Use libary default in ssl_client2 for new_session_tickets
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 025f3c5..929f83d 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -82,7 +82,7 @@
#define DFL_CID_VALUE_RENEGO NULL
#define DFL_RECONNECT_HARD 0
#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
-#define DFL_NEW_SESSION_TICKETS MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED
+#define DFL_NEW_SESSION_TICKETS -1
#define DFL_ALPN_STRING NULL
#define DFL_GROUPS NULL
#define DFL_SIG_ALGS NULL
@@ -200,7 +200,7 @@
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
#define USAGE_TICKETS \
" tickets=%%d default: 1 (enabled)\n" \
- " new_session_tickets=%%d default: 1 (enabled)\n"
+ " new_session_tickets=%%d default: (library default: disabled)\n"
#else
#define USAGE_TICKETS ""
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
@@ -1946,8 +1946,10 @@
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_conf_session_tickets(&conf, opt.tickets);
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets(
- &conf, opt.new_session_tickets);
+ if (opt.new_session_tickets != DFL_NEW_SESSION_TICKETS) {
+ mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets(
+ &conf, opt.new_session_tickets);
+ }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh
index 90ae3b2..f6520a1 100755
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@@ -48,7 +48,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \
- "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \
+ "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Pre-configured PSK number = 2" \
-s "sent selected_identity: 0" \
@@ -62,7 +62,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \
- "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \
+ "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Pre-configured PSK number = 2" \
-s "sent selected_identity: 1" \
@@ -147,7 +147,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption" \
"$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
- "$P_CLI reco_mode=1 reconnect=1" \
+ "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
@@ -167,7 +167,7 @@
run_test "TLS 1.3 m->m: resumption with servername" \
"$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
- "$P_CLI server_name=localhost reco_mode=1 reconnect=1" \
+ "$P_CLI server_name=localhost new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
@@ -186,7 +186,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption with ticket max lifetime (7d)" \
"$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604800 tickets=1" \
- "$P_CLI reco_mode=1 reconnect=1" \
+ "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
@@ -206,7 +206,7 @@
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
run_test "TLS 1.3 m->m: resumption with AES-256-GCM-SHA384 only" \
"$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
- "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \
+ "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
@@ -226,7 +226,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption with early data" \
"$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
- "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
@@ -257,7 +257,7 @@
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
run_test "TLS 1.3 m->m: resumption with early data, AES-256-GCM-SHA384 only" \
"$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
- "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
@@ -288,7 +288,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-default" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
- "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
@@ -317,7 +317,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-disabled" \
"$P_SRV debug_level=4 early_data=0 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
- "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
@@ -346,7 +346,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, early data cli-default/srv-enabled" \
"$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
- "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=3 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
@@ -375,7 +375,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, early data cli-disabled/srv-enabled" \
"$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
- "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=3 early_data=0 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
@@ -404,7 +404,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, ticket lifetime too long (7d + 1s)" \
"$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604801 tickets=1" \
- "$P_CLI reco_mode=1 reconnect=1" \
+ "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
1 \
-c "Protocol is TLSv1.3" \
-C "Saving session for reuse... ok" \
@@ -423,7 +423,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, ticket lifetime=0" \
"$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=0 tickets=1" \
- "$P_CLI debug_level=2 reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=2 new_session_tickets=1 reco_mode=1 reconnect=1" \
1 \
-c "Protocol is TLSv1.3" \
-C "Saving session for reuse... ok" \
@@ -443,7 +443,7 @@
run_test "TLS 1.3 m->m: resumption fails, servername check failed" \
"$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
- "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote new_session_tickets=1 reco_mode=1 reconnect=1" \
1 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
@@ -462,7 +462,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, ticket auth failed." \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=1" \
- "$P_CLI reco_mode=1 reconnect=1" \
+ "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-s "key exchange mode: ephemeral" \
@@ -485,7 +485,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, ticket expired." \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=2" \
- "$P_CLI reco_mode=1 reconnect=1" \
+ "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-s "key exchange mode: ephemeral" \
@@ -508,7 +508,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, invalid creation time." \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=3" \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-s "key exchange mode: ephemeral" \
@@ -531,7 +531,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, ticket expired, too old" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=4" \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-s "key exchange mode: ephemeral" \
@@ -554,7 +554,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too young" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=5" \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-s "key exchange mode: ephemeral" \
@@ -577,7 +577,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too old" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=6" \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-s "key exchange mode: ephemeral" \
@@ -599,7 +599,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/none" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
- "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
+ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-s "key exchange mode: ephemeral" \
@@ -617,7 +617,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
- "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
+ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-s "key exchange mode: ephemeral" \
@@ -635,7 +635,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/psk_ephemeral" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
- "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
+ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-s "key exchange mode: ephemeral" \
@@ -653,7 +653,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk_all" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
- "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
+ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-s "key exchange mode: ephemeral" \
@@ -671,7 +671,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/none" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
- "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
+ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-s "key exchange mode: ephemeral" \
@@ -689,7 +689,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/psk" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
- "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
+ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-s "key exchange mode: ephemeral" \
@@ -707,7 +707,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_ephemeral" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
- "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
+ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-s "key exchange mode: ephemeral" \
@@ -725,7 +725,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_all" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
- "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
+ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-s "key exchange mode: ephemeral" \
@@ -744,7 +744,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_all/none" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
- "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
+ "$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
0 \
-c "Pre-configured PSK number = 1" \
-S "sent selected_identity:" \
@@ -763,7 +763,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk_all/psk" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
- "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
+ "$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-s "key exchange mode: ephemeral" \
@@ -782,7 +782,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_ephemeral" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
- "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
+ "$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-s "key exchange mode: ephemeral" \
@@ -801,7 +801,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_all" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
- "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
+ "$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-s "key exchange mode: ephemeral" \
@@ -820,7 +820,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->O: resumption" \
"$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
- "$P_CLI reco_mode=1 reconnect=1" \
+ "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
@@ -846,7 +846,7 @@
MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-run_test "TLS 1.3 m->O: resumption fails, ticket handling disabled" \
+run_test "TLS 1.3 m->O: resumption fails, ticket handling disabled (explicit)" \
"$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
"$P_CLI debug_level=3 new_session_tickets=0 reco_mode=1 reconnect=1" \
1 \
@@ -855,6 +855,20 @@
-C "Reconnecting with saved session... ok" \
-c "Ignoring NewSessionTicket, handling disabled."
+requires_openssl_tls1_3_with_compatible_ephemeral
+requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
+ MBEDTLS_SSL_SESSION_TICKETS \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->O: resumption fails, ticket handling disabled (default)" \
+ "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
+ "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
+ 1 \
+ -c "Protocol is TLSv1.3" \
+ -C "Saving session for reuse... ok" \
+ -C "Reconnecting with saved session... ok" \
+ -c "Ignoring NewSessionTicket, handling disabled."
+
# No early data m->O tests for the time being. The option -early_data is needed
# to enable early data on OpenSSL server and it is not compatible with the
# -www option we usually use for testing with OpenSSL server (see
@@ -872,7 +886,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->O: resumption with early data" \
"$O_NEXT_SRV_EARLY_DATA -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
- "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
@@ -894,7 +908,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: resumption" \
"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
- "$P_CLI reco_mode=1 reconnect=1" \
+ "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
@@ -920,7 +934,7 @@
MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-run_test "TLS 1.3 m->G: resumption fails, ticket handling disabled" \
+run_test "TLS 1.3 m->G: resumption fails, ticket handling disabled (explicit)" \
"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
"$P_CLI debug_level=3 new_session_tickets=0 reco_mode=1 reconnect=1" \
1 \
@@ -931,6 +945,20 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
+ MBEDTLS_SSL_SESSION_TICKETS \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->G: resumption fails, ticket handling disabled (default)" \
+ "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
+ "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
+ 1 \
+ -c "Protocol is TLSv1.3" \
+ -C "Saving session for reuse... ok" \
+ -C "Reconnecting with saved session... ok" \
+ -c "Ignoring NewSessionTicket, handling disabled."
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -939,7 +967,7 @@
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
run_test "TLS 1.3 m->G: resumption with AES-256-GCM-SHA384 only" \
"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
- "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \
+ "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
@@ -957,7 +985,7 @@
run_test "TLS 1.3 m->G: resumption with early data" \
"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
--earlydata --maxearlydata 16384" \
- "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
@@ -981,7 +1009,7 @@
run_test "TLS 1.3 m->G: resumption with early data, AES-256-GCM-SHA384 only" \
"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
--earlydata --maxearlydata 16384" \
- "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
@@ -1004,7 +1032,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: resumption, early data cli-enabled/srv-disabled" \
"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \
- "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
@@ -1023,7 +1051,7 @@
run_test "TLS 1.3 m->G: resumption, early data cli-default/srv-enabled" \
"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
--earlydata --maxearlydata 16384" \
- "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=3 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
@@ -1043,7 +1071,7 @@
run_test "TLS 1.3 m->G: resumption, early data cli-disabled/srv-enabled" \
"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
--earlydata --maxearlydata 16384" \
- "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=3 early_data=0 new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
-c "Saving session for reuse... ok" \
@@ -1240,7 +1268,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \
"$P_SRV force_version=tls13 debug_level=4 early_data=1 max_early_data_size=1024" \
- "$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reco_mode=1 reconnect=1" \
0 \
-s "key exchange mode: ephemeral" \
-S "key exchange mode: psk" \
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 6afc26a..ab16fcd 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -3865,7 +3865,7 @@
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: openssl server" \
"$O_SRV -tls1_2" \
- "$P_CLI debug_level=3 tickets=1 reconnect=1" \
+ "$P_CLI debug_level=3 tickets=1 new_session_tickets=1 reconnect=1" \
0 \
-c "client hello, adding session ticket extension" \
-c "found session_ticket extension" \
@@ -6857,7 +6857,7 @@
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Non-blocking I/O: ticket" \
"$P_SRV nbio=2 tickets=1 auth_mode=none" \
- "$P_CLI nbio=2 tickets=1" \
+ "$P_CLI nbio=2 tickets=1 new_session_tickets=1" \
0 \
-S "mbedtls_ssl_handshake returned" \
-C "mbedtls_ssl_handshake returned" \
@@ -6867,7 +6867,7 @@
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Non-blocking I/O: ticket + client auth" \
"$P_SRV nbio=2 tickets=1 auth_mode=required" \
- "$P_CLI nbio=2 tickets=1" \
+ "$P_CLI nbio=2 tickets=1 new_session_tickets=1" \
0 \
-S "mbedtls_ssl_handshake returned" \
-C "mbedtls_ssl_handshake returned" \
@@ -6889,7 +6889,7 @@
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Non-blocking I/O: TLS 1.3 + ticket + client auth + resume" \
"$P_SRV nbio=2 tickets=1 auth_mode=required" \
- "$P_CLI nbio=2 tickets=1 reconnect=1" \
+ "$P_CLI nbio=2 tickets=1 new_session_tickets=1 reconnect=1" \
0 \
-S "mbedtls_ssl_handshake returned" \
-C "mbedtls_ssl_handshake returned" \
@@ -6911,7 +6911,7 @@
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Non-blocking I/O: TLS 1.3 + ticket + resume" \
"$P_SRV nbio=2 tickets=1 auth_mode=none" \
- "$P_CLI nbio=2 tickets=1 reconnect=1" \
+ "$P_CLI nbio=2 tickets=1 new_session_tickets=1 reconnect=1" \
0 \
-S "mbedtls_ssl_handshake returned" \
-C "mbedtls_ssl_handshake returned" \
@@ -6950,7 +6950,7 @@
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Event-driven I/O: ticket" \
"$P_SRV event=1 tickets=1 auth_mode=none" \
- "$P_CLI event=1 tickets=1" \
+ "$P_CLI event=1 tickets=1 new_session_tickets=1" \
0 \
-S "mbedtls_ssl_handshake returned" \
-C "mbedtls_ssl_handshake returned" \
@@ -6960,7 +6960,7 @@
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Event-driven I/O: ticket + client auth" \
"$P_SRV event=1 tickets=1 auth_mode=required" \
- "$P_CLI event=1 tickets=1" \
+ "$P_CLI event=1 tickets=1 new_session_tickets=1" \
0 \
-S "mbedtls_ssl_handshake returned" \
-C "mbedtls_ssl_handshake returned" \
@@ -6982,7 +6982,7 @@
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Event-driven I/O: TLS 1.3 + ticket + client auth + resume" \
"$P_SRV event=1 tickets=1 auth_mode=required" \
- "$P_CLI event=1 tickets=1 reconnect=1" \
+ "$P_CLI event=1 tickets=1 new_session_tickets=1 reconnect=1" \
0 \
-S "mbedtls_ssl_handshake returned" \
-C "mbedtls_ssl_handshake returned" \
@@ -7004,7 +7004,7 @@
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Event-driven I/O: TLS 1.3 + ticket + resume" \
"$P_SRV event=1 tickets=1 auth_mode=none" \
- "$P_CLI event=1 tickets=1 reconnect=1" \
+ "$P_CLI event=1 tickets=1 new_session_tickets=1 reconnect=1" \
0 \
-S "mbedtls_ssl_handshake returned" \
-C "mbedtls_ssl_handshake returned" \