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12638 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12639 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12640 0 \
12641 -s "Protocol is TLSv1.3" \
12642 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12643 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12644 -s "HRR selected_group: secp384r1"
12645
12646requires_config_enabled MBEDTLS_SSL_SRV_C
12647requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12648requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12649requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12650requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12651requires_openssl_tls1_3
12652run_test "TLS 1.3 O->m: HRR x448 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12653 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12654 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12655 0 \
12656 -s "Protocol is TLSv1.3" \
12657 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12658 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12659 -s "HRR selected_group: secp521r1"
12660
12661requires_config_enabled MBEDTLS_SSL_SRV_C
12662requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12663requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12664requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12665requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12666requires_openssl_tls1_3
12667run_test "TLS 1.3 O->m: HRR x448 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12668 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12669 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12670 0 \
12671 -s "Protocol is TLSv1.3" \
12672 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12673 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12674 -s "HRR selected_group: x25519"
12675
12676requires_config_enabled MBEDTLS_SSL_SRV_C
12677requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12678requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12679requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12680requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12681requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12682requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12683run_test "TLS 1.3 O->m: HRR x448 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12684 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12685 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12686 0 \
12687 -s "Protocol is TLSv1.3" \
12688 -s "got named group: ffdhe2048(0100)" \
12689 -s "Certificate verification was skipped" \
12690 -s "HRR selected_group: ffdhe2048"
12691
12692requires_config_enabled MBEDTLS_SSL_SRV_C
12693requires_config_enabled MBEDTLS_DEBUG_C
12694requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12695requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12696requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12697requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12698run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12699 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12700 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:P-256 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12701 0 \
12702 -s "Protocol is TLSv1.3" \
12703 -s "got named group: secp256r1(0017)" \
12704 -s "Certificate verification was skipped" \
12705 -s "HRR selected_group: secp256r1"
12706
12707requires_config_enabled MBEDTLS_SSL_SRV_C
12708requires_config_enabled MBEDTLS_DEBUG_C
12709requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12710requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12711requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12712requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12713run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12714 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12715 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:P-384 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12716 0 \
12717 -s "Protocol is TLSv1.3" \
12718 -s "got named group: secp384r1(0018)" \
12719 -s "Certificate verification was skipped" \
12720 -s "HRR selected_group: secp384r1"
12721
12722requires_config_enabled MBEDTLS_SSL_SRV_C
12723requires_config_enabled MBEDTLS_DEBUG_C
12724requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12725requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12726requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12727requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12728run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12729 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12730 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:P-521 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12731 0 \
12732 -s "Protocol is TLSv1.3" \
12733 -s "got named group: secp521r1(0019)" \
12734 -s "Certificate verification was skipped" \
12735 -s "HRR selected_group: secp521r1"
12736
12737requires_config_enabled MBEDTLS_SSL_SRV_C
12738requires_config_enabled MBEDTLS_DEBUG_C
12739requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12740requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12741requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12742requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12743run_test "TLS 1.3 O->m: HRR ffdhe2048 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12744 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12745 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:X25519 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12746 0 \
12747 -s "Protocol is TLSv1.3" \
12748 -s "got named group: x25519(001d)" \
12749 -s "Certificate verification was skipped" \
12750 -s "HRR selected_group: x25519"
12751
12752requires_config_enabled MBEDTLS_SSL_SRV_C
12753requires_config_enabled MBEDTLS_DEBUG_C
12754requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12755requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12756requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12757requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12758run_test "TLS 1.3 O->m: HRR ffdhe2048 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12759 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12760 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:X448 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12761 0 \
12762 -s "Protocol is TLSv1.3" \
12763 -s "got named group: x448(001e)" \
12764 -s "Certificate verification was skipped" \
12765 -s "HRR selected_group: x448"
12766
12767requires_config_enabled MBEDTLS_SSL_SRV_C
12768requires_config_enabled MBEDTLS_DEBUG_C
12769requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12770requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12771requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12772requires_gnutls_tls1_3
12773requires_gnutls_next_no_ticket
12774requires_gnutls_next_disable_tls13_compat
12775run_test "TLS 1.3 G->m: HRR secp256r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12776 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12777 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12778 0 \
12779 -s "Protocol is TLSv1.3" \
12780 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12781 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12782 -s "HRR selected_group: secp384r1"
12783
12784requires_config_enabled MBEDTLS_SSL_SRV_C
12785requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12786requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12787requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12788requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12789requires_gnutls_tls1_3
12790requires_gnutls_next_no_ticket
12791requires_gnutls_next_disable_tls13_compat
12792run_test "TLS 1.3 G->m: HRR secp256r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12793 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12794 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12795 0 \
12796 -s "Protocol is TLSv1.3" \
12797 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12798 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12799 -s "HRR selected_group: secp521r1"
12800
12801requires_config_enabled MBEDTLS_SSL_SRV_C
12802requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12803requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12804requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12805requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12806requires_gnutls_tls1_3
12807requires_gnutls_next_no_ticket
12808requires_gnutls_next_disable_tls13_compat
12809run_test "TLS 1.3 G->m: HRR secp256r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12810 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12811 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12812 0 \
12813 -s "Protocol is TLSv1.3" \
12814 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12815 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12816 -s "HRR selected_group: x25519"
12817
12818requires_config_enabled MBEDTLS_SSL_SRV_C
12819requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12820requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12821requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12822requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12823requires_gnutls_tls1_3
12824requires_gnutls_next_no_ticket
12825requires_gnutls_next_disable_tls13_compat
12826run_test "TLS 1.3 G->m: HRR secp256r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12827 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12828 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12829 0 \
12830 -s "Protocol is TLSv1.3" \
12831 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12832 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12833 -s "HRR selected_group: x448"
12834
12835requires_config_enabled MBEDTLS_SSL_SRV_C
12836requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12837requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12838requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12839requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12840requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12841requires_gnutls_tls1_3
12842requires_gnutls_next_no_ticket
12843requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12844run_test "TLS 1.3 G->m: HRR secp256r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12845 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12846 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12847 0 \
12848 -s "Protocol is TLSv1.3" \
12849 -s "got named group: ffdhe2048(0100)" \
12850 -s "Certificate verification was skipped" \
12851 -s "HRR selected_group: ffdhe2048"
12852
12853requires_config_enabled MBEDTLS_SSL_SRV_C
12854requires_config_enabled MBEDTLS_DEBUG_C
12855requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12856requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12857requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12858requires_gnutls_tls1_3
12859requires_gnutls_next_no_ticket
12860requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12861run_test "TLS 1.3 G->m: HRR secp384r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12862 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12863 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12864 0 \
12865 -s "Protocol is TLSv1.3" \
12866 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12867 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12868 -s "HRR selected_group: secp256r1"
12869
12870requires_config_enabled MBEDTLS_SSL_SRV_C
12871requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12872requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12873requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12874requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12875requires_gnutls_tls1_3
12876requires_gnutls_next_no_ticket
12877requires_gnutls_next_disable_tls13_compat
12878run_test "TLS 1.3 G->m: HRR secp384r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12879 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12880 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12881 0 \
12882 -s "Protocol is TLSv1.3" \
12883 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12884 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12885 -s "HRR selected_group: secp521r1"
12886
12887requires_config_enabled MBEDTLS_SSL_SRV_C
12888requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12889requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12890requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12891requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12892requires_gnutls_tls1_3
12893requires_gnutls_next_no_ticket
12894requires_gnutls_next_disable_tls13_compat
12895run_test "TLS 1.3 G->m: HRR secp384r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12896 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12897 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12898 0 \
12899 -s "Protocol is TLSv1.3" \
12900 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12901 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12902 -s "HRR selected_group: x25519"
12903
12904requires_config_enabled MBEDTLS_SSL_SRV_C
12905requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12906requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12907requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12908requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12909requires_gnutls_tls1_3
12910requires_gnutls_next_no_ticket
12911requires_gnutls_next_disable_tls13_compat
12912run_test "TLS 1.3 G->m: HRR secp384r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12913 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12914 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12915 0 \
12916 -s "Protocol is TLSv1.3" \
12917 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12918 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12919 -s "HRR selected_group: x448"
12920
12921requires_config_enabled MBEDTLS_SSL_SRV_C
12922requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12923requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12924requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12925requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12926requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12927requires_gnutls_tls1_3
12928requires_gnutls_next_no_ticket
12929requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12930run_test "TLS 1.3 G->m: HRR secp384r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12931 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12932 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12933 0 \
12934 -s "Protocol is TLSv1.3" \
12935 -s "got named group: ffdhe2048(0100)" \
12936 -s "Certificate verification was skipped" \
12937 -s "HRR selected_group: ffdhe2048"
12938
12939requires_config_enabled MBEDTLS_SSL_SRV_C
12940requires_config_enabled MBEDTLS_DEBUG_C
12941requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12942requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12943requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12944requires_gnutls_tls1_3
12945requires_gnutls_next_no_ticket
12946requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12947run_test "TLS 1.3 G->m: HRR secp521r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12948 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12949 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12950 0 \
12951 -s "Protocol is TLSv1.3" \
12952 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12953 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12954 -s "HRR selected_group: secp256r1"
12955
12956requires_config_enabled MBEDTLS_SSL_SRV_C
12957requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12958requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12959requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12960requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12961requires_gnutls_tls1_3
12962requires_gnutls_next_no_ticket
12963requires_gnutls_next_disable_tls13_compat
12964run_test "TLS 1.3 G->m: HRR secp521r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12965 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12966 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12967 0 \
12968 -s "Protocol is TLSv1.3" \
12969 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12970 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12971 -s "HRR selected_group: secp384r1"
12972
12973requires_config_enabled MBEDTLS_SSL_SRV_C
12974requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12975requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12976requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12977requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12978requires_gnutls_tls1_3
12979requires_gnutls_next_no_ticket
12980requires_gnutls_next_disable_tls13_compat
12981run_test "TLS 1.3 G->m: HRR secp521r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12982 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12983 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12984 0 \
12985 -s "Protocol is TLSv1.3" \
12986 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12987 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12988 -s "HRR selected_group: x25519"
12989
12990requires_config_enabled MBEDTLS_SSL_SRV_C
12991requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12992requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12993requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12994requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12995requires_gnutls_tls1_3
12996requires_gnutls_next_no_ticket
12997requires_gnutls_next_disable_tls13_compat
12998run_test "TLS 1.3 G->m: HRR secp521r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]12999 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13000 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13001 0 \
13002 -s "Protocol is TLSv1.3" \
13003 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13004 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13005 -s "HRR selected_group: x448"
13006
13007requires_config_enabled MBEDTLS_SSL_SRV_C
13008requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13009requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13010requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13011requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13012requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13013requires_gnutls_tls1_3
13014requires_gnutls_next_no_ticket
13015requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13016run_test "TLS 1.3 G->m: HRR secp521r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13017 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13018 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13019 0 \
13020 -s "Protocol is TLSv1.3" \
13021 -s "got named group: ffdhe2048(0100)" \
13022 -s "Certificate verification was skipped" \
13023 -s "HRR selected_group: ffdhe2048"
13024
13025requires_config_enabled MBEDTLS_SSL_SRV_C
13026requires_config_enabled MBEDTLS_DEBUG_C
13027requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13028requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13029requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13030requires_gnutls_tls1_3
13031requires_gnutls_next_no_ticket
13032requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13033run_test "TLS 1.3 G->m: HRR x25519 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13034 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13035 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13036 0 \
13037 -s "Protocol is TLSv1.3" \
13038 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13039 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13040 -s "HRR selected_group: secp256r1"
13041
13042requires_config_enabled MBEDTLS_SSL_SRV_C
13043requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13044requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13045requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13046requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13047requires_gnutls_tls1_3
13048requires_gnutls_next_no_ticket
13049requires_gnutls_next_disable_tls13_compat
13050run_test "TLS 1.3 G->m: HRR x25519 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13051 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13052 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13053 0 \
13054 -s "Protocol is TLSv1.3" \
13055 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13056 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13057 -s "HRR selected_group: secp384r1"
13058
13059requires_config_enabled MBEDTLS_SSL_SRV_C
13060requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13061requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13062requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13063requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13064requires_gnutls_tls1_3
13065requires_gnutls_next_no_ticket
13066requires_gnutls_next_disable_tls13_compat
13067run_test "TLS 1.3 G->m: HRR x25519 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13068 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13069 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13070 0 \
13071 -s "Protocol is TLSv1.3" \
13072 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13073 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13074 -s "HRR selected_group: secp521r1"
13075
13076requires_config_enabled MBEDTLS_SSL_SRV_C
13077requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13078requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13079requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13080requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13081requires_gnutls_tls1_3
13082requires_gnutls_next_no_ticket
13083requires_gnutls_next_disable_tls13_compat
13084run_test "TLS 1.3 G->m: HRR x25519 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13085 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13086 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13087 0 \
13088 -s "Protocol is TLSv1.3" \
13089 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13090 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13091 -s "HRR selected_group: x448"
13092
13093requires_config_enabled MBEDTLS_SSL_SRV_C
13094requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13095requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13096requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13097requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13098requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13099requires_gnutls_tls1_3
13100requires_gnutls_next_no_ticket
13101requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13102run_test "TLS 1.3 G->m: HRR x25519 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13103 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13104 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13105 0 \
13106 -s "Protocol is TLSv1.3" \
13107 -s "got named group: ffdhe2048(0100)" \
13108 -s "Certificate verification was skipped" \
13109 -s "HRR selected_group: ffdhe2048"
13110
13111requires_config_enabled MBEDTLS_SSL_SRV_C
13112requires_config_enabled MBEDTLS_DEBUG_C
13113requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13114requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13115requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13116requires_gnutls_tls1_3
13117requires_gnutls_next_no_ticket
13118requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13119run_test "TLS 1.3 G->m: HRR x448 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13120 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13121 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13122 0 \
13123 -s "Protocol is TLSv1.3" \
13124 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13125 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13126 -s "HRR selected_group: secp256r1"
13127
13128requires_config_enabled MBEDTLS_SSL_SRV_C
13129requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13130requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13131requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13132requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13133requires_gnutls_tls1_3
13134requires_gnutls_next_no_ticket
13135requires_gnutls_next_disable_tls13_compat
13136run_test "TLS 1.3 G->m: HRR x448 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13137 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13138 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13139 0 \
13140 -s "Protocol is TLSv1.3" \
13141 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13142 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13143 -s "HRR selected_group: secp384r1"
13144
13145requires_config_enabled MBEDTLS_SSL_SRV_C
13146requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13147requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13148requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13149requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13150requires_gnutls_tls1_3
13151requires_gnutls_next_no_ticket
13152requires_gnutls_next_disable_tls13_compat
13153run_test "TLS 1.3 G->m: HRR x448 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13154 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13155 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13156 0 \
13157 -s "Protocol is TLSv1.3" \
13158 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13159 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13160 -s "HRR selected_group: secp521r1"
13161
13162requires_config_enabled MBEDTLS_SSL_SRV_C
13163requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13164requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13165requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13166requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13167requires_gnutls_tls1_3
13168requires_gnutls_next_no_ticket
13169requires_gnutls_next_disable_tls13_compat
13170run_test "TLS 1.3 G->m: HRR x448 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13171 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13172 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13173 0 \
13174 -s "Protocol is TLSv1.3" \
13175 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13176 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13177 -s "HRR selected_group: x25519"
13178
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13179requires_config_enabled MBEDTLS_SSL_SRV_C
13180requires_config_enabled MBEDTLS_DEBUG_C
13181requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13182requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13183requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13184requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13185requires_gnutls_tls1_3
13186requires_gnutls_next_no_ticket
13187requires_gnutls_next_disable_tls13_compat
13188run_test "TLS 1.3 G->m: HRR x448 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13189 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13190 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13191 0 \
13192 -s "Protocol is TLSv1.3" \
13193 -s "got named group: ffdhe2048(0100)" \
13194 -s "Certificate verification was skipped" \
13195 -s "HRR selected_group: ffdhe2048"
13196
13197requires_config_enabled MBEDTLS_SSL_SRV_C
13198requires_config_enabled MBEDTLS_DEBUG_C
13199requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13200requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13201requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13202requires_gnutls_tls1_3
13203requires_gnutls_next_no_ticket
13204requires_gnutls_next_disable_tls13_compat
13205run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13206 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13207 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13208 0 \
13209 -s "Protocol is TLSv1.3" \
13210 -s "got named group: secp256r1(0017)" \
13211 -s "Certificate verification was skipped" \
13212 -s "HRR selected_group: secp256r1"
13213
13214requires_config_enabled MBEDTLS_SSL_SRV_C
13215requires_config_enabled MBEDTLS_DEBUG_C
13216requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13217requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13218requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13219requires_gnutls_tls1_3
13220requires_gnutls_next_no_ticket
13221requires_gnutls_next_disable_tls13_compat
13222run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13223 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13224 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13225 0 \
13226 -s "Protocol is TLSv1.3" \
13227 -s "got named group: secp384r1(0018)" \
13228 -s "Certificate verification was skipped" \
13229 -s "HRR selected_group: secp384r1"
13230
13231requires_config_enabled MBEDTLS_SSL_SRV_C
13232requires_config_enabled MBEDTLS_DEBUG_C
13233requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13234requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13235requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13236requires_gnutls_tls1_3
13237requires_gnutls_next_no_ticket
13238requires_gnutls_next_disable_tls13_compat
13239run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13240 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13241 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13242 0 \
13243 -s "Protocol is TLSv1.3" \
13244 -s "got named group: secp521r1(0019)" \
13245 -s "Certificate verification was skipped" \
13246 -s "HRR selected_group: secp521r1"
13247
13248requires_config_enabled MBEDTLS_SSL_SRV_C
13249requires_config_enabled MBEDTLS_DEBUG_C
13250requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13251requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13252requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13253requires_gnutls_tls1_3
13254requires_gnutls_next_no_ticket
13255requires_gnutls_next_disable_tls13_compat
13256run_test "TLS 1.3 G->m: HRR ffdhe2048 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13257 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13258 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13259 0 \
13260 -s "Protocol is TLSv1.3" \
13261 -s "got named group: x25519(001d)" \
13262 -s "Certificate verification was skipped" \
13263 -s "HRR selected_group: x25519"
13264
13265requires_config_enabled MBEDTLS_SSL_SRV_C
13266requires_config_enabled MBEDTLS_DEBUG_C
13267requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13268requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13269requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13270requires_gnutls_tls1_3
13271requires_gnutls_next_no_ticket
13272requires_gnutls_next_disable_tls13_compat
13273run_test "TLS 1.3 G->m: HRR ffdhe2048 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13274 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13275 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13276 0 \
13277 -s "Protocol is TLSv1.3" \
13278 -s "got named group: x448(001e)" \
13279 -s "Certificate verification was skipped" \
13280 -s "HRR selected_group: x448"
13281
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13282requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13283requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13284requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13285requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13286requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13287requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]13288run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13289 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13290 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp384r1" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]13291 0 \
13292 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13293 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]13294 -c "NamedGroup: secp256r1 ( 17 )" \
13295 -c "NamedGroup: secp384r1 ( 18 )" \
13296 -c "Verifying peer X.509 certificate... ok" \
13297 -c "received HelloRetryRequest message" \
13298 -c "selected_group ( 24 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13299
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13300requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13301requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13302requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13303requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13304requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13305requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]13306run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13307 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13308 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp521r1" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13309 0 \
13310 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13311 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]13312 -c "NamedGroup: secp256r1 ( 17 )" \
13313 -c "NamedGroup: secp521r1 ( 19 )" \
13314 -c "Verifying peer X.509 certificate... ok" \
13315 -c "received HelloRetryRequest message" \
13316 -c "selected_group ( 25 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13317
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13318requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13319requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13320requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13321requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13322requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13323requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]13324run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13325 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13326 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x25519" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13327 0 \
13328 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13329 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]13330 -c "NamedGroup: secp256r1 ( 17 )" \
13331 -c "NamedGroup: x25519 ( 1d )" \
13332 -c "Verifying peer X.509 certificate... ok" \
13333 -c "received HelloRetryRequest message" \
13334 -c "selected_group ( 29 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13335
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13336requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13337requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13338requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13339requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13340requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13341requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]13342run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13343 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13344 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x448" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13345 0 \
13346 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13347 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]13348 -c "NamedGroup: secp256r1 ( 17 )" \
13349 -c "NamedGroup: x448 ( 1e )" \
13350 -c "Verifying peer X.509 certificate... ok" \
13351 -c "received HelloRetryRequest message" \
13352 -c "selected_group ( 30 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13353
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]13354requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13355requires_config_enabled MBEDTLS_SSL_CLI_C
13356requires_config_enabled MBEDTLS_DEBUG_C
13357requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13358requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13359requires_config_enabled PSA_WANT_ALG_ECDH
13360requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13361requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13362run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13363 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13364 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13365 0 \
13366 -c "HTTP/1.0 200 ok" \
13367 -c "Protocol is TLSv1.3" \
13368 -c "NamedGroup: secp256r1 ( 17 )" \
13369 -c "NamedGroup: ffdhe2048 ( 100 )" \
13370 -c "Verifying peer X.509 certificate... ok" \
13371 -c "received HelloRetryRequest message" \
13372 -c "selected_group ( 256 )"
13373
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13374requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13375requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13376requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13377requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13378requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13379requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13380run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13381 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13382 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13383 0 \
13384 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13385 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13386 -c "NamedGroup: secp384r1 ( 18 )" \
13387 -c "NamedGroup: secp256r1 ( 17 )" \
13388 -c "Verifying peer X.509 certificate... ok" \
13389 -c "received HelloRetryRequest message" \
13390 -c "selected_group ( 23 )"
13391
13392requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13393requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13394requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13395requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13396requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13397requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13398run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13399 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13400 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13401 0 \
13402 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13403 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13404 -c "NamedGroup: secp384r1 ( 18 )" \
13405 -c "NamedGroup: secp521r1 ( 19 )" \
13406 -c "Verifying peer X.509 certificate... ok" \
13407 -c "received HelloRetryRequest message" \
13408 -c "selected_group ( 25 )"
13409
13410requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13411requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13412requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13413requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13414requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13415requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13416run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13417 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13418 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13419 0 \
13420 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13421 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13422 -c "NamedGroup: secp384r1 ( 18 )" \
13423 -c "NamedGroup: x25519 ( 1d )" \
13424 -c "Verifying peer X.509 certificate... ok" \
13425 -c "received HelloRetryRequest message" \
13426 -c "selected_group ( 29 )"
13427
13428requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13429requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13430requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13431requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13432requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13433requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13434run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13435 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13436 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13437 0 \
13438 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13439 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13440 -c "NamedGroup: secp384r1 ( 18 )" \
13441 -c "NamedGroup: x448 ( 1e )" \
13442 -c "Verifying peer X.509 certificate... ok" \
13443 -c "received HelloRetryRequest message" \
13444 -c "selected_group ( 30 )"
13445
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]13446requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13447requires_config_enabled MBEDTLS_SSL_CLI_C
13448requires_config_enabled MBEDTLS_DEBUG_C
13449requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13450requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13451requires_config_enabled PSA_WANT_ALG_ECDH
13452requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13453requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13454run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13455 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13456 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13457 0 \
13458 -c "HTTP/1.0 200 ok" \
13459 -c "Protocol is TLSv1.3" \
13460 -c "NamedGroup: secp384r1 ( 18 )" \
13461 -c "NamedGroup: ffdhe2048 ( 100 )" \
13462 -c "Verifying peer X.509 certificate... ok" \
13463 -c "received HelloRetryRequest message" \
13464 -c "selected_group ( 256 )"
13465
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13466requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13467requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13468requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13469requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13470requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13471requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13472run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13473 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13474 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13475 0 \
13476 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13477 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13478 -c "NamedGroup: secp521r1 ( 19 )" \
13479 -c "NamedGroup: secp256r1 ( 17 )" \
13480 -c "Verifying peer X.509 certificate... ok" \
13481 -c "received HelloRetryRequest message" \
13482 -c "selected_group ( 23 )"
13483
13484requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13485requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13486requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13487requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13488requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13489requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13490run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13491 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13492 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13493 0 \
13494 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13495 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13496 -c "NamedGroup: secp521r1 ( 19 )" \
13497 -c "NamedGroup: secp384r1 ( 18 )" \
13498 -c "Verifying peer X.509 certificate... ok" \
13499 -c "received HelloRetryRequest message" \
13500 -c "selected_group ( 24 )"
13501
13502requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13503requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13504requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13505requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13506requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13507requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13508run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13509 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13510 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13511 0 \
13512 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13513 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13514 -c "NamedGroup: secp521r1 ( 19 )" \
13515 -c "NamedGroup: x25519 ( 1d )" \
13516 -c "Verifying peer X.509 certificate... ok" \
13517 -c "received HelloRetryRequest message" \
13518 -c "selected_group ( 29 )"
13519
13520requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13521requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13522requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13523requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13524requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13525requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13526run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13527 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13528 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13529 0 \
13530 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13531 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13532 -c "NamedGroup: secp521r1 ( 19 )" \
13533 -c "NamedGroup: x448 ( 1e )" \
13534 -c "Verifying peer X.509 certificate... ok" \
13535 -c "received HelloRetryRequest message" \
13536 -c "selected_group ( 30 )"
13537
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]13538requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13539requires_config_enabled MBEDTLS_SSL_CLI_C
13540requires_config_enabled MBEDTLS_DEBUG_C
13541requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13542requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13543requires_config_enabled PSA_WANT_ALG_ECDH
13544requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13545requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13546run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13547 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13548 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13549 0 \
13550 -c "HTTP/1.0 200 ok" \
13551 -c "Protocol is TLSv1.3" \
13552 -c "NamedGroup: secp521r1 ( 19 )" \
13553 -c "NamedGroup: ffdhe2048 ( 100 )" \
13554 -c "Verifying peer X.509 certificate... ok" \
13555 -c "received HelloRetryRequest message" \
13556 -c "selected_group ( 256 )"
13557
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13558requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13559requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13560requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13561requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13562requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13563requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13564run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13565 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13566 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13567 0 \
13568 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13569 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13570 -c "NamedGroup: x25519 ( 1d )" \
13571 -c "NamedGroup: secp256r1 ( 17 )" \
13572 -c "Verifying peer X.509 certificate... ok" \
13573 -c "received HelloRetryRequest message" \
13574 -c "selected_group ( 23 )"
13575
13576requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13577requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13578requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13579requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13580requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13581requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13582run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13583 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13584 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13585 0 \
13586 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13587 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13588 -c "NamedGroup: x25519 ( 1d )" \
13589 -c "NamedGroup: secp384r1 ( 18 )" \
13590 -c "Verifying peer X.509 certificate... ok" \
13591 -c "received HelloRetryRequest message" \
13592 -c "selected_group ( 24 )"
13593
13594requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13595requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13596requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13597requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13598requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13599requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13600run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13601 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13602 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13603 0 \
13604 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13605 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13606 -c "NamedGroup: x25519 ( 1d )" \
13607 -c "NamedGroup: secp521r1 ( 19 )" \
13608 -c "Verifying peer X.509 certificate... ok" \
13609 -c "received HelloRetryRequest message" \
13610 -c "selected_group ( 25 )"
13611
13612requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13613requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13614requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13615requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13616requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13617requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13618run_test "TLS 1.3 m->O: HRR x25519 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13619 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13620 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13621 0 \
13622 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13623 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13624 -c "NamedGroup: x25519 ( 1d )" \
13625 -c "NamedGroup: x448 ( 1e )" \
13626 -c "Verifying peer X.509 certificate... ok" \
13627 -c "received HelloRetryRequest message" \
13628 -c "selected_group ( 30 )"
13629
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]13630requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13631requires_config_enabled MBEDTLS_SSL_CLI_C
13632requires_config_enabled MBEDTLS_DEBUG_C
13633requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13634requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13635requires_config_enabled PSA_WANT_ALG_ECDH
13636requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13637requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13638run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13639 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13640 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13641 0 \
13642 -c "HTTP/1.0 200 ok" \
13643 -c "Protocol is TLSv1.3" \
13644 -c "NamedGroup: x25519 ( 1d )" \
13645 -c "NamedGroup: ffdhe2048 ( 100 )" \
13646 -c "Verifying peer X.509 certificate... ok" \
13647 -c "received HelloRetryRequest message" \
13648 -c "selected_group ( 256 )"
13649
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13650requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13651requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13652requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13653requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13654requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13655requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13656run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13657 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13658 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13659 0 \
13660 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13661 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13662 -c "NamedGroup: x448 ( 1e )" \
13663 -c "NamedGroup: secp256r1 ( 17 )" \
13664 -c "Verifying peer X.509 certificate... ok" \
13665 -c "received HelloRetryRequest message" \
13666 -c "selected_group ( 23 )"
13667
13668requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13669requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13670requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13671requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13672requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13673requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13674run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13675 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13676 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13677 0 \
13678 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13679 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13680 -c "NamedGroup: x448 ( 1e )" \
13681 -c "NamedGroup: secp384r1 ( 18 )" \
13682 -c "Verifying peer X.509 certificate... ok" \
13683 -c "received HelloRetryRequest message" \
13684 -c "selected_group ( 24 )"
13685
13686requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13687requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13688requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13689requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13690requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13691requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13692run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13693 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13694 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13695 0 \
13696 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13697 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13698 -c "NamedGroup: x448 ( 1e )" \
13699 -c "NamedGroup: secp521r1 ( 19 )" \
13700 -c "Verifying peer X.509 certificate... ok" \
13701 -c "received HelloRetryRequest message" \
13702 -c "selected_group ( 25 )"
13703
13704requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13705requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13706requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13707requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13708requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13709requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13710run_test "TLS 1.3 m->O: HRR x448 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13711 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13712 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13713 0 \
13714 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13715 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13716 -c "NamedGroup: x448 ( 1e )" \
13717 -c "NamedGroup: x25519 ( 1d )" \
13718 -c "Verifying peer X.509 certificate... ok" \
13719 -c "received HelloRetryRequest message" \
13720 -c "selected_group ( 29 )"
13721
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]13722requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13723requires_config_enabled MBEDTLS_SSL_CLI_C
13724requires_config_enabled MBEDTLS_DEBUG_C
13725requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13726requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13727requires_config_enabled PSA_WANT_ALG_ECDH
13728requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13729requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13730run_test "TLS 1.3 m->O: HRR x448 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13731 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13732 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13733 0 \
13734 -c "HTTP/1.0 200 ok" \
13735 -c "Protocol is TLSv1.3" \
13736 -c "NamedGroup: x448 ( 1e )" \
13737 -c "NamedGroup: ffdhe2048 ( 100 )" \
13738 -c "Verifying peer X.509 certificate... ok" \
13739 -c "received HelloRetryRequest message" \
13740 -c "selected_group ( 256 )"
13741
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13742requires_openssl_tls1_3
13743requires_config_enabled MBEDTLS_SSL_CLI_C
13744requires_config_enabled MBEDTLS_DEBUG_C
13745requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13746requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13747requires_config_enabled PSA_WANT_ALG_ECDH
13748requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13749requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13750run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13751 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13752 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13753 0 \
13754 -c "HTTP/1.0 200 ok" \
13755 -c "Protocol is TLSv1.3" \
13756 -c "NamedGroup: ffdhe2048 ( 100 )" \
13757 -c "NamedGroup: secp256r1 ( 17 )" \
13758 -c "Verifying peer X.509 certificate... ok" \
13759 -c "received HelloRetryRequest message" \
13760 -c "selected_group ( 23 )"
13761
13762requires_openssl_tls1_3
13763requires_config_enabled MBEDTLS_SSL_CLI_C
13764requires_config_enabled MBEDTLS_DEBUG_C
13765requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13766requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13767requires_config_enabled PSA_WANT_ALG_ECDH
13768requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13769requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13770run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13771 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13772 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13773 0 \
13774 -c "HTTP/1.0 200 ok" \
13775 -c "Protocol is TLSv1.3" \
13776 -c "NamedGroup: ffdhe2048 ( 100 )" \
13777 -c "NamedGroup: secp384r1 ( 18 )" \
13778 -c "Verifying peer X.509 certificate... ok" \
13779 -c "received HelloRetryRequest message" \
13780 -c "selected_group ( 24 )"
13781
13782requires_openssl_tls1_3
13783requires_config_enabled MBEDTLS_SSL_CLI_C
13784requires_config_enabled MBEDTLS_DEBUG_C
13785requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13786requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13787requires_config_enabled PSA_WANT_ALG_ECDH
13788requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13789requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13790run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13791 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13792 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13793 0 \
13794 -c "HTTP/1.0 200 ok" \
13795 -c "Protocol is TLSv1.3" \
13796 -c "NamedGroup: ffdhe2048 ( 100 )" \
13797 -c "NamedGroup: secp521r1 ( 19 )" \
13798 -c "Verifying peer X.509 certificate... ok" \
13799 -c "received HelloRetryRequest message" \
13800 -c "selected_group ( 25 )"
13801
13802requires_openssl_tls1_3
13803requires_config_enabled MBEDTLS_SSL_CLI_C
13804requires_config_enabled MBEDTLS_DEBUG_C
13805requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13806requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13807requires_config_enabled PSA_WANT_ALG_ECDH
13808requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13809requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13810run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13811 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13812 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13813 0 \
13814 -c "HTTP/1.0 200 ok" \
13815 -c "Protocol is TLSv1.3" \
13816 -c "NamedGroup: ffdhe2048 ( 100 )" \
13817 -c "NamedGroup: x25519 ( 1d )" \
13818 -c "Verifying peer X.509 certificate... ok" \
13819 -c "received HelloRetryRequest message" \
13820 -c "selected_group ( 29 )"
13821
13822requires_openssl_tls1_3
13823requires_config_enabled MBEDTLS_SSL_CLI_C
13824requires_config_enabled MBEDTLS_DEBUG_C
13825requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13826requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13827requires_config_enabled PSA_WANT_ALG_ECDH
13828requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13829requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13830run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13831 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13832 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13833 0 \
13834 -c "HTTP/1.0 200 ok" \
13835 -c "Protocol is TLSv1.3" \
13836 -c "NamedGroup: ffdhe2048 ( 100 )" \
13837 -c "NamedGroup: x448 ( 1e )" \
13838 -c "Verifying peer X.509 certificate... ok" \
13839 -c "received HelloRetryRequest message" \
13840 -c "selected_group ( 30 )"
13841
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13842requires_gnutls_tls1_3
13843requires_gnutls_next_no_ticket
13844requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13845requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13846requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13847requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13848requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13849requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13850run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13851 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
13852 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13853 0 \
13854 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13855 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13856 -c "NamedGroup: secp256r1 ( 17 )" \
13857 -c "NamedGroup: secp384r1 ( 18 )" \
13858 -c "Verifying peer X.509 certificate... ok" \
13859 -c "received HelloRetryRequest message" \
13860 -c "selected_group ( 24 )"
13861
13862requires_gnutls_tls1_3
13863requires_gnutls_next_no_ticket
13864requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13865requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13866requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13867requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13868requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13869requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13870run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13871 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
13872 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13873 0 \
13874 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13875 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13876 -c "NamedGroup: secp256r1 ( 17 )" \
13877 -c "NamedGroup: secp521r1 ( 19 )" \
13878 -c "Verifying peer X.509 certificate... ok" \
13879 -c "received HelloRetryRequest message" \
13880 -c "selected_group ( 25 )"
13881
13882requires_gnutls_tls1_3
13883requires_gnutls_next_no_ticket
13884requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13885requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13886requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13887requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13888requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13889requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13890run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13891 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
13892 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13893 0 \
13894 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13895 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13896 -c "NamedGroup: secp256r1 ( 17 )" \
13897 -c "NamedGroup: x25519 ( 1d )" \
13898 -c "Verifying peer X.509 certificate... ok" \
13899 -c "received HelloRetryRequest message" \
13900 -c "selected_group ( 29 )"
13901
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13902requires_gnutls_tls1_3
13903requires_gnutls_next_no_ticket
13904requires_gnutls_next_disable_tls13_compat
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13905requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13906requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13907requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13908requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13909requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]13910run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13911 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
13912 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x448" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13913 0 \
13914 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13915 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]13916 -c "NamedGroup: secp256r1 ( 17 )" \
13917 -c "NamedGroup: x448 ( 1e )" \
13918 -c "Verifying peer X.509 certificate... ok" \
13919 -c "received HelloRetryRequest message" \
13920 -c "selected_group ( 30 )"
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13921
13922requires_gnutls_tls1_3
13923requires_gnutls_next_no_ticket
13924requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13925requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13926requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13927requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13928requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13929requires_config_enabled PSA_WANT_ALG_ECDH
13930requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13931requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13932run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13933 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
13934 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13935 0 \
13936 -c "HTTP/1.0 200 OK" \
13937 -c "Protocol is TLSv1.3" \
13938 -c "NamedGroup: secp256r1 ( 17 )" \
13939 -c "NamedGroup: ffdhe2048 ( 100 )" \
13940 -c "Verifying peer X.509 certificate... ok" \
13941 -c "received HelloRetryRequest message" \
13942 -c "selected_group ( 256 )"
13943
13944requires_gnutls_tls1_3
13945requires_gnutls_next_no_ticket
13946requires_gnutls_next_disable_tls13_compat
13947requires_config_enabled MBEDTLS_SSL_CLI_C
13948requires_config_enabled MBEDTLS_DEBUG_C
13949requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13950requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13951requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13952run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13953 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
13954 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13955 0 \
13956 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13957 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13958 -c "NamedGroup: secp384r1 ( 18 )" \
13959 -c "NamedGroup: secp256r1 ( 17 )" \
13960 -c "Verifying peer X.509 certificate... ok" \
13961 -c "received HelloRetryRequest message" \
13962 -c "selected_group ( 23 )"
13963
13964requires_gnutls_tls1_3
13965requires_gnutls_next_no_ticket
13966requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13967requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13968requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13969requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13970requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13971requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13972run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13973 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
13974 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13975 0 \
13976 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13977 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13978 -c "NamedGroup: secp384r1 ( 18 )" \
13979 -c "NamedGroup: secp521r1 ( 19 )" \
13980 -c "Verifying peer X.509 certificate... ok" \
13981 -c "received HelloRetryRequest message" \
13982 -c "selected_group ( 25 )"
13983
13984requires_gnutls_tls1_3
13985requires_gnutls_next_no_ticket
13986requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13987requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13988requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13989requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13990requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13991requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13992run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]13993 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
13994 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13995 0 \
13996 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13997 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13998 -c "NamedGroup: secp384r1 ( 18 )" \
13999 -c "NamedGroup: x25519 ( 1d )" \
14000 -c "Verifying peer X.509 certificate... ok" \
14001 -c "received HelloRetryRequest message" \
14002 -c "selected_group ( 29 )"
14003
14004requires_gnutls_tls1_3
14005requires_gnutls_next_no_ticket
14006requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14007requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14008requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14009requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14010requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14011requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14012run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14013 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
14014 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14015 0 \
14016 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14017 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14018 -c "NamedGroup: secp384r1 ( 18 )" \
14019 -c "NamedGroup: x448 ( 1e )" \
14020 -c "Verifying peer X.509 certificate... ok" \
14021 -c "received HelloRetryRequest message" \
14022 -c "selected_group ( 30 )"
14023
14024requires_gnutls_tls1_3
14025requires_gnutls_next_no_ticket
14026requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14027requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14028requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14029requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14030requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14031requires_config_enabled PSA_WANT_ALG_ECDH
14032requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14033requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14034run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14035 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14036 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14037 0 \
14038 -c "HTTP/1.0 200 OK" \
14039 -c "Protocol is TLSv1.3" \
14040 -c "NamedGroup: secp384r1 ( 18 )" \
14041 -c "NamedGroup: ffdhe2048 ( 100 )" \
14042 -c "Verifying peer X.509 certificate... ok" \
14043 -c "received HelloRetryRequest message" \
14044 -c "selected_group ( 256 )"
14045
14046requires_gnutls_tls1_3
14047requires_gnutls_next_no_ticket
14048requires_gnutls_next_disable_tls13_compat
14049requires_config_enabled MBEDTLS_SSL_CLI_C
14050requires_config_enabled MBEDTLS_DEBUG_C
14051requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14052requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14053requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14054run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14055 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
14056 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14057 0 \
14058 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14059 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14060 -c "NamedGroup: secp521r1 ( 19 )" \
14061 -c "NamedGroup: secp256r1 ( 17 )" \
14062 -c "Verifying peer X.509 certificate... ok" \
14063 -c "received HelloRetryRequest message" \
14064 -c "selected_group ( 23 )"
14065
14066requires_gnutls_tls1_3
14067requires_gnutls_next_no_ticket
14068requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14069requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14070requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14071requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14072requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14073requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14074run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14075 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
14076 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14077 0 \
14078 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14079 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14080 -c "NamedGroup: secp521r1 ( 19 )" \
14081 -c "NamedGroup: secp384r1 ( 18 )" \
14082 -c "Verifying peer X.509 certificate... ok" \
14083 -c "received HelloRetryRequest message" \
14084 -c "selected_group ( 24 )"
14085
14086requires_gnutls_tls1_3
14087requires_gnutls_next_no_ticket
14088requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14089requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14090requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14091requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14092requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14093requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14094run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14095 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
14096 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14097 0 \
14098 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14099 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14100 -c "NamedGroup: secp521r1 ( 19 )" \
14101 -c "NamedGroup: x25519 ( 1d )" \
14102 -c "Verifying peer X.509 certificate... ok" \
14103 -c "received HelloRetryRequest message" \
14104 -c "selected_group ( 29 )"
14105
14106requires_gnutls_tls1_3
14107requires_gnutls_next_no_ticket
14108requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14109requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14110requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14111requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14112requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14113requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14114run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14115 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
14116 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14117 0 \
14118 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14119 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14120 -c "NamedGroup: secp521r1 ( 19 )" \
14121 -c "NamedGroup: x448 ( 1e )" \
14122 -c "Verifying peer X.509 certificate... ok" \
14123 -c "received HelloRetryRequest message" \
14124 -c "selected_group ( 30 )"
14125
14126requires_gnutls_tls1_3
14127requires_gnutls_next_no_ticket
14128requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14129requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14130requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14131requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14132requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14133requires_config_enabled PSA_WANT_ALG_ECDH
14134requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14135requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14136run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14137 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14138 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14139 0 \
14140 -c "HTTP/1.0 200 OK" \
14141 -c "Protocol is TLSv1.3" \
14142 -c "NamedGroup: secp521r1 ( 19 )" \
14143 -c "NamedGroup: ffdhe2048 ( 100 )" \
14144 -c "Verifying peer X.509 certificate... ok" \
14145 -c "received HelloRetryRequest message" \
14146 -c "selected_group ( 256 )"
14147
14148requires_gnutls_tls1_3
14149requires_gnutls_next_no_ticket
14150requires_gnutls_next_disable_tls13_compat
14151requires_config_enabled MBEDTLS_SSL_CLI_C
14152requires_config_enabled MBEDTLS_DEBUG_C
14153requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14154requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14155requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14156run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14157 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
14158 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14159 0 \
14160 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14161 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14162 -c "NamedGroup: x25519 ( 1d )" \
14163 -c "NamedGroup: secp256r1 ( 17 )" \
14164 -c "Verifying peer X.509 certificate... ok" \
14165 -c "received HelloRetryRequest message" \
14166 -c "selected_group ( 23 )"
14167
14168requires_gnutls_tls1_3
14169requires_gnutls_next_no_ticket
14170requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14171requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14172requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14173requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14174requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14175requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14176run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14177 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
14178 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14179 0 \
14180 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14181 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14182 -c "NamedGroup: x25519 ( 1d )" \
14183 -c "NamedGroup: secp384r1 ( 18 )" \
14184 -c "Verifying peer X.509 certificate... ok" \
14185 -c "received HelloRetryRequest message" \
14186 -c "selected_group ( 24 )"
14187
14188requires_gnutls_tls1_3
14189requires_gnutls_next_no_ticket
14190requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14191requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14192requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14193requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14194requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14195requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14196run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14197 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
14198 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14199 0 \
14200 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14201 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14202 -c "NamedGroup: x25519 ( 1d )" \
14203 -c "NamedGroup: secp521r1 ( 19 )" \
14204 -c "Verifying peer X.509 certificate... ok" \
14205 -c "received HelloRetryRequest message" \
14206 -c "selected_group ( 25 )"
14207
14208requires_gnutls_tls1_3
14209requires_gnutls_next_no_ticket
14210requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14211requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14212requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14213requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14214requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14215requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14216run_test "TLS 1.3 m->G: HRR x25519 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14217 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
14218 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14219 0 \
14220 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14221 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14222 -c "NamedGroup: x25519 ( 1d )" \
14223 -c "NamedGroup: x448 ( 1e )" \
14224 -c "Verifying peer X.509 certificate... ok" \
14225 -c "received HelloRetryRequest message" \
14226 -c "selected_group ( 30 )"
14227
14228requires_gnutls_tls1_3
14229requires_gnutls_next_no_ticket
14230requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14231requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14232requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14233requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14234requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14235requires_config_enabled PSA_WANT_ALG_ECDH
14236requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14237requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14238run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14239 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14240 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14241 0 \
14242 -c "HTTP/1.0 200 OK" \
14243 -c "Protocol is TLSv1.3" \
14244 -c "NamedGroup: x25519 ( 1d )" \
14245 -c "NamedGroup: ffdhe2048 ( 100 )" \
14246 -c "Verifying peer X.509 certificate... ok" \
14247 -c "received HelloRetryRequest message" \
14248 -c "selected_group ( 256 )"
14249
14250requires_gnutls_tls1_3
14251requires_gnutls_next_no_ticket
14252requires_gnutls_next_disable_tls13_compat
14253requires_config_enabled MBEDTLS_SSL_CLI_C
14254requires_config_enabled MBEDTLS_DEBUG_C
14255requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14256requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14257requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14258run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14259 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
14260 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14261 0 \
14262 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14263 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14264 -c "NamedGroup: x448 ( 1e )" \
14265 -c "NamedGroup: secp256r1 ( 17 )" \
14266 -c "Verifying peer X.509 certificate... ok" \
14267 -c "received HelloRetryRequest message" \
14268 -c "selected_group ( 23 )"
14269
14270requires_gnutls_tls1_3
14271requires_gnutls_next_no_ticket
14272requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14273requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14274requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14275requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14276requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14277requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14278run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14279 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
14280 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14281 0 \
14282 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14283 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14284 -c "NamedGroup: x448 ( 1e )" \
14285 -c "NamedGroup: secp384r1 ( 18 )" \
14286 -c "Verifying peer X.509 certificate... ok" \
14287 -c "received HelloRetryRequest message" \
14288 -c "selected_group ( 24 )"
14289
14290requires_gnutls_tls1_3
14291requires_gnutls_next_no_ticket
14292requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14293requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14294requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14295requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14296requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14297requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14298run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14299 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
14300 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14301 0 \
14302 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14303 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14304 -c "NamedGroup: x448 ( 1e )" \
14305 -c "NamedGroup: secp521r1 ( 19 )" \
14306 -c "Verifying peer X.509 certificate... ok" \
14307 -c "received HelloRetryRequest message" \
14308 -c "selected_group ( 25 )"
14309
14310requires_gnutls_tls1_3
14311requires_gnutls_next_no_ticket
14312requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14313requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14314requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14315requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14316requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14317requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14318run_test "TLS 1.3 m->G: HRR x448 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14319 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
14320 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14321 0 \
14322 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14323 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14324 -c "NamedGroup: x448 ( 1e )" \
14325 -c "NamedGroup: x25519 ( 1d )" \
14326 -c "Verifying peer X.509 certificate... ok" \
14327 -c "received HelloRetryRequest message" \
14328 -c "selected_group ( 29 )"
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14329
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14330requires_gnutls_tls1_3
14331requires_gnutls_next_no_ticket
14332requires_gnutls_next_disable_tls13_compat
14333requires_config_enabled MBEDTLS_SSL_CLI_C
14334requires_config_enabled MBEDTLS_DEBUG_C
14335requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14336requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14337requires_config_enabled PSA_WANT_ALG_ECDH
14338requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14339requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14340run_test "TLS 1.3 m->G: HRR x448 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14341 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14342 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14343 0 \
14344 -c "HTTP/1.0 200 OK" \
14345 -c "Protocol is TLSv1.3" \
14346 -c "NamedGroup: x448 ( 1e )" \
14347 -c "NamedGroup: ffdhe2048 ( 100 )" \
14348 -c "Verifying peer X.509 certificate... ok" \
14349 -c "received HelloRetryRequest message" \
14350 -c "selected_group ( 256 )"
14351
14352requires_gnutls_tls1_3
14353requires_gnutls_next_no_ticket
14354requires_gnutls_next_disable_tls13_compat
14355requires_config_enabled MBEDTLS_SSL_CLI_C
14356requires_config_enabled MBEDTLS_DEBUG_C
14357requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14358requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14359requires_config_enabled PSA_WANT_ALG_ECDH
14360requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14361requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14362run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14363 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
14364 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14365 0 \
14366 -c "HTTP/1.0 200 OK" \
14367 -c "Protocol is TLSv1.3" \
14368 -c "NamedGroup: ffdhe2048 ( 100 )" \
14369 -c "NamedGroup: secp256r1 ( 17 )" \
14370 -c "Verifying peer X.509 certificate... ok" \
14371 -c "received HelloRetryRequest message" \
14372 -c "selected_group ( 23 )"
14373
14374requires_gnutls_tls1_3
14375requires_gnutls_next_no_ticket
14376requires_gnutls_next_disable_tls13_compat
14377requires_config_enabled MBEDTLS_SSL_CLI_C
14378requires_config_enabled MBEDTLS_DEBUG_C
14379requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14380requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14381requires_config_enabled PSA_WANT_ALG_ECDH
14382requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14383requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14384run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14385 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
14386 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14387 0 \
14388 -c "HTTP/1.0 200 OK" \
14389 -c "Protocol is TLSv1.3" \
14390 -c "NamedGroup: ffdhe2048 ( 100 )" \
14391 -c "NamedGroup: secp384r1 ( 18 )" \
14392 -c "Verifying peer X.509 certificate... ok" \
14393 -c "received HelloRetryRequest message" \
14394 -c "selected_group ( 24 )"
14395
14396requires_gnutls_tls1_3
14397requires_gnutls_next_no_ticket
14398requires_gnutls_next_disable_tls13_compat
14399requires_config_enabled MBEDTLS_SSL_CLI_C
14400requires_config_enabled MBEDTLS_DEBUG_C
14401requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14402requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14403requires_config_enabled PSA_WANT_ALG_ECDH
14404requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14405requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14406run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14407 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
14408 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14409 0 \
14410 -c "HTTP/1.0 200 OK" \
14411 -c "Protocol is TLSv1.3" \
14412 -c "NamedGroup: ffdhe2048 ( 100 )" \
14413 -c "NamedGroup: secp521r1 ( 19 )" \
14414 -c "Verifying peer X.509 certificate... ok" \
14415 -c "received HelloRetryRequest message" \
14416 -c "selected_group ( 25 )"
14417
14418requires_gnutls_tls1_3
14419requires_gnutls_next_no_ticket
14420requires_gnutls_next_disable_tls13_compat
14421requires_config_enabled MBEDTLS_SSL_CLI_C
14422requires_config_enabled MBEDTLS_DEBUG_C
14423requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14424requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14425requires_config_enabled PSA_WANT_ALG_ECDH
14426requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14427requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14428run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14429 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
14430 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14431 0 \
14432 -c "HTTP/1.0 200 OK" \
14433 -c "Protocol is TLSv1.3" \
14434 -c "NamedGroup: ffdhe2048 ( 100 )" \
14435 -c "NamedGroup: x25519 ( 1d )" \
14436 -c "Verifying peer X.509 certificate... ok" \
14437 -c "received HelloRetryRequest message" \
14438 -c "selected_group ( 29 )"
14439
14440requires_gnutls_tls1_3
14441requires_gnutls_next_no_ticket
14442requires_gnutls_next_disable_tls13_compat
14443requires_config_enabled MBEDTLS_SSL_CLI_C
14444requires_config_enabled MBEDTLS_DEBUG_C
14445requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14446requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14447requires_config_enabled PSA_WANT_ALG_ECDH
14448requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14449requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14450run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14451 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
14452 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14453 0 \
14454 -c "HTTP/1.0 200 OK" \
14455 -c "Protocol is TLSv1.3" \
14456 -c "NamedGroup: ffdhe2048 ( 100 )" \
14457 -c "NamedGroup: x448 ( 1e )" \
14458 -c "Verifying peer X.509 certificate... ok" \
14459 -c "received HelloRetryRequest message" \
14460 -c "selected_group ( 30 )"
14461
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14462requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14463requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14464requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14465requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14466requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14467requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14468requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14469requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14470requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14471requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14472run_test "TLS 1.3 m->m: HRR secp256r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14473 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14474 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14475 0 \
14476 -s "Protocol is TLSv1.3" \
14477 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14478 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14479 -c "Protocol is TLSv1.3" \
14480 -c "NamedGroup: secp256r1 ( 17 )" \
14481 -c "NamedGroup: secp384r1 ( 18 )" \
14482 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14483 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14484 -c "received HelloRetryRequest message" \
14485 -c "selected_group ( 24 )"
14486
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14487requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14488requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14489requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14490requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14491requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14492requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14493requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14494requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14495requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14496requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14497run_test "TLS 1.3 m->m: HRR secp256r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14498 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14499 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14500 0 \
14501 -s "Protocol is TLSv1.3" \
14502 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14503 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14504 -c "Protocol is TLSv1.3" \
14505 -c "NamedGroup: secp256r1 ( 17 )" \
14506 -c "NamedGroup: secp521r1 ( 19 )" \
14507 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14508 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14509 -c "received HelloRetryRequest message" \
14510 -c "selected_group ( 25 )"
14511
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14512requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14513requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14514requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14515requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14516requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14517requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14518requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14519requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14520requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14521requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14522run_test "TLS 1.3 m->m: HRR secp256r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14523 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14524 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14525 0 \
14526 -s "Protocol is TLSv1.3" \
14527 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14528 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14529 -c "Protocol is TLSv1.3" \
14530 -c "NamedGroup: secp256r1 ( 17 )" \
14531 -c "NamedGroup: x25519 ( 1d )" \
14532 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14533 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14534 -c "received HelloRetryRequest message" \
14535 -c "selected_group ( 29 )"
14536
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14537requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14538requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14539requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14540requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14541requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14542requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14543requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14544requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14545requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14546requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14547run_test "TLS 1.3 m->m: HRR secp256r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14548 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14549 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14550 0 \
14551 -s "Protocol is TLSv1.3" \
14552 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14553 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14554 -c "Protocol is TLSv1.3" \
14555 -c "NamedGroup: secp256r1 ( 17 )" \
14556 -c "NamedGroup: x448 ( 1e )" \
14557 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14558 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14559 -c "received HelloRetryRequest message" \
14560 -c "selected_group ( 30 )"
14561
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14562requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14563requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14564requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14565requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14566requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14567requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14568requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14569requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14570requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14571requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14572requires_config_enabled PSA_WANT_ALG_ECDH
14573requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14574requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14575run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14576 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14577 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14578 0 \
14579 -s "Protocol is TLSv1.3" \
14580 -s "got named group: ffdhe2048(0100)" \
14581 -s "Certificate verification was skipped" \
14582 -c "Protocol is TLSv1.3" \
14583 -c "NamedGroup: secp256r1 ( 17 )" \
14584 -c "NamedGroup: ffdhe2048 ( 100 )" \
14585 -c "Verifying peer X.509 certificate... ok" \
14586 -s "HRR selected_group: ffdhe2048" \
14587 -c "received HelloRetryRequest message" \
14588 -c "selected_group ( 256 )"
14589
14590requires_config_enabled MBEDTLS_SSL_SRV_C
14591requires_config_enabled MBEDTLS_DEBUG_C
14592requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14593requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14594requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14595requires_config_enabled MBEDTLS_SSL_CLI_C
14596requires_config_enabled MBEDTLS_DEBUG_C
14597requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14598requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14599requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14600run_test "TLS 1.3 m->m: HRR secp384r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14601 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14602 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14603 0 \
14604 -s "Protocol is TLSv1.3" \
14605 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14606 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14607 -c "Protocol is TLSv1.3" \
14608 -c "NamedGroup: secp384r1 ( 18 )" \
14609 -c "NamedGroup: secp256r1 ( 17 )" \
14610 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14611 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14612 -c "received HelloRetryRequest message" \
14613 -c "selected_group ( 23 )"
14614
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14615requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14616requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14617requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14618requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14619requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14620requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14621requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14622requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14623requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14624requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14625run_test "TLS 1.3 m->m: HRR secp384r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14626 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14627 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14628 0 \
14629 -s "Protocol is TLSv1.3" \
14630 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14631 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14632 -c "Protocol is TLSv1.3" \
14633 -c "NamedGroup: secp384r1 ( 18 )" \
14634 -c "NamedGroup: secp521r1 ( 19 )" \
14635 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14636 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14637 -c "received HelloRetryRequest message" \
14638 -c "selected_group ( 25 )"
14639
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14640requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14641requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14642requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14643requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14644requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14645requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14646requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14647requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14648requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14649requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14650run_test "TLS 1.3 m->m: HRR secp384r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14651 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14652 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14653 0 \
14654 -s "Protocol is TLSv1.3" \
14655 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14656 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14657 -c "Protocol is TLSv1.3" \
14658 -c "NamedGroup: secp384r1 ( 18 )" \
14659 -c "NamedGroup: x25519 ( 1d )" \
14660 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14661 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14662 -c "received HelloRetryRequest message" \
14663 -c "selected_group ( 29 )"
14664
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14665requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14666requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14667requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14668requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14669requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14670requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14671requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14672requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14673requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14674requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14675run_test "TLS 1.3 m->m: HRR secp384r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14676 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14677 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14678 0 \
14679 -s "Protocol is TLSv1.3" \
14680 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14681 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14682 -c "Protocol is TLSv1.3" \
14683 -c "NamedGroup: secp384r1 ( 18 )" \
14684 -c "NamedGroup: x448 ( 1e )" \
14685 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14686 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14687 -c "received HelloRetryRequest message" \
14688 -c "selected_group ( 30 )"
14689
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14690requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14691requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14692requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14693requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14694requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14695requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14696requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14697requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14698requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14699requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14700requires_config_enabled PSA_WANT_ALG_ECDH
14701requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14702requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14703run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14704 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14705 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14706 0 \
14707 -s "Protocol is TLSv1.3" \
14708 -s "got named group: ffdhe2048(0100)" \
14709 -s "Certificate verification was skipped" \
14710 -c "Protocol is TLSv1.3" \
14711 -c "NamedGroup: secp384r1 ( 18 )" \
14712 -c "NamedGroup: ffdhe2048 ( 100 )" \
14713 -c "Verifying peer X.509 certificate... ok" \
14714 -s "HRR selected_group: ffdhe2048" \
14715 -c "received HelloRetryRequest message" \
14716 -c "selected_group ( 256 )"
14717
14718requires_config_enabled MBEDTLS_SSL_SRV_C
14719requires_config_enabled MBEDTLS_DEBUG_C
14720requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14721requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14722requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14723requires_config_enabled MBEDTLS_SSL_CLI_C
14724requires_config_enabled MBEDTLS_DEBUG_C
14725requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14726requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14727requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14728run_test "TLS 1.3 m->m: HRR secp521r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14729 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14730 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14731 0 \
14732 -s "Protocol is TLSv1.3" \
14733 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14734 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14735 -c "Protocol is TLSv1.3" \
14736 -c "NamedGroup: secp521r1 ( 19 )" \
14737 -c "NamedGroup: secp256r1 ( 17 )" \
14738 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14739 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14740 -c "received HelloRetryRequest message" \
14741 -c "selected_group ( 23 )"
14742
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14743requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14744requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14745requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14746requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14747requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14748requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14749requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14750requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14751requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14752requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14753run_test "TLS 1.3 m->m: HRR secp521r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14754 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14755 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14756 0 \
14757 -s "Protocol is TLSv1.3" \
14758 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14759 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14760 -c "Protocol is TLSv1.3" \
14761 -c "NamedGroup: secp521r1 ( 19 )" \
14762 -c "NamedGroup: secp384r1 ( 18 )" \
14763 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14764 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14765 -c "received HelloRetryRequest message" \
14766 -c "selected_group ( 24 )"
14767
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14768requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14769requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14770requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14771requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14772requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14773requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14774requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14775requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14776requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14777requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14778run_test "TLS 1.3 m->m: HRR secp521r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14779 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14780 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14781 0 \
14782 -s "Protocol is TLSv1.3" \
14783 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14784 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14785 -c "Protocol is TLSv1.3" \
14786 -c "NamedGroup: secp521r1 ( 19 )" \
14787 -c "NamedGroup: x25519 ( 1d )" \
14788 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14789 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14790 -c "received HelloRetryRequest message" \
14791 -c "selected_group ( 29 )"
14792
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14793requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14794requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14795requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14796requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14797requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14798requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14799requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14800requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14801requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14802requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14803run_test "TLS 1.3 m->m: HRR secp521r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14804 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14805 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14806 0 \
14807 -s "Protocol is TLSv1.3" \
14808 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14809 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14810 -c "Protocol is TLSv1.3" \
14811 -c "NamedGroup: secp521r1 ( 19 )" \
14812 -c "NamedGroup: x448 ( 1e )" \
14813 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14814 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14815 -c "received HelloRetryRequest message" \
14816 -c "selected_group ( 30 )"
14817
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14818requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14819requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14820requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14821requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14822requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14823requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14824requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14825requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14826requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14827requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14828requires_config_enabled PSA_WANT_ALG_ECDH
14829requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14830requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14831run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14832 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14833 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14834 0 \
14835 -s "Protocol is TLSv1.3" \
14836 -s "got named group: ffdhe2048(0100)" \
14837 -s "Certificate verification was skipped" \
14838 -c "Protocol is TLSv1.3" \
14839 -c "NamedGroup: secp521r1 ( 19 )" \
14840 -c "NamedGroup: ffdhe2048 ( 100 )" \
14841 -c "Verifying peer X.509 certificate... ok" \
14842 -s "HRR selected_group: ffdhe2048" \
14843 -c "received HelloRetryRequest message" \
14844 -c "selected_group ( 256 )"
14845
14846requires_config_enabled MBEDTLS_SSL_SRV_C
14847requires_config_enabled MBEDTLS_DEBUG_C
14848requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14849requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14850requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14851requires_config_enabled MBEDTLS_SSL_CLI_C
14852requires_config_enabled MBEDTLS_DEBUG_C
14853requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14854requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14855requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14856run_test "TLS 1.3 m->m: HRR x25519 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14857 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14858 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14859 0 \
14860 -s "Protocol is TLSv1.3" \
14861 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14862 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14863 -c "Protocol is TLSv1.3" \
14864 -c "NamedGroup: x25519 ( 1d )" \
14865 -c "NamedGroup: secp256r1 ( 17 )" \
14866 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14867 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14868 -c "received HelloRetryRequest message" \
14869 -c "selected_group ( 23 )"
14870
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14871requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14872requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14873requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14874requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14875requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14876requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14877requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14878requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14879requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14880requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14881run_test "TLS 1.3 m->m: HRR x25519 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14882 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14883 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14884 0 \
14885 -s "Protocol is TLSv1.3" \
14886 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14887 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14888 -c "Protocol is TLSv1.3" \
14889 -c "NamedGroup: x25519 ( 1d )" \
14890 -c "NamedGroup: secp384r1 ( 18 )" \
14891 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14892 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14893 -c "received HelloRetryRequest message" \
14894 -c "selected_group ( 24 )"
14895
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14896requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14897requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14898requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14899requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14900requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14901requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14902requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14903requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14904requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14905requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14906run_test "TLS 1.3 m->m: HRR x25519 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14907 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14908 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14909 0 \
14910 -s "Protocol is TLSv1.3" \
14911 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14912 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14913 -c "Protocol is TLSv1.3" \
14914 -c "NamedGroup: x25519 ( 1d )" \
14915 -c "NamedGroup: secp521r1 ( 19 )" \
14916 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14917 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14918 -c "received HelloRetryRequest message" \
14919 -c "selected_group ( 25 )"
14920
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14921requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14922requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14923requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14924requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14925requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14926requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14927requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14928requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14929requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14930requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14931run_test "TLS 1.3 m->m: HRR x25519 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14932 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14933 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14934 0 \
14935 -s "Protocol is TLSv1.3" \
14936 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14937 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14938 -c "Protocol is TLSv1.3" \
14939 -c "NamedGroup: x25519 ( 1d )" \
14940 -c "NamedGroup: x448 ( 1e )" \
14941 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14942 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14943 -c "received HelloRetryRequest message" \
14944 -c "selected_group ( 30 )"
14945
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14946requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14947requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14948requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14949requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14950requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14951requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14952requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14953requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14954requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14955requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14956requires_config_enabled PSA_WANT_ALG_ECDH
14957requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14958requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14959run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14960 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14961 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14962 0 \
14963 -s "Protocol is TLSv1.3" \
14964 -s "got named group: ffdhe2048(0100)" \
14965 -s "Certificate verification was skipped" \
14966 -c "Protocol is TLSv1.3" \
14967 -c "NamedGroup: x25519 ( 1d )" \
14968 -c "NamedGroup: ffdhe2048 ( 100 )" \
14969 -c "Verifying peer X.509 certificate... ok" \
14970 -s "HRR selected_group: ffdhe2048" \
14971 -c "received HelloRetryRequest message" \
14972 -c "selected_group ( 256 )"
14973
14974requires_config_enabled MBEDTLS_SSL_SRV_C
14975requires_config_enabled MBEDTLS_DEBUG_C
14976requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14977requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14978requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14979requires_config_enabled MBEDTLS_SSL_CLI_C
14980requires_config_enabled MBEDTLS_DEBUG_C
14981requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14982requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14983requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14984run_test "TLS 1.3 m->m: HRR x448 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]14985 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14986 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14987 0 \
14988 -s "Protocol is TLSv1.3" \
14989 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14990 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14991 -c "Protocol is TLSv1.3" \
14992 -c "NamedGroup: x448 ( 1e )" \
14993 -c "NamedGroup: secp256r1 ( 17 )" \
14994 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14995 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14996 -c "received HelloRetryRequest message" \
14997 -c "selected_group ( 23 )"
14998
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14999requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15000requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15001requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15002requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15003requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15004requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15005requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15006requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15007requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15008requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15009run_test "TLS 1.3 m->m: HRR x448 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]15010 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15011 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15012 0 \
15013 -s "Protocol is TLSv1.3" \
15014 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15015 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15016 -c "Protocol is TLSv1.3" \
15017 -c "NamedGroup: x448 ( 1e )" \
15018 -c "NamedGroup: secp384r1 ( 18 )" \
15019 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15020 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15021 -c "received HelloRetryRequest message" \
15022 -c "selected_group ( 24 )"
15023
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15024requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15025requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15026requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15027requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15028requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15029requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15030requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15031requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15032requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15033requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15034run_test "TLS 1.3 m->m: HRR x448 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]15035 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15036 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15037 0 \
15038 -s "Protocol is TLSv1.3" \
15039 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15040 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15041 -c "Protocol is TLSv1.3" \
15042 -c "NamedGroup: x448 ( 1e )" \
15043 -c "NamedGroup: secp521r1 ( 19 )" \
15044 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15045 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15046 -c "received HelloRetryRequest message" \
15047 -c "selected_group ( 25 )"
15048
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15049requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15050requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15051requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15052requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15053requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15054requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15055requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15056requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15057requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15058requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15059run_test "TLS 1.3 m->m: HRR x448 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]15060 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15061 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15062 0 \
15063 -s "Protocol is TLSv1.3" \
15064 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15065 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15066 -c "Protocol is TLSv1.3" \
15067 -c "NamedGroup: x448 ( 1e )" \
15068 -c "NamedGroup: x25519 ( 1d )" \
15069 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15070 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15071 -c "received HelloRetryRequest message" \
15072 -c "selected_group ( 29 )"
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15073
15074requires_config_enabled MBEDTLS_SSL_SRV_C
15075requires_config_enabled MBEDTLS_DEBUG_C
15076requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15077requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15078requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]15079requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15080requires_config_enabled MBEDTLS_SSL_CLI_C
15081requires_config_enabled MBEDTLS_DEBUG_C
15082requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15083requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15084requires_config_enabled PSA_WANT_ALG_ECDH
15085requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]15086requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15087run_test "TLS 1.3 m->m: HRR x448 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]15088 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15089 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15090 0 \
15091 -s "Protocol is TLSv1.3" \
15092 -s "got named group: ffdhe2048(0100)" \
15093 -s "Certificate verification was skipped" \
15094 -c "Protocol is TLSv1.3" \
15095 -c "NamedGroup: x448 ( 1e )" \
15096 -c "NamedGroup: ffdhe2048 ( 100 )" \
15097 -c "Verifying peer X.509 certificate... ok" \
15098 -s "HRR selected_group: ffdhe2048" \
15099 -c "received HelloRetryRequest message" \
15100 -c "selected_group ( 256 )"
15101
15102requires_config_enabled MBEDTLS_SSL_SRV_C
15103requires_config_enabled MBEDTLS_DEBUG_C
15104requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15105requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15106requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15107requires_config_enabled MBEDTLS_SSL_CLI_C
15108requires_config_enabled MBEDTLS_DEBUG_C
15109requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15110requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15111requires_config_enabled PSA_WANT_ALG_ECDH
15112requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]15113requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15114run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]15115 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15116 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15117 0 \
15118 -s "Protocol is TLSv1.3" \
15119 -s "got named group: secp256r1(0017)" \
15120 -s "Certificate verification was skipped" \
15121 -c "Protocol is TLSv1.3" \
15122 -c "NamedGroup: ffdhe2048 ( 100 )" \
15123 -c "NamedGroup: secp256r1 ( 17 )" \
15124 -c "Verifying peer X.509 certificate... ok" \
15125 -s "HRR selected_group: secp256r1" \
15126 -c "received HelloRetryRequest message" \
15127 -c "selected_group ( 23 )"
15128
15129requires_config_enabled MBEDTLS_SSL_SRV_C
15130requires_config_enabled MBEDTLS_DEBUG_C
15131requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15132requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15133requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15134requires_config_enabled MBEDTLS_SSL_CLI_C
15135requires_config_enabled MBEDTLS_DEBUG_C
15136requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15137requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15138requires_config_enabled PSA_WANT_ALG_ECDH
15139requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]15140requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15141run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]15142 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15143 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15144 0 \
15145 -s "Protocol is TLSv1.3" \
15146 -s "got named group: secp384r1(0018)" \
15147 -s "Certificate verification was skipped" \
15148 -c "Protocol is TLSv1.3" \
15149 -c "NamedGroup: ffdhe2048 ( 100 )" \
15150 -c "NamedGroup: secp384r1 ( 18 )" \
15151 -c "Verifying peer X.509 certificate... ok" \
15152 -s "HRR selected_group: secp384r1" \
15153 -c "received HelloRetryRequest message" \
15154 -c "selected_group ( 24 )"
15155
15156requires_config_enabled MBEDTLS_SSL_SRV_C
15157requires_config_enabled MBEDTLS_DEBUG_C
15158requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15159requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15160requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15161requires_config_enabled MBEDTLS_SSL_CLI_C
15162requires_config_enabled MBEDTLS_DEBUG_C
15163requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15164requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15165requires_config_enabled PSA_WANT_ALG_ECDH
15166requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]15167requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15168run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]15169 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15170 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15171 0 \
15172 -s "Protocol is TLSv1.3" \
15173 -s "got named group: secp521r1(0019)" \
15174 -s "Certificate verification was skipped" \
15175 -c "Protocol is TLSv1.3" \
15176 -c "NamedGroup: ffdhe2048 ( 100 )" \
15177 -c "NamedGroup: secp521r1 ( 19 )" \
15178 -c "Verifying peer X.509 certificate... ok" \
15179 -s "HRR selected_group: secp521r1" \
15180 -c "received HelloRetryRequest message" \
15181 -c "selected_group ( 25 )"
15182
15183requires_config_enabled MBEDTLS_SSL_SRV_C
15184requires_config_enabled MBEDTLS_DEBUG_C
15185requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15186requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15187requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15188requires_config_enabled MBEDTLS_SSL_CLI_C
15189requires_config_enabled MBEDTLS_DEBUG_C
15190requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15191requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15192requires_config_enabled PSA_WANT_ALG_ECDH
15193requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]15194requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15195run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]15196 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15197 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15198 0 \
15199 -s "Protocol is TLSv1.3" \
15200 -s "got named group: x25519(001d)" \
15201 -s "Certificate verification was skipped" \
15202 -c "Protocol is TLSv1.3" \
15203 -c "NamedGroup: ffdhe2048 ( 100 )" \
15204 -c "NamedGroup: x25519 ( 1d )" \
15205 -c "Verifying peer X.509 certificate... ok" \
15206 -s "HRR selected_group: x25519" \
15207 -c "received HelloRetryRequest message" \
15208 -c "selected_group ( 29 )"
15209
15210requires_config_enabled MBEDTLS_SSL_SRV_C
15211requires_config_enabled MBEDTLS_DEBUG_C
15212requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15213requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15214requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15215requires_config_enabled MBEDTLS_SSL_CLI_C
15216requires_config_enabled MBEDTLS_DEBUG_C
15217requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15218requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15219requires_config_enabled PSA_WANT_ALG_ECDH
15220requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]15221requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15222run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame]15223 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15224 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15225 0 \
15226 -s "Protocol is TLSv1.3" \
15227 -s "got named group: x448(001e)" \
15228 -s "Certificate verification was skipped" \
15229 -c "Protocol is TLSv1.3" \
15230 -c "NamedGroup: ffdhe2048 ( 100 )" \
15231 -c "NamedGroup: x448 ( 1e )" \
15232 -c "Verifying peer X.509 certificate... ok" \
15233 -s "HRR selected_group: x448" \
15234 -c "received HelloRetryRequest message" \
15235 -c "selected_group ( 30 )"