ssl-opt.sh: Force TLS 1.2 version
Force TLS 1.2 version on tests related to
MBEDTLS_SSL_ASYNC_PRIVATE, CA callback and
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH. Those
SSL options are not supported in TLS 1.3
for the time being. Thus force TLS 1.2
version in preparation of TLS 1.3 being
the default protocol version when both
TLS 1.2 and TLS 1.3 are enabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index dea11bd..9475cf8 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1966,22 +1966,20 @@
"$P_CLI" \
0
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "CA callback on client" \
"$P_SRV debug_level=3" \
- "$P_CLI ca_callback=1 debug_level=3 " \
+ "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 " \
0 \
-c "use CA callback for X.509 CRT verification" \
-S "error" \
-C "error"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_hash_alg SHA_256
run_test "CA callback on server" \
- "$P_SRV auth_mode=required" \
+ "$P_SRV force_version=tls12 auth_mode=required" \
"$P_CLI ca_callback=1 debug_level=3 crt_file=data_files/server5.crt \
key_file=data_files/server5.key" \
0 \
@@ -2557,10 +2555,9 @@
0
# Tests for certificate verification callback
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Configuration-specific CRT verification callback" \
"$P_SRV debug_level=3" \
- "$P_CLI context_crt_cb=0 debug_level=3" \
+ "$P_CLI force_version=tls12 context_crt_cb=0 debug_level=3" \
0 \
-S "error" \
-c "Verify requested for " \
@@ -2568,10 +2565,9 @@
-C "Use context-specific verification callback" \
-C "error"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Context-specific CRT verification callback" \
"$P_SRV debug_level=3" \
- "$P_CLI context_crt_cb=1 debug_level=3" \
+ "$P_CLI force_version=tls12 context_crt_cb=1 debug_level=3" \
0 \
-S "error" \
-c "Verify requested for " \
@@ -4406,10 +4402,9 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: used by client" \
"$P_SRV debug_level=3" \
- "$P_CLI debug_level=3 max_frag_len=4096" \
+ "$P_CLI force_version=tls12 debug_level=3 max_frag_len=4096" \
0 \
-c "Maximum incoming record payload length is 4096" \
-c "Maximum outgoing record payload length is 4096" \
@@ -4422,10 +4417,9 @@
requires_max_content_len 1024
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 512, server 1024" \
"$P_SRV debug_level=3 max_frag_len=1024" \
- "$P_CLI debug_level=3 max_frag_len=512" \
+ "$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \
0 \
-c "Maximum incoming record payload length is 512" \
-c "Maximum outgoing record payload length is 512" \
@@ -4438,10 +4432,9 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 512, server 2048" \
"$P_SRV debug_level=3 max_frag_len=2048" \
- "$P_CLI debug_level=3 max_frag_len=512" \
+ "$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \
0 \
-c "Maximum incoming record payload length is 512" \
-c "Maximum outgoing record payload length is 512" \
@@ -4454,10 +4447,9 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 512, server 4096" \
"$P_SRV debug_level=3 max_frag_len=4096" \
- "$P_CLI debug_level=3 max_frag_len=512" \
+ "$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \
0 \
-c "Maximum incoming record payload length is 512" \
-c "Maximum outgoing record payload length is 512" \
@@ -4470,9 +4462,8 @@
requires_max_content_len 1024
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 1024, server 512" \
- "$P_SRV debug_level=3 max_frag_len=512" \
+ "$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \
"$P_CLI debug_level=3 max_frag_len=1024" \
0 \
-c "Maximum incoming record payload length is 1024" \
@@ -4486,10 +4477,9 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 1024, server 2048" \
"$P_SRV debug_level=3 max_frag_len=2048" \
- "$P_CLI debug_level=3 max_frag_len=1024" \
+ "$P_CLI force_version=tls12 debug_level=3 max_frag_len=1024" \
0 \
-c "Maximum incoming record payload length is 1024" \
-c "Maximum outgoing record payload length is 1024" \
@@ -4502,10 +4492,9 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 1024, server 4096" \
"$P_SRV debug_level=3 max_frag_len=4096" \
- "$P_CLI debug_level=3 max_frag_len=1024" \
+ "$P_CLI force_version=tls12 debug_level=3 max_frag_len=1024" \
0 \
-c "Maximum incoming record payload length is 1024" \
-c "Maximum outgoing record payload length is 1024" \
@@ -4518,9 +4507,8 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 2048, server 512" \
- "$P_SRV debug_level=3 max_frag_len=512" \
+ "$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \
"$P_CLI debug_level=3 max_frag_len=2048" \
0 \
-c "Maximum incoming record payload length is 2048" \
@@ -4534,9 +4522,8 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 2048, server 1024" \
- "$P_SRV debug_level=3 max_frag_len=1024" \
+ "$P_SRV force_version=tls12 debug_level=3 max_frag_len=1024" \
"$P_CLI debug_level=3 max_frag_len=2048" \
0 \
-c "Maximum incoming record payload length is 2048" \
@@ -4550,10 +4537,9 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 2048, server 4096" \
"$P_SRV debug_level=3 max_frag_len=4096" \
- "$P_CLI debug_level=3 max_frag_len=2048" \
+ "$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048" \
0 \
-c "Maximum incoming record payload length is 2048" \
-c "Maximum outgoing record payload length is 2048" \
@@ -4566,9 +4552,8 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 4096, server 512" \
- "$P_SRV debug_level=3 max_frag_len=512" \
+ "$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
-c "Maximum incoming record payload length is 4096" \
@@ -4582,9 +4567,8 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 4096, server 1024" \
- "$P_SRV debug_level=3 max_frag_len=1024" \
+ "$P_SRV force_version=tls12 debug_level=3 max_frag_len=1024" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
-c "Maximum incoming record payload length is 4096" \
@@ -4598,9 +4582,8 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 4096, server 2048" \
- "$P_SRV debug_level=3 max_frag_len=2048" \
+ "$P_SRV force_version=tls12 debug_level=3 max_frag_len=2048" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
-c "Maximum incoming record payload length is 4096" \
@@ -4614,9 +4597,8 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: used by server" \
- "$P_SRV debug_level=3 max_frag_len=4096" \
+ "$P_SRV force_version=tls12 debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3" \
0 \
-c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
@@ -4643,10 +4625,9 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client, message just fits" \
"$P_SRV debug_level=3" \
- "$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
+ "$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048 request_size=2048" \
0 \
-c "Maximum incoming record payload length is 2048" \
-c "Maximum outgoing record payload length is 2048" \
@@ -4661,10 +4642,9 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client, larger message" \
"$P_SRV debug_level=3" \
- "$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
+ "$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048 request_size=2345" \
0 \
-c "Maximum incoming record payload length is 2048" \
-c "Maximum outgoing record payload length is 2048" \
@@ -5740,11 +5720,10 @@
# When updating these tests, modify the matching authentication tests accordingly
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server badcert, client required" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
- "$P_CLI ca_callback=1 debug_level=3 auth_mode=required" \
+ "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \
1 \
-c "use CA callback for X.509 CRT verification" \
-c "x509_verify_cert() returned" \
@@ -5753,11 +5732,10 @@
-c "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server badcert, client optional" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
- "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional" \
+ "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional" \
0 \
-c "use CA callback for X.509 CRT verification" \
-c "x509_verify_cert() returned" \
@@ -5774,11 +5752,10 @@
requires_config_enabled MBEDTLS_ECP_C
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
- "$P_CLI ca_callback=1 debug_level=3 auth_mode=required curves=secp521r1" \
+ "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required curves=secp521r1" \
1 \
-c "use CA callback for X.509 CRT verification" \
-c "bad certificate (EC key curve)" \
@@ -5787,11 +5764,10 @@
requires_config_enabled MBEDTLS_ECP_C
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
- "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional curves=secp521r1" \
+ "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional curves=secp521r1" \
1 \
-c "use CA callback for X.509 CRT verification" \
-c "bad certificate (EC key curve)"\
@@ -5823,9 +5799,8 @@
-c "Supported Signature Algorithm found: 05 "
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client badcert, server required" \
- "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
+ "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
1 \
@@ -5847,9 +5822,8 @@
# before reading the alert message.
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client cert not trusted, server required" \
- "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
+ "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
key_file=data_files/server5.key" \
1 \
@@ -5867,9 +5841,8 @@
-s "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client badcert, server optional" \
- "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \
+ "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
0 \
@@ -5892,7 +5865,7 @@
run_test "Authentication, CA callback: server max_int chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
key_file=data_files/dir-maxpath/09.key" \
- "$P_CLI ca_callback=1 debug_level=3 server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \
+ "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \
0 \
-c "use CA callback for X.509 CRT verification" \
-C "X509 - A fatal error occurred"
@@ -5903,7 +5876,7 @@
run_test "Authentication, CA callback: server max_int+1 chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
- "$P_CLI debug_level=3 ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \
+ "$P_CLI force_version=tls12 debug_level=3 ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \
1 \
-c "use CA callback for X.509 CRT verification" \
-c "X509 - A fatal error occurred"
@@ -5914,7 +5887,7 @@
run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
- "$P_CLI ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
+ "$P_CLI force_version=tls12 ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
debug_level=3 auth_mode=optional" \
1 \
-c "use CA callback for X.509 CRT verification" \
@@ -5924,7 +5897,7 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
- "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
+ "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
1 \
@@ -5935,7 +5908,7 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server required" \
- "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
+ "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
1 \
@@ -5946,7 +5919,7 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int chain, server required" \
- "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
+ "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
key_file=data_files/dir-maxpath/09.key" \
0 \
@@ -8690,9 +8663,8 @@
# Tests of asynchronous private key support in SSL
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, delay=0" \
- "$P_SRV \
+ "$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=0 async_private_delay2=0" \
"$P_CLI" \
0 \
@@ -8700,9 +8672,8 @@
-s "Async resume (slot [0-9]): sign done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, delay=1" \
- "$P_SRV \
+ "$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=1 async_private_delay2=1" \
"$P_CLI" \
0 \
@@ -8711,9 +8682,8 @@
-s "Async resume (slot [0-9]): sign done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, delay=2" \
- "$P_SRV \
+ "$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=2 async_private_delay2=2" \
"$P_CLI" \
0 \
@@ -8725,9 +8695,8 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, SNI" \
- "$P_SRV debug_level=3 \
+ "$P_SRV force_version=tls12 debug_level=3 \
async_operations=s async_private_delay1=0 async_private_delay2=0 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
@@ -8783,7 +8752,7 @@
run_test "SSL async private: sign callback not present" \
"$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1" \
- "$P_CLI; [ \$? -eq 1 ] &&
+ "$P_CLI force_version=tls12; [ \$? -eq 1 ] &&
$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \
-S "Async sign callback" \
@@ -8856,9 +8825,8 @@
-s "Async sign callback: no key matches this certificate."
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, error in start" \
- "$P_SRV \
+ "$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
async_private_error=1" \
"$P_CLI" \
@@ -8869,9 +8837,8 @@
-s "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, cancel after start" \
- "$P_SRV \
+ "$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
async_private_error=2" \
"$P_CLI" \
@@ -8881,9 +8848,8 @@
-s "Async cancel"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, error in resume" \
- "$P_SRV \
+ "$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
async_private_error=3" \
"$P_CLI" \
@@ -8929,9 +8895,8 @@
-s "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: cancel after start then operate correctly" \
- "$P_SRV \
+ "$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
async_private_error=-2" \
"$P_CLI; [ \$? -eq 1 ] && $P_CLI" \
@@ -8942,9 +8907,8 @@
-s "Successful connection"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: error in resume then operate correctly" \
- "$P_SRV \
+ "$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
async_private_error=-3" \
"$P_CLI; [ \$? -eq 1 ] && $P_CLI" \
@@ -8997,9 +8961,8 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: renegotiation: client-initiated, sign" \
- "$P_SRV \
+ "$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
exchanges=2 renegotiation=1" \
"$P_CLI exchanges=2 renegotiation=1 renegotiate=1" \
@@ -9009,9 +8972,8 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: renegotiation: server-initiated, sign" \
- "$P_SRV \
+ "$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
exchanges=2 renegotiation=1 renegotiate=1" \
"$P_CLI exchanges=2 renegotiation=1" \