Merge pull request #8914 from ronald-cron-arm/resumption-early-data-compat-tests
TLS 1.3: Resumption and early data compatibility tests
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index f00a111..a5d2ed1 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -122,7 +122,8 @@
#define DFL_SNI NULL
#define DFL_ALPN_STRING NULL
#define DFL_GROUPS NULL
-#define DFL_MAX_EARLY_DATA_SIZE 0
+#define DFL_EARLY_DATA -1
+#define DFL_MAX_EARLY_DATA_SIZE ((uint32_t) -1)
#define DFL_SIG_ALGS NULL
#define DFL_DHM_FILE NULL
#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
@@ -429,9 +430,10 @@
#if defined(MBEDTLS_SSL_EARLY_DATA)
#define USAGE_EARLY_DATA \
- " max_early_data_size=%%d default: -1 (disabled)\n" \
- " options: -1 (disabled), " \
- " >= 0 (enabled, max amount of early data )\n"
+ " early_data=%%d default: library default\n" \
+ " options: 0 (disabled), 1 (enabled)\n" \
+ " max_early_data_size=%%d default: library default\n" \
+ " options: max amount of early data\n"
#else
#define USAGE_EARLY_DATA ""
#endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -694,7 +696,10 @@
const char *cid_val_renego; /* the CID to use for incoming messages
* after renegotiation */
int reproducible; /* make communication reproducible */
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ int early_data; /* early data enablement flag */
uint32_t max_early_data_size; /* max amount of early data */
+#endif
int query_config_mode; /* whether to read config */
int use_srtp; /* Support SRTP */
int force_srtp_profile; /* SRTP protection profile to use or all */
@@ -1609,10 +1614,6 @@
};
#endif /* MBEDTLS_SSL_DTLS_SRTP */
-#if defined(MBEDTLS_SSL_EARLY_DATA)
- int tls13_early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED;
-#endif
-
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
#if defined(MBEDTLS_MEMORY_DEBUG)
@@ -1747,7 +1748,10 @@
opt.sni = DFL_SNI;
opt.alpn_string = DFL_ALPN_STRING;
opt.groups = DFL_GROUPS;
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ opt.early_data = DFL_EARLY_DATA;
opt.max_early_data_size = DFL_MAX_EARLY_DATA_SIZE;
+#endif
opt.sig_algs = DFL_SIG_ALGS;
opt.dhm_file = DFL_DHM_FILE;
opt.transport = DFL_TRANSPORT;
@@ -1980,14 +1984,18 @@
}
#endif
#if defined(MBEDTLS_SSL_EARLY_DATA)
- else if (strcmp(p, "max_early_data_size") == 0) {
- long long value = atoll(q);
- tls13_early_data_enabled =
- value >= 0 ? MBEDTLS_SSL_EARLY_DATA_ENABLED :
- MBEDTLS_SSL_EARLY_DATA_DISABLED;
- if (tls13_early_data_enabled) {
- opt.max_early_data_size = atoi(q);
+ else if (strcmp(p, "early_data") == 0) {
+ switch (atoi(q)) {
+ case 0:
+ opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
+ break;
+ case 1:
+ opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
+ break;
+ default: goto usage;
}
+ } else if (strcmp(p, "max_early_data_size") == 0) {
+ opt.max_early_data_size = (uint32_t) atoll(q);
}
#endif /* MBEDTLS_SSL_EARLY_DATA */
else if (strcmp(p, "renegotiation") == 0) {
@@ -2805,8 +2813,10 @@
}
#if defined(MBEDTLS_SSL_EARLY_DATA)
- mbedtls_ssl_conf_early_data(&conf, tls13_early_data_enabled);
- if (tls13_early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) {
+ if (opt.early_data != DFL_EARLY_DATA) {
+ mbedtls_ssl_conf_early_data(&conf, opt.early_data);
+ }
+ if (opt.max_early_data_size != DFL_MAX_EARLY_DATA_SIZE) {
mbedtls_ssl_conf_max_early_data_size(
&conf, opt.max_early_data_size);
}
diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh
index 066fa3f..5e43921 100755
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@@ -71,120 +71,6 @@
-S "key exchange mode: ephemeral$" \
-s "ticket is not authentic"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3 m->m: Session resumption failure, ticket authentication failed." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=1" \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "sent selected_identity:" \
- -s "key exchange mode: ephemeral" \
- -S "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: psk$" \
- -s "ticket is not authentic" \
- -S "ticket is expired" \
- -S "Invalid ticket creation time" \
- -S "Ticket age exceeds limitation" \
- -S "Ticket age outside tolerance window"
-
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3 m->m: Session resumption failure, ticket expired." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=2" \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "sent selected_identity:" \
- -s "key exchange mode: ephemeral" \
- -S "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: psk$" \
- -S "ticket is not authentic" \
- -s "ticket is expired" \
- -S "Invalid ticket creation time" \
- -S "Ticket age exceeds limitation" \
- -S "Ticket age outside tolerance window"
-
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3 m->m: Session resumption failure, invalid start time." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=3" \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "sent selected_identity:" \
- -s "key exchange mode: ephemeral" \
- -S "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: psk$" \
- -S "ticket is not authentic" \
- -S "ticket is expired" \
- -s "Invalid ticket creation time" \
- -S "Ticket age exceeds limitation" \
- -S "Ticket age outside tolerance window"
-
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3 m->m: Session resumption failure, ticket expired. too old" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=4" \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "sent selected_identity:" \
- -s "key exchange mode: ephemeral" \
- -S "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: psk$" \
- -S "ticket is not authentic" \
- -S "ticket is expired" \
- -S "Invalid ticket creation time" \
- -s "Ticket age exceeds limitation" \
- -S "Ticket age outside tolerance window"
-
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too young." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=5" \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "sent selected_identity:" \
- -s "key exchange mode: ephemeral" \
- -S "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: psk$" \
- -S "ticket is not authentic" \
- -S "ticket is expired" \
- -S "Invalid ticket creation time" \
- -S "Ticket age exceeds limitation" \
- -s "Ticket age outside tolerance window"
-
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too old." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=6" \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "sent selected_identity:" \
- -s "key exchange mode: ephemeral" \
- -S "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: psk$" \
- -S "ticket is not authentic" \
- -S "ticket is expired" \
- -S "Invalid ticket creation time" \
- -S "Ticket age exceeds limitation" \
- -s "Ticket age outside tolerance window"
-
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -252,297 +138,1049 @@
0 \
-s "key exchange mode: ephemeral$"
-requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption" \
+ "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ "$P_CLI reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session... ok" \
+ -c "HTTP/1.0 200 OK" \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption with servername" \
+ "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
+ "$P_CLI server_name=localhost reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session... ok" \
+ -c "HTTP/1.0 200 OK" \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption with ticket max lifetime (7d)" \
+ "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=604800 tickets=1" \
+ "$P_CLI reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session... ok" \
+ -c "HTTP/1.0 200 OK" \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
+run_test "TLS 1.3 m->m: resumption with AES-256-GCM-SHA384 only" \
+ "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session... ok" \
+ -c "HTTP/1.0 200 OK" \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption with early data" \
+ "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -c "received max_early_data_size" \
+ -c "NewSessionTicket: early_data(42) extension received." \
+ -c "ClientHello: early_data(42) extension exists." \
+ -c "EncryptedExtensions: early_data(42) extension received." \
+ -c "bytes of early data written" \
+ -C "0 bytes of early data written" \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite" \
+ -s "Sent max_early_data_size" \
+ -s "NewSessionTicket: early_data(42) extension exists." \
+ -s "ClientHello: early_data(42) extension exists." \
+ -s "EncryptedExtensions: early_data(42) extension exists." \
+ -s "early data bytes read"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
+run_test "TLS 1.3 m->m: resumption with early data, AES-256-GCM-SHA384 only" \
+ "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -c "received max_early_data_size" \
+ -c "NewSessionTicket: early_data(42) extension received." \
+ -c "ClientHello: early_data(42) extension exists." \
+ -c "EncryptedExtensions: early_data(42) extension received." \
+ -c "bytes of early data written" \
+ -C "0 bytes of early data written" \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \
+ -s "Sent max_early_data_size" \
+ -s "NewSessionTicket: early_data(42) extension exists." \
+ -s "ClientHello: early_data(42) extension exists." \
+ -s "EncryptedExtensions: early_data(42) extension exists." \
+ -s "early data bytes read"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-default" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -C "received max_early_data_size" \
+ -C "NewSessionTicket: early_data(42) extension received." \
+ -C "ClientHello: early_data(42) extension exists." \
+ -C "EncryptedExtensions: early_data(42) extension received." \
+ -c "0 bytes of early data written" \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite" \
+ -S "Sent max_early_data_size" \
+ -S "NewSessionTicket: early_data(42) extension exists." \
+ -S "ClientHello: early_data(42) extension exists." \
+ -S "EncryptedExtensions: early_data(42) extension exists." \
+ -S "early data bytes read"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-disabled" \
+ "$P_SRV debug_level=4 early_data=0 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -C "received max_early_data_size" \
+ -C "NewSessionTicket: early_data(42) extension received." \
+ -C "ClientHello: early_data(42) extension exists." \
+ -C "EncryptedExtensions: early_data(42) extension received." \
+ -c "0 bytes of early data written" \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite" \
+ -S "Sent max_early_data_size" \
+ -S "NewSessionTicket: early_data(42) extension exists." \
+ -S "ClientHello: early_data(42) extension exists." \
+ -S "EncryptedExtensions: early_data(42) extension exists." \
+ -S "early data bytes read"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption, early data cli-default/srv-enabled" \
+ "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -c "received max_early_data_size" \
+ -c "NewSessionTicket: early_data(42) extension received." \
+ -C "ClientHello: early_data(42) extension exists." \
+ -C "EncryptedExtensions: early_data(42) extension received." \
+ -C "bytes of early data written" \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite" \
+ -s "Sent max_early_data_size" \
+ -s "NewSessionTicket: early_data(42) extension exists." \
+ -S "ClientHello: early_data(42) extension exists." \
+ -S "EncryptedExtensions: early_data(42) extension exists." \
+ -S "early data bytes read"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption, early data cli-disabled/srv-enabled" \
+ "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -c "received max_early_data_size" \
+ -c "NewSessionTicket: early_data(42) extension received." \
+ -C "ClientHello: early_data(42) extension exists." \
+ -C "EncryptedExtensions: early_data(42) extension received." \
+ -C "bytes of early data written" \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite" \
+ -s "Sent max_early_data_size" \
+ -s "NewSessionTicket: early_data(42) extension exists." \
+ -S "ClientHello: early_data(42) extension exists." \
+ -S "EncryptedExtensions: early_data(42) extension exists." \
+ -S "early data bytes read"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption fails, ticket lifetime too long (7d + 1s)" \
+ "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=604801 tickets=1" \
+ "$P_CLI reco_mode=1 reconnect=1" \
+ 1 \
+ -c "Protocol is TLSv1.3" \
+ -C "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session... failed" \
+ -S "Protocol is TLSv1.3" \
+ -S "key exchange mode: psk" \
+ -S "Select PSK ciphersuite" \
+ -s "Ticket lifetime (604801) is greater than 7 days."
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption fails, ticket lifetime=0" \
+ "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=0 tickets=1" \
+ "$P_CLI debug_level=2 reco_mode=1 reconnect=1" \
+ 1 \
+ -c "Protocol is TLSv1.3" \
+ -C "Saving session for reuse... ok" \
+ -c "Discard new session ticket" \
+ -c "Reconnecting with saved session... failed" \
+ -s "Protocol is TLSv1.3" \
+ -S "key exchange mode: psk" \
+ -S "Select PSK ciphersuite"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption fails, servername check failed" \
+ "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
+ "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote reco_mode=1 reconnect=1" \
+ 1 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -c "Hostname mismatch the session ticket, disable session resumption." \
+ -s "Protocol is TLSv1.3" \
+ -S "key exchange mode: psk" \
+ -S "Select PSK ciphersuite"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption fails, ticket auth failed." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=1" \
+ "$P_CLI reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -s "key exchange mode: ephemeral" \
+ -s "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -S "key exchange mode: psk" \
+ -s "ticket is not authentic" \
+ -S "ticket is expired" \
+ -S "Invalid ticket creation time" \
+ -S "Ticket age exceeds limitation" \
+ -S "Ticket age outside tolerance window"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption fails, ticket expired." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=2" \
+ "$P_CLI reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -s "key exchange mode: ephemeral" \
+ -s "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -S "key exchange mode: psk" \
+ -S "ticket is not authentic" \
+ -s "ticket is expired" \
+ -S "Invalid ticket creation time" \
+ -S "Ticket age exceeds limitation" \
+ -S "Ticket age outside tolerance window"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption fails, invalid creation time." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=3" \
+ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -s "key exchange mode: ephemeral" \
+ -s "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -S "key exchange mode: psk" \
+ -S "ticket is not authentic" \
+ -S "ticket is expired" \
+ -s "Invalid ticket creation time" \
+ -S "Ticket age exceeds limitation" \
+ -S "Ticket age outside tolerance window"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption fails, ticket expired, too old" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=4" \
+ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -s "key exchange mode: ephemeral" \
+ -s "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -S "key exchange mode: psk" \
+ -S "ticket is not authentic" \
+ -S "ticket is expired" \
+ -S "Invalid ticket creation time" \
+ -s "Ticket age exceeds limitation" \
+ -S "Ticket age outside tolerance window"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too young" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=5" \
+ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -s "key exchange mode: ephemeral" \
+ -s "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -S "key exchange mode: psk" \
+ -S "ticket is not authentic" \
+ -S "ticket is expired" \
+ -S "Invalid ticket creation time" \
+ -S "Ticket age exceeds limitation" \
+ -s "Ticket age outside tolerance window"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too old" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=6" \
+ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -s "key exchange mode: ephemeral" \
+ -s "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -S "key exchange mode: psk" \
+ -S "ticket is not authentic" \
+ -S "ticket is expired" \
+ -S "Invalid ticket creation time" \
+ -S "Ticket age exceeds limitation" \
+ -s "Ticket age outside tolerance window"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_EARLY_DATA
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/none" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \
+ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -s "key exchange mode: ephemeral" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -s "found matched identity" \
+ -s "No suitable PSK key exchange mode" \
+ -s "No usable PSK or ticket"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \
+ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -s "key exchange mode: ephemeral" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -s "found matched identity" \
+ -S "No suitable PSK key exchange mode" \
+ -S "No usable PSK or ticket"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/psk_ephemeral" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \
+ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -s "key exchange mode: ephemeral" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -s "found matched identity" \
+ -s "No suitable PSK key exchange mode" \
+ -s "No usable PSK or ticket"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk_all" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \
+ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -s "key exchange mode: ephemeral" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -s "found matched identity" \
+ -S "No suitable PSK key exchange mode" \
+ -S "No usable PSK or ticket"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/none" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \
+ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -s "key exchange mode: ephemeral" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -s "found matched identity" \
+ -s "No suitable PSK key exchange mode" \
+ -s "No usable PSK or ticket"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/psk" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \
+ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -s "key exchange mode: ephemeral" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -s "found matched identity" \
+ -s "No suitable PSK key exchange mode" \
+ -s "No usable PSK or ticket"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_ephemeral" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \
+ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -s "key exchange mode: ephemeral" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -s "found matched identity" \
+ -S "No suitable PSK key exchange mode" \
+ -S "No usable PSK or ticket"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_all" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \
+ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -s "key exchange mode: ephemeral" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -s "found matched identity" \
+ -S "No suitable PSK key exchange mode" \
+ -S "No usable PSK or ticket"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_all/none" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \
+ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 1" \
+ -S "sent selected_identity:" \
+ -s "key exchange mode: ephemeral" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -s "No suitable PSK key exchange mode" \
+ -s "No usable PSK or ticket"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk_all/psk" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \
+ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -s "key exchange mode: ephemeral" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -s "found matched identity" \
+ -S "No suitable PSK key exchange mode" \
+ -S "No usable PSK or ticket"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_ephemeral" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \
+ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -s "key exchange mode: ephemeral" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -s "found matched identity" \
+ -S "No suitable PSK key exchange mode" \
+ -S "No usable PSK or ticket"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_all" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \
+ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -s "key exchange mode: ephemeral" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -s "found matched identity" \
+ -S "No suitable PSK key exchange mode" \
+ -S "No usable PSK or ticket"
+
+requires_openssl_tls1_3_with_compatible_ephemeral
+requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-run_test "TLS 1.3 m->G: EarlyData: basic check, good" \
- "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK \
- --earlydata --maxearlydata 16384 --disable-client-cert" \
- "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=900" \
+run_test "TLS 1.3 m->O: resumption" \
+ "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
+ "$P_CLI reco_mode=1 reconnect=1" \
0 \
- -c "received max_early_data_size: 16384" \
- -c "Reconnecting with saved session" \
- -c "NewSessionTicket: early_data(42) extension received." \
- -c "ClientHello: early_data(42) extension exists." \
- -c "EncryptedExtensions: early_data(42) extension received." \
- -c "EncryptedExtensions: early_data(42) extension exists." \
- -c "<= write EndOfEarlyData" \
- -s "Parsing extension 'Early Data/42' (0 bytes)" \
- -s "Sending extension Early Data/42 (0 bytes)" \
- -s "END OF EARLY DATA (5) was received." \
- -s "early data accepted"
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session... ok" \
+ -c "HTTP/1.0 200 ok"
-requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_EARLY_DATA
-requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-run_test "TLS 1.3 m->G: EarlyData: write early data, good" \
- "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \
- "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=900" \
- 0 \
- -c "Reconnecting with saved session" \
- -c "NewSessionTicket: early_data(42) extension received." \
- -c "ClientHello: early_data(42) extension exists." \
- -c "EncryptedExtensions: early_data(42) extension received." \
- -c "EncryptedExtensions: early_data(42) extension exists." \
- -c "<= write early_data" \
- -c "<= write EndOfEarlyData" \
- -s "Parsing extension 'Early Data/42' (0 bytes)" \
- -s "Sending extension Early Data/42 (0 bytes)" \
- -s "END OF EARLY DATA (5) was received." \
- -s "early data accepted" \
- -s "decrypted early data with length"
-
-requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_EARLY_DATA
-requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \
- "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \
- "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1" \
- 0 \
- -c "Reconnecting with saved session" \
- -C "NewSessionTicket: early_data(42) extension received." \
- -c "ClientHello: early_data(42) extension does not exist." \
- -C "EncryptedExtensions: early_data(42) extension received." \
- -C "EncryptedExtensions: early_data(42) extension exists."
-
-#TODO: OpenSSL tests don't work now. It might be openssl options issue, cause GnuTLS has worked.
+# No early data m->O tests for the time being. The option -early_data is needed
+# to enable early data on OpenSSL server and it is not compatible with the
+# -www option we usually use for testing with OpenSSL server (see
+# O_NEXT_SRV_EARLY_DATA definition). In this configuration when running the
+# ephemeral then ticket based scenario we use for early data testing the first
+# handshake fails. The following skipped test is here to illustrate the kind
+# of testing we would like to do.
skip_next_test
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_EARLY_DATA
+requires_openssl_tls1_3_with_compatible_ephemeral
+requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_EARLY_DATA \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-run_test "TLS 1.3, ext PSK, early data" \
- "$O_NEXT_SRV_EARLY_DATA -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
- "$P_CLI debug_level=5 tls13_kex_modes=psk early_data=1 psk=010203 psk_identity=0a0b0c" \
- 1 \
+run_test "TLS 1.3 m->O: resumption with early data" \
+ "$O_NEXT_SRV_EARLY_DATA -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
+ "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
-c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -c "received max_early_data_size: 16384" \
-c "NewSessionTicket: early_data(42) extension received." \
-c "ClientHello: early_data(42) extension exists." \
-c "EncryptedExtensions: early_data(42) extension received." \
- -c "EncryptedExtensions: early_data(42) extension ( ignored )."
+ -c "bytes of early data written" \
+ -s "decrypted early data with length:"
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/none." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \
- "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "sent selected_identity:" \
- -s "key exchange mode: ephemeral" \
- -S "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: psk$" \
- -s "No suitable PSK key exchange mode" \
- -s "No usable PSK or ticket"
+run_test "TLS 1.3 m->G: resumption" \
+ "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
+ "$P_CLI reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session... ok" \
+ -c "HTTP/1.0 200 OK"
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \
- "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "No suitable PSK key exchange mode" \
- -s "found matched identity"
+requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
+run_test "TLS 1.3 m->G: resumption with AES-256-GCM-SHA384 only" \
+ "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
+ "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session... ok" \
+ -c "HTTP/1.0 200 OK"
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_EARLY_DATA \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_ephemeral." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \
- "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "sent selected_identity:" \
- -s "key exchange mode: ephemeral" \
- -S "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: psk$" \
- -s "No suitable PSK key exchange mode" \
- -s "No usable PSK or ticket"
+run_test "TLS 1.3 m->G: resumption with early data" \
+ "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
+ --earlydata --maxearlydata 16384" \
+ "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -c "received max_early_data_size: 16384" \
+ -c "NewSessionTicket: early_data(42) extension received." \
+ -c "ClientHello: early_data(42) extension exists." \
+ -c "EncryptedExtensions: early_data(42) extension received." \
+ -c "bytes of early data written" \
+ -s "decrypted early data with length:"
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_EARLY_DATA \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_all." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \
- "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "No suitable PSK key exchange mode" \
- -s "found matched identity"
+requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
+run_test "TLS 1.3 m->G: resumption with early data, AES-256-GCM-SHA384 only" \
+ "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
+ --earlydata --maxearlydata 16384" \
+ "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -c "received max_early_data_size: 16384" \
+ -c "NewSessionTicket: early_data(42) extension received." \
+ -c "ClientHello: early_data(42) extension exists." \
+ -c "EncryptedExtensions: early_data(42) extension received." \
+ -c "bytes of early data written" \
+ -s "decrypted early data with length:"
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/none." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \
- "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "sent selected_identity:" \
- -s "key exchange mode: ephemeral" \
- -S "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: psk$" \
- -s "No suitable PSK key exchange mode" \
- -s "No usable PSK or ticket"
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_EARLY_DATA \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+run_test "TLS 1.3 m->G: resumption, early data cli-enabled/srv-disabled" \
+ "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \
+ "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -C "received max_early_data_size: 16384" \
+ -C "NewSessionTicket: early_data(42) extension received." \
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \
- "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "sent selected_identity:" \
- -s "key exchange mode: ephemeral" \
- -S "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: psk$" \
- -s "No suitable PSK key exchange mode" \
- -s "No usable PSK or ticket"
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_EARLY_DATA \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+run_test "TLS 1.3 m->G: resumption, early data cli-default/srv-enabled" \
+ "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
+ --earlydata --maxearlydata 16384" \
+ "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -c "received max_early_data_size: 16384" \
+ -c "NewSessionTicket: early_data(42) extension received." \
+ -C "ClientHello: early_data(42) extension exists." \
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_ephemeral." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \
- "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "No suitable PSK key exchange mode" \
- -s "found matched identity" \
- -s "key exchange mode: psk_ephemeral"
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_EARLY_DATA \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+run_test "TLS 1.3 m->G: resumption, early data cli-disabled/srv-enabled" \
+ "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
+ --earlydata --maxearlydata 16384" \
+ "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -c "received max_early_data_size: 16384" \
+ -c "NewSessionTicket: early_data(42) extension received." \
+ -C "ClientHello: early_data(42) extension exists." \
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+requires_openssl_tls1_3_with_compatible_ephemeral
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_all." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \
- "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "No suitable PSK key exchange mode" \
- -s "found matched identity" \
- -s "key exchange mode: psk_ephemeral"
+# https://github.com/openssl/openssl/issues/10714
+# Until now, OpenSSL client does not support reconnect.
+skip_next_test
+run_test "TLS 1.3 O->m: resumption" \
+ "$P_SRV debug_level=2 tickets=1" \
+ "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite"
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/none." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \
- "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "sent selected_identity:" \
- -s "key exchange mode: ephemeral" \
- -S "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: psk$" \
- -s "No suitable PSK key exchange mode" \
- -s "No usable PSK or ticket"
+run_test "TLS 1.3 G->m: resumption" \
+ "$P_SRV debug_level=2 tickets=1" \
+ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite"
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \
- "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "No suitable PSK key exchange mode" \
- -s "found matched identity"
-
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_ephemeral." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \
- "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "No suitable PSK key exchange mode" \
- -s "found matched identity" \
- -s "key exchange mode: psk_ephemeral"
-
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_all." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \
- "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "No suitable PSK key exchange mode" \
- -s "found matched identity" \
- -s "key exchange mode: psk_ephemeral"
+requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
+# Test the session resumption when the cipher suite for the original session is
+# TLS1-3-AES-256-GCM-SHA384. In that case, the PSK is 384 bits long and not
+# 256 bits long as with all the other TLS 1.3 cipher suites.
+run_test "TLS 1.3 G->m: resumption with AES-256-GCM-SHA384 only" \
+ "$P_SRV debug_level=2 tickets=1" \
+ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 ))
EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 ))
-requires_gnutls_next
-requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
- MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3 G->m: EarlyData: feature is enabled, good." \
- "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
- "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:+KX-ALL \
- -d 10 -r --earlydata $EARLY_DATA_INPUT " \
+run_test "TLS 1.3 G->m: resumption with early data" \
+ "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
+ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
+ --earlydata $EARLY_DATA_INPUT" \
0 \
- -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
- -s "NewSessionTicket: early_data(42) extension exists." \
- -s "ClientHello: early_data(42) extension exists." \
- -s "EncryptedExtensions: early_data(42) extension exists." \
- -s "$( head -1 $EARLY_DATA_INPUT )" \
- -s "$( tail -1 $EARLY_DATA_INPUT )" \
- -s "200 early data bytes read" \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite" \
+ -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
+ -s "NewSessionTicket: early_data(42) extension exists." \
+ -s "ClientHello: early_data(42) extension exists." \
+ -s "EncryptedExtensions: early_data(42) extension exists." \
+ -s "$( head -1 $EARLY_DATA_INPUT )" \
+ -s "$( tail -1 $EARLY_DATA_INPUT )" \
+ -s "200 early data bytes read" \
-s "106 early data bytes read"
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
+run_test "TLS 1.3 G->m: resumption with early data, AES-256-GCM-SHA384 only" \
+ "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
+ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r \
+ --earlydata $EARLY_DATA_INPUT" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \
+ -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
+ -s "NewSessionTicket: early_data(42) extension exists." \
+ -s "ClientHello: early_data(42) extension exists." \
+ -s "EncryptedExtensions: early_data(42) extension exists." \
+ -s "$( head -1 $EARLY_DATA_INPUT )" \
+ -s "$( tail -1 $EARLY_DATA_INPUT )" \
+ -s "200 early data bytes read" \
+ -s "106 early data bytes read"
+
+# The Mbed TLS server does not allow early data for the ticket it sends but
+# the GnuTLS indicates early data anyway when resuming with the ticket and
+# sends early data. The Mbed TLS server does not expect early data in
+# association with the ticket thus it eventually fails the resumption
+# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
+# specification and thus its behavior may change in following versions.
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-default" \
+ "$P_SRV debug_level=4 tickets=1" \
+ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
+ --earlydata $EARLY_DATA_INPUT" \
+ 1 \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite" \
+ -S "Sent max_early_data_size" \
+ -S "NewSessionTicket: early_data(42) extension exists." \
+ -s "ClientHello: early_data(42) extension exists." \
+ -s "EarlyData: rejected, feature disabled in server configuration." \
+ -S "EncryptedExtensions: early_data(42) extension exists." \
+ -s "EarlyData: deprotect and discard app data records" \
+ -s "EarlyData: Too much early data received"
+
+# The Mbed TLS server does not allow early data for the ticket it sends but
+# the GnuTLS indicates early data anyway when resuming with the ticket and
+# sends early data. The Mbed TLS server does not expect early data in
+# association with the ticket thus it eventually fails the resumption
+# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
+# specification and thus its behavior may change in following versions.
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-disabled" \
+ "$P_SRV debug_level=4 tickets=1 early_data=0" \
+ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
+ --earlydata $EARLY_DATA_INPUT" \
+ 1 \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite" \
+ -S "Sent max_early_data_size" \
+ -S "NewSessionTicket: early_data(42) extension exists." \
+ -s "ClientHello: early_data(42) extension exists." \
+ -s "EarlyData: rejected, feature disabled in server configuration." \
+ -S "EncryptedExtensions: early_data(42) extension exists." \
+ -s "EarlyData: deprotect and discard app data records" \
+ -s "EarlyData: Too much early data received"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 G->m: resumption, early data cli-disabled/srv-enabled" \
+ "$P_SRV debug_level=4 tickets=1 early_data=1" \
+ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -s "key exchange mode: psk" \
+ -s "Select PSK ciphersuite" \
+ -s "Sent max_early_data_size" \
+ -s "NewSessionTicket: early_data(42) extension exists." \
+ -S "ClientHello: early_data(42) extension exists." \
+ -S "EncryptedExtensions: early_data(42) extension exists."
+
requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \
- "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=1024" \
+ "$P_SRV force_version=tls13 debug_level=4 early_data=1 max_early_data_size=1024" \
"$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral reco_mode=1 reconnect=1" \
0 \
-s "key exchange mode: ephemeral" \
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 0e86368..5243ceb 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -13414,180 +13414,6 @@
-c "no suitable signature algorithm"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3: NewSessionTicket: Basic check, m->O" \
- "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 4" \
- "$P_CLI debug_level=1 reco_mode=1 reconnect=1" \
- 0 \
- -c "Protocol is TLSv1.3" \
- -c "got new session ticket." \
- -c "Saving session for reuse... ok" \
- -c "Reconnecting with saved session" \
- -c "HTTP/1.0 200 ok"
-
-requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \
- "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
- "$P_CLI debug_level=1 reco_mode=1 reconnect=1" \
- 0 \
- -c "Protocol is TLSv1.3" \
- -c "got new session ticket." \
- -c "Saving session for reuse... ok" \
- -c "Reconnecting with saved session" \
- -c "HTTP/1.0 200 OK" \
- -s "This is a resumed session"
-
-requires_openssl_tls1_3_with_compatible_ephemeral
-requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-# https://github.com/openssl/openssl/issues/10714
-# Until now, OpenSSL client does not support reconnect.
-skip_next_test
-run_test "TLS 1.3: NewSessionTicket: Basic check, O->m" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=4" \
- "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \
- 0 \
- -s "=> write NewSessionTicket msg" \
- -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \
- -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH"
-
-requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3: NewSessionTicket: Basic check, G->m" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=4" \
- "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
- 0 \
- -c "Connecting again- trying to resume previous session" \
- -c "NEW SESSION TICKET (4) was received" \
- -s "=> write NewSessionTicket msg" \
- -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \
- -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \
- -s "key exchange mode: ephemeral" \
- -s "key exchange mode: psk_ephemeral" \
- -s "found pre_shared_key extension"
-
-requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-# Test the session resumption when the cipher suite for the original session is
-# TLS1-3-AES-256-GCM-SHA384. In that case, the PSK is 384 bits long and not
-# 256 bits long as with all the other TLS 1.3 cipher suites.
-requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
-run_test "TLS 1.3: NewSessionTicket: Basic check with AES-256-GCM only, G->m" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \
- "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r" \
- 0 \
- -c "Connecting again- trying to resume previous session" \
- -c "NEW SESSION TICKET (4) was received" \
- -s "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
- -s "=> write NewSessionTicket msg" \
- -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \
- -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \
- -s "key exchange mode: ephemeral" \
- -s "key exchange mode: psk_ephemeral" \
- -s "found pre_shared_key extension"
-
-requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=4" \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
- 0 \
- -c "Protocol is TLSv1.3" \
- -c "got new session ticket ( 3 )" \
- -c "Saving session for reuse... ok" \
- -c "Reconnecting with saved session" \
- -c "HTTP/1.0 200 OK" \
- -s "=> write NewSessionTicket msg" \
- -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \
- -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \
- -s "key exchange mode: ephemeral" \
- -s "key exchange mode: psk_ephemeral" \
- -s "found pre_shared_key extension"
-
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3 m->m: NewSessionTicket: Ticket lifetime max value (7d)" \
- "$P_SRV debug_level=1 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=604800 tickets=1" \
- "$P_CLI reco_mode=1 reconnect=1" \
- 0 \
- -c "Protocol is TLSv1.3" \
- -c "HTTP/1.0 200 OK" \
- -c "got new session ticket" \
- -c "Reconnecting with saved session... ok" \
- -s "Protocol is TLSv1.3" \
- -S "Ticket lifetime (604800) is greater than 7 days."
-
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3 m->m: NewSessionTicket: Ticket lifetime too long (7d + 1s)" \
- "$P_SRV debug_level=1 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=604801 tickets=1" \
- "$P_CLI reco_mode=1 reconnect=1" \
- 1 \
- -c "Protocol is TLSv1.3" \
- -C "HTTP/1.0 200 OK" \
- -C "got new session ticket" \
- -C "Reconnecting with saved session... ok" \
- -S "Protocol is TLSv1.3" \
- -s "Ticket lifetime (604801) is greater than 7 days."
-
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3 m->m: NewSessionTicket: ticket lifetime=0" \
- "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=0 tickets=1" \
- "$P_CLI debug_level=2 reco_mode=1 reconnect=1" \
- 1 \
- -c "Protocol is TLSv1.3" \
- -c "HTTP/1.0 200 OK" \
- -c "Discard new session ticket" \
- -C "got new session ticket" \
- -c "Reconnecting with saved session... failed" \
- -s "Protocol is TLSv1.3" \
- -s "<= write new session ticket"
-
-requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
@@ -13618,51 +13444,6 @@
-c "Protocol is TLSv1.2" \
-c "HTTP/1.0 200 [Oo][Kk]"
-requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3: NewSessionTicket: servername check, m->m" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=4 \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
- "$P_CLI debug_level=4 server_name=localhost reco_mode=1 reconnect=1" \
- 0 \
- -c "Protocol is TLSv1.3" \
- -c "got new session ticket." \
- -c "Saving session for reuse... ok" \
- -c "Reconnecting with saved session" \
- -c "HTTP/1.0 200 OK" \
- -s "=> write NewSessionTicket msg" \
- -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \
- -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \
- -s "key exchange mode: ephemeral" \
- -s "key exchange mode: psk_ephemeral" \
- -s "found pre_shared_key extension"
-
-requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3: NewSessionTicket: servername negative check, m->m" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=4 \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
- "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote reco_mode=1 reconnect=1" \
- 1 \
- -c "Protocol is TLSv1.3" \
- -c "got new session ticket." \
- -c "Saving session for reuse... ok" \
- -c "Reconnecting with saved session" \
- -c "Hostname mismatch the session ticket, disable session resumption." \
- -s "=> write NewSessionTicket msg" \
- -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \
- -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH"
-
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED