TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a05e9c1ec80cdce57135ec2afcf86d2c6a2cec2b / . / tests / opt-testcases / tls13-compat.sh
blob: 3be82f35f2e13b39f11f7a087ab5d8ee4a976e78 [file] [log] [blame]
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1#!/bin/sh
2
3# tls13-compat.sh
4#
5# Copyright The Mbed TLS Contributors
6# SPDX-License-Identifier: Apache-2.0
7#
8# Licensed under the Apache License, Version 2.0 (the "License"); you may
9# not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17# See the License for the specific language governing permissions and
18# limitations under the License.
19#
20# Purpose
21#
22# List TLS1.3 compat test cases. They are generated by
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]23# `./tests/scripts/generate_tls13_compat_tests.py -a -o ./tests/opt-testcases/tls13-compat.sh`.
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]24#
25# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
26# AND REGENERATE THIS FILE.
27#
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]28requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]29requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]30requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]31requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
32requires_openssl_tls1_3
33run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]34 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]35 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]36 0 \
37 -s "Protocol is TLSv1.3" \
38 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
39 -s "received signature algorithm: 0x403" \
40 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]41 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]42 -C "received HelloRetryRequest message"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]43
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]44requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]45requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]46requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]47requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
48requires_openssl_tls1_3
49run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]50 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]51 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]52 0 \
53 -s "Protocol is TLSv1.3" \
54 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
55 -s "received signature algorithm: 0x503" \
56 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]57 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]58 -C "received HelloRetryRequest message"
59
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]60requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]61requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]62requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]63requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
64requires_openssl_tls1_3
65run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]66 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]67 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]68 0 \
69 -s "Protocol is TLSv1.3" \
70 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
71 -s "received signature algorithm: 0x603" \
72 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]73 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]74 -C "received HelloRetryRequest message"
75
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]76requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]77requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]78requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]79requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
80requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
81requires_openssl_tls1_3
82run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]83 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]84 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]85 0 \
86 -s "Protocol is TLSv1.3" \
87 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
88 -s "received signature algorithm: 0x804" \
89 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]90 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]91 -C "received HelloRetryRequest message"
92
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]93requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]94requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]95requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]96requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
97requires_openssl_tls1_3
98run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]99 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]100 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]101 0 \
102 -s "Protocol is TLSv1.3" \
103 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
104 -s "received signature algorithm: 0x403" \
105 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]106 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]107 -C "received HelloRetryRequest message"
108
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]109requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]110requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]111requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]112requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
113requires_openssl_tls1_3
114run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]115 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]116 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]117 0 \
118 -s "Protocol is TLSv1.3" \
119 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
120 -s "received signature algorithm: 0x503" \
121 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]122 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]123 -C "received HelloRetryRequest message"
124
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]125requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]126requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]127requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]128requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
129requires_openssl_tls1_3
130run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]131 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]132 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]133 0 \
134 -s "Protocol is TLSv1.3" \
135 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
136 -s "received signature algorithm: 0x603" \
137 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]138 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]139 -C "received HelloRetryRequest message"
140
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]141requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]142requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]143requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]144requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
145requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
146requires_openssl_tls1_3
147run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]148 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]149 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]150 0 \
151 -s "Protocol is TLSv1.3" \
152 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
153 -s "received signature algorithm: 0x804" \
154 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]155 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]156 -C "received HelloRetryRequest message"
157
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]158requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]159requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]160requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]161requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
162requires_openssl_tls1_3
163run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]164 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]165 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]166 0 \
167 -s "Protocol is TLSv1.3" \
168 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
169 -s "received signature algorithm: 0x403" \
170 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]171 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]172 -C "received HelloRetryRequest message"
173
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]174requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]175requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]176requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]177requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
178requires_openssl_tls1_3
179run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]180 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]181 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]182 0 \
183 -s "Protocol is TLSv1.3" \
184 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
185 -s "received signature algorithm: 0x503" \
186 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]187 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]188 -C "received HelloRetryRequest message"
189
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]190requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]191requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]192requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]193requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
194requires_openssl_tls1_3
195run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]196 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]197 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]198 0 \
199 -s "Protocol is TLSv1.3" \
200 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
201 -s "received signature algorithm: 0x603" \
202 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]203 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]204 -C "received HelloRetryRequest message"
205
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]206requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]207requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]208requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]209requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
210requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
211requires_openssl_tls1_3
212run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]213 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]214 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]215 0 \
216 -s "Protocol is TLSv1.3" \
217 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
218 -s "received signature algorithm: 0x804" \
219 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]220 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]221 -C "received HelloRetryRequest message"
222
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]223requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]224requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]225requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]226requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
227requires_openssl_tls1_3
228run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]229 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]230 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]231 0 \
232 -s "Protocol is TLSv1.3" \
233 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
234 -s "received signature algorithm: 0x403" \
235 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]236 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]237 -C "received HelloRetryRequest message"
238
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]239requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]240requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]241requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]242requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
243requires_openssl_tls1_3
244run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]245 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]246 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]247 0 \
248 -s "Protocol is TLSv1.3" \
249 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
250 -s "received signature algorithm: 0x503" \
251 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]252 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]253 -C "received HelloRetryRequest message"
254
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]255requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]256requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]257requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]258requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
259requires_openssl_tls1_3
260run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]261 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]262 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]263 0 \
264 -s "Protocol is TLSv1.3" \
265 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
266 -s "received signature algorithm: 0x603" \
267 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]268 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]269 -C "received HelloRetryRequest message"
270
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]271requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]272requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]273requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]274requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
275requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
276requires_openssl_tls1_3
277run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]278 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]279 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]280 0 \
281 -s "Protocol is TLSv1.3" \
282 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
283 -s "received signature algorithm: 0x804" \
284 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]285 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]286 -C "received HelloRetryRequest message"
287
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]288requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]289requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]290requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]291requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
292requires_openssl_tls1_3
293run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]294 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]295 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]296 0 \
297 -s "Protocol is TLSv1.3" \
298 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
299 -s "received signature algorithm: 0x403" \
300 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]301 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]302 -C "received HelloRetryRequest message"
303
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]304requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]305requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]306requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]307requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
308requires_openssl_tls1_3
309run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]310 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]311 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]312 0 \
313 -s "Protocol is TLSv1.3" \
314 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
315 -s "received signature algorithm: 0x503" \
316 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]317 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]318 -C "received HelloRetryRequest message"
319
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]320requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]321requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]322requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]323requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
324requires_openssl_tls1_3
325run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]326 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]327 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]328 0 \
329 -s "Protocol is TLSv1.3" \
330 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
331 -s "received signature algorithm: 0x603" \
332 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]333 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]334 -C "received HelloRetryRequest message"
335
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]336requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]337requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]338requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]339requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
340requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
341requires_openssl_tls1_3
342run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]343 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]344 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]345 0 \
346 -s "Protocol is TLSv1.3" \
347 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
348 -s "received signature algorithm: 0x804" \
349 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]350 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]351 -C "received HelloRetryRequest message"
352
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]353requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]354requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]355requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]356requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
357requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]358requires_openssl_3_x
359run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
360 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
361 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
362 0 \
363 -s "Protocol is TLSv1.3" \
364 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
365 -s "received signature algorithm: 0x403" \
366 -s "got named group: ffdhe2048(0100)" \
367 -s "Certificate verification was skipped" \
368 -C "received HelloRetryRequest message"
369
370requires_config_enabled MBEDTLS_SSL_SRV_C
371requires_config_enabled MBEDTLS_DEBUG_C
372requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
373requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
374requires_openssl_tls1_3
375requires_openssl_3_x
376run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
377 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
378 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
379 0 \
380 -s "Protocol is TLSv1.3" \
381 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
382 -s "received signature algorithm: 0x503" \
383 -s "got named group: ffdhe2048(0100)" \
384 -s "Certificate verification was skipped" \
385 -C "received HelloRetryRequest message"
386
387requires_config_enabled MBEDTLS_SSL_SRV_C
388requires_config_enabled MBEDTLS_DEBUG_C
389requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
390requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
391requires_openssl_tls1_3
392requires_openssl_3_x
393run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
394 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
395 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
396 0 \
397 -s "Protocol is TLSv1.3" \
398 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
399 -s "received signature algorithm: 0x603" \
400 -s "got named group: ffdhe2048(0100)" \
401 -s "Certificate verification was skipped" \
402 -C "received HelloRetryRequest message"
403
404requires_config_enabled MBEDTLS_SSL_SRV_C
405requires_config_enabled MBEDTLS_DEBUG_C
406requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
407requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
408requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
409requires_openssl_tls1_3
410requires_openssl_3_x
411run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
412 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
413 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
414 0 \
415 -s "Protocol is TLSv1.3" \
416 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
417 -s "received signature algorithm: 0x804" \
418 -s "got named group: ffdhe2048(0100)" \
419 -s "Certificate verification was skipped" \
420 -C "received HelloRetryRequest message"
421
422requires_config_enabled MBEDTLS_SSL_SRV_C
423requires_config_enabled MBEDTLS_DEBUG_C
424requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
425requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
426requires_openssl_tls1_3
427requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]428run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
429 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
430 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
431 0 \
432 -s "Protocol is TLSv1.3" \
433 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
434 -s "received signature algorithm: 0x403" \
435 -s "got named group: ffdhe8192(0104)" \
436 -s "Certificate verification was skipped" \
437 -C "received HelloRetryRequest message"
438
439requires_config_enabled MBEDTLS_SSL_SRV_C
440requires_config_enabled MBEDTLS_DEBUG_C
441requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
442requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
443requires_openssl_tls1_3
444requires_openssl_3_x
445run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
446 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
447 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
448 0 \
449 -s "Protocol is TLSv1.3" \
450 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
451 -s "received signature algorithm: 0x503" \
452 -s "got named group: ffdhe8192(0104)" \
453 -s "Certificate verification was skipped" \
454 -C "received HelloRetryRequest message"
455
456requires_config_enabled MBEDTLS_SSL_SRV_C
457requires_config_enabled MBEDTLS_DEBUG_C
458requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
459requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
460requires_openssl_tls1_3
461requires_openssl_3_x
462run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
463 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
464 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
465 0 \
466 -s "Protocol is TLSv1.3" \
467 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
468 -s "received signature algorithm: 0x603" \
469 -s "got named group: ffdhe8192(0104)" \
470 -s "Certificate verification was skipped" \
471 -C "received HelloRetryRequest message"
472
473requires_config_enabled MBEDTLS_SSL_SRV_C
474requires_config_enabled MBEDTLS_DEBUG_C
475requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
476requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
477requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
478requires_openssl_tls1_3
479requires_openssl_3_x
480run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
481 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
482 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
483 0 \
484 -s "Protocol is TLSv1.3" \
485 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
486 -s "received signature algorithm: 0x804" \
487 -s "got named group: ffdhe8192(0104)" \
488 -s "Certificate verification was skipped" \
489 -C "received HelloRetryRequest message"
490
491requires_config_enabled MBEDTLS_SSL_SRV_C
492requires_config_enabled MBEDTLS_DEBUG_C
493requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
494requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
495requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]496run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]497 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]498 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]499 0 \
500 -s "Protocol is TLSv1.3" \
501 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
502 -s "received signature algorithm: 0x403" \
503 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]504 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]505 -C "received HelloRetryRequest message"
506
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]507requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]508requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]509requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]510requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
511requires_openssl_tls1_3
512run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]513 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]514 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]515 0 \
516 -s "Protocol is TLSv1.3" \
517 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
518 -s "received signature algorithm: 0x503" \
519 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]520 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]521 -C "received HelloRetryRequest message"
522
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]523requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]524requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]525requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]526requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
527requires_openssl_tls1_3
528run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]529 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]530 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]531 0 \
532 -s "Protocol is TLSv1.3" \
533 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
534 -s "received signature algorithm: 0x603" \
535 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]536 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]537 -C "received HelloRetryRequest message"
538
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]539requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]540requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]541requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]542requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
543requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
544requires_openssl_tls1_3
545run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]546 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]547 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]548 0 \
549 -s "Protocol is TLSv1.3" \
550 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
551 -s "received signature algorithm: 0x804" \
552 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]553 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]554 -C "received HelloRetryRequest message"
555
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]556requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]557requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]558requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]559requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
560requires_openssl_tls1_3
561run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]562 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]563 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]564 0 \
565 -s "Protocol is TLSv1.3" \
566 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
567 -s "received signature algorithm: 0x403" \
568 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]569 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]570 -C "received HelloRetryRequest message"
571
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]572requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]573requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]574requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]575requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
576requires_openssl_tls1_3
577run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]578 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]579 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]580 0 \
581 -s "Protocol is TLSv1.3" \
582 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
583 -s "received signature algorithm: 0x503" \
584 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]585 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]586 -C "received HelloRetryRequest message"
587
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]588requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]589requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]590requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]591requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
592requires_openssl_tls1_3
593run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]594 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]595 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]596 0 \
597 -s "Protocol is TLSv1.3" \
598 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
599 -s "received signature algorithm: 0x603" \
600 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]601 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]602 -C "received HelloRetryRequest message"
603
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]604requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]605requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]606requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]607requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
608requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
609requires_openssl_tls1_3
610run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]611 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]612 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]613 0 \
614 -s "Protocol is TLSv1.3" \
615 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
616 -s "received signature algorithm: 0x804" \
617 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]618 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]619 -C "received HelloRetryRequest message"
620
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]621requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]622requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]623requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]624requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
625requires_openssl_tls1_3
626run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]627 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]628 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]629 0 \
630 -s "Protocol is TLSv1.3" \
631 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
632 -s "received signature algorithm: 0x403" \
633 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]634 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]635 -C "received HelloRetryRequest message"
636
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]637requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]638requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]639requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]640requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
641requires_openssl_tls1_3
642run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]643 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]644 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]645 0 \
646 -s "Protocol is TLSv1.3" \
647 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
648 -s "received signature algorithm: 0x503" \
649 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]650 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]651 -C "received HelloRetryRequest message"
652
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]653requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]654requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]655requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]656requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
657requires_openssl_tls1_3
658run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]659 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]660 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]661 0 \
662 -s "Protocol is TLSv1.3" \
663 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
664 -s "received signature algorithm: 0x603" \
665 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]666 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]667 -C "received HelloRetryRequest message"
668
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]669requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]670requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]671requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]672requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
673requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
674requires_openssl_tls1_3
675run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]676 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]677 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]678 0 \
679 -s "Protocol is TLSv1.3" \
680 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
681 -s "received signature algorithm: 0x804" \
682 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]683 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]684 -C "received HelloRetryRequest message"
685
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]686requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]687requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]688requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]689requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
690requires_openssl_tls1_3
691run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]692 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]693 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]694 0 \
695 -s "Protocol is TLSv1.3" \
696 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
697 -s "received signature algorithm: 0x403" \
698 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]699 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]700 -C "received HelloRetryRequest message"
701
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]702requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]703requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]704requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]705requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
706requires_openssl_tls1_3
707run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]708 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]709 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]710 0 \
711 -s "Protocol is TLSv1.3" \
712 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
713 -s "received signature algorithm: 0x503" \
714 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]715 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]716 -C "received HelloRetryRequest message"
717
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]718requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]719requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]720requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]721requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
722requires_openssl_tls1_3
723run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]724 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]725 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]726 0 \
727 -s "Protocol is TLSv1.3" \
728 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
729 -s "received signature algorithm: 0x603" \
730 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]731 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]732 -C "received HelloRetryRequest message"
733
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]734requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]735requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]736requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]737requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
738requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
739requires_openssl_tls1_3
740run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]741 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]742 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]743 0 \
744 -s "Protocol is TLSv1.3" \
745 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
746 -s "received signature algorithm: 0x804" \
747 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]748 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]749 -C "received HelloRetryRequest message"
750
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]751requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]752requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]753requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]754requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
755requires_openssl_tls1_3
756run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]757 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]758 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]759 0 \
760 -s "Protocol is TLSv1.3" \
761 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
762 -s "received signature algorithm: 0x403" \
763 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]764 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]765 -C "received HelloRetryRequest message"
766
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]767requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]768requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]769requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]770requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
771requires_openssl_tls1_3
772run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]773 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]774 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]775 0 \
776 -s "Protocol is TLSv1.3" \
777 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
778 -s "received signature algorithm: 0x503" \
779 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]780 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]781 -C "received HelloRetryRequest message"
782
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]783requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]784requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]785requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]786requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
787requires_openssl_tls1_3
788run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]789 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]790 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]791 0 \
792 -s "Protocol is TLSv1.3" \
793 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
794 -s "received signature algorithm: 0x603" \
795 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]796 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]797 -C "received HelloRetryRequest message"
798
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]799requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]800requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]801requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]802requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
803requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
804requires_openssl_tls1_3
805run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]806 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]807 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]808 0 \
809 -s "Protocol is TLSv1.3" \
810 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
811 -s "received signature algorithm: 0x804" \
812 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]813 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]814 -C "received HelloRetryRequest message"
815
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]816requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]817requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]818requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]819requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
820requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]821requires_openssl_3_x
822run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
823 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
824 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
825 0 \
826 -s "Protocol is TLSv1.3" \
827 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
828 -s "received signature algorithm: 0x403" \
829 -s "got named group: ffdhe2048(0100)" \
830 -s "Certificate verification was skipped" \
831 -C "received HelloRetryRequest message"
832
833requires_config_enabled MBEDTLS_SSL_SRV_C
834requires_config_enabled MBEDTLS_DEBUG_C
835requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
836requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
837requires_openssl_tls1_3
838requires_openssl_3_x
839run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
840 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
841 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
842 0 \
843 -s "Protocol is TLSv1.3" \
844 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
845 -s "received signature algorithm: 0x503" \
846 -s "got named group: ffdhe2048(0100)" \
847 -s "Certificate verification was skipped" \
848 -C "received HelloRetryRequest message"
849
850requires_config_enabled MBEDTLS_SSL_SRV_C
851requires_config_enabled MBEDTLS_DEBUG_C
852requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
853requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
854requires_openssl_tls1_3
855requires_openssl_3_x
856run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
857 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
858 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
859 0 \
860 -s "Protocol is TLSv1.3" \
861 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
862 -s "received signature algorithm: 0x603" \
863 -s "got named group: ffdhe2048(0100)" \
864 -s "Certificate verification was skipped" \
865 -C "received HelloRetryRequest message"
866
867requires_config_enabled MBEDTLS_SSL_SRV_C
868requires_config_enabled MBEDTLS_DEBUG_C
869requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
870requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
871requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
872requires_openssl_tls1_3
873requires_openssl_3_x
874run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
875 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
876 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
877 0 \
878 -s "Protocol is TLSv1.3" \
879 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
880 -s "received signature algorithm: 0x804" \
881 -s "got named group: ffdhe2048(0100)" \
882 -s "Certificate verification was skipped" \
883 -C "received HelloRetryRequest message"
884
885requires_config_enabled MBEDTLS_SSL_SRV_C
886requires_config_enabled MBEDTLS_DEBUG_C
887requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
888requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
889requires_openssl_tls1_3
890requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]891run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
892 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
893 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
894 0 \
895 -s "Protocol is TLSv1.3" \
896 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
897 -s "received signature algorithm: 0x403" \
898 -s "got named group: ffdhe8192(0104)" \
899 -s "Certificate verification was skipped" \
900 -C "received HelloRetryRequest message"
901
902requires_config_enabled MBEDTLS_SSL_SRV_C
903requires_config_enabled MBEDTLS_DEBUG_C
904requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
905requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
906requires_openssl_tls1_3
907requires_openssl_3_x
908run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
909 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
910 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
911 0 \
912 -s "Protocol is TLSv1.3" \
913 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
914 -s "received signature algorithm: 0x503" \
915 -s "got named group: ffdhe8192(0104)" \
916 -s "Certificate verification was skipped" \
917 -C "received HelloRetryRequest message"
918
919requires_config_enabled MBEDTLS_SSL_SRV_C
920requires_config_enabled MBEDTLS_DEBUG_C
921requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
922requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
923requires_openssl_tls1_3
924requires_openssl_3_x
925run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
926 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
927 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
928 0 \
929 -s "Protocol is TLSv1.3" \
930 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
931 -s "received signature algorithm: 0x603" \
932 -s "got named group: ffdhe8192(0104)" \
933 -s "Certificate verification was skipped" \
934 -C "received HelloRetryRequest message"
935
936requires_config_enabled MBEDTLS_SSL_SRV_C
937requires_config_enabled MBEDTLS_DEBUG_C
938requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
939requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
940requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
941requires_openssl_tls1_3
942requires_openssl_3_x
943run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
944 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
945 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
946 0 \
947 -s "Protocol is TLSv1.3" \
948 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
949 -s "received signature algorithm: 0x804" \
950 -s "got named group: ffdhe8192(0104)" \
951 -s "Certificate verification was skipped" \
952 -C "received HelloRetryRequest message"
953
954requires_config_enabled MBEDTLS_SSL_SRV_C
955requires_config_enabled MBEDTLS_DEBUG_C
956requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
957requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
958requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]959run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]960 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]961 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]962 0 \
963 -s "Protocol is TLSv1.3" \
964 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
965 -s "received signature algorithm: 0x403" \
966 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]967 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]968 -C "received HelloRetryRequest message"
969
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]970requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]971requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]972requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]973requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
974requires_openssl_tls1_3
975run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]976 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]977 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]978 0 \
979 -s "Protocol is TLSv1.3" \
980 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
981 -s "received signature algorithm: 0x503" \
982 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]983 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]984 -C "received HelloRetryRequest message"
985
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]986requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]987requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]988requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]989requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
990requires_openssl_tls1_3
991run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]992 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]993 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]994 0 \
995 -s "Protocol is TLSv1.3" \
996 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
997 -s "received signature algorithm: 0x603" \
998 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]999 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1000 -C "received HelloRetryRequest message"
1001
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1002requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1003requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1004requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1005requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1006requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1007requires_openssl_tls1_3
1008run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1009 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1010 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1011 0 \
1012 -s "Protocol is TLSv1.3" \
1013 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1014 -s "received signature algorithm: 0x804" \
1015 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1016 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1017 -C "received HelloRetryRequest message"
1018
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1019requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1020requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1021requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1022requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1023requires_openssl_tls1_3
1024run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1025 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1026 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1027 0 \
1028 -s "Protocol is TLSv1.3" \
1029 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1030 -s "received signature algorithm: 0x403" \
1031 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1032 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1033 -C "received HelloRetryRequest message"
1034
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1035requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1036requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1037requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1038requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1039requires_openssl_tls1_3
1040run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1041 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1042 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1043 0 \
1044 -s "Protocol is TLSv1.3" \
1045 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1046 -s "received signature algorithm: 0x503" \
1047 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1048 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1049 -C "received HelloRetryRequest message"
1050
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1051requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1052requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1053requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1054requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1055requires_openssl_tls1_3
1056run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1057 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1058 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1059 0 \
1060 -s "Protocol is TLSv1.3" \
1061 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1062 -s "received signature algorithm: 0x603" \
1063 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1064 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1065 -C "received HelloRetryRequest message"
1066
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1067requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1068requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1069requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1070requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1071requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1072requires_openssl_tls1_3
1073run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1074 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1075 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1076 0 \
1077 -s "Protocol is TLSv1.3" \
1078 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1079 -s "received signature algorithm: 0x804" \
1080 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1081 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1082 -C "received HelloRetryRequest message"
1083
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1084requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1085requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1086requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1087requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1088requires_openssl_tls1_3
1089run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1090 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1091 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1092 0 \
1093 -s "Protocol is TLSv1.3" \
1094 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1095 -s "received signature algorithm: 0x403" \
1096 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1097 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1098 -C "received HelloRetryRequest message"
1099
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1100requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1101requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1102requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1103requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1104requires_openssl_tls1_3
1105run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1106 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1107 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1108 0 \
1109 -s "Protocol is TLSv1.3" \
1110 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1111 -s "received signature algorithm: 0x503" \
1112 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1113 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1114 -C "received HelloRetryRequest message"
1115
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1116requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1117requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1118requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1119requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1120requires_openssl_tls1_3
1121run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1122 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1123 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1124 0 \
1125 -s "Protocol is TLSv1.3" \
1126 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1127 -s "received signature algorithm: 0x603" \
1128 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1129 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1130 -C "received HelloRetryRequest message"
1131
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1132requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1133requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1134requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1135requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1136requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1137requires_openssl_tls1_3
1138run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1139 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1140 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1141 0 \
1142 -s "Protocol is TLSv1.3" \
1143 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1144 -s "received signature algorithm: 0x804" \
1145 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1146 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1147 -C "received HelloRetryRequest message"
1148
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1149requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1150requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1151requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1152requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1153requires_openssl_tls1_3
1154run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1155 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1156 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1157 0 \
1158 -s "Protocol is TLSv1.3" \
1159 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1160 -s "received signature algorithm: 0x403" \
1161 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1162 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1163 -C "received HelloRetryRequest message"
1164
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1165requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1166requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1167requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1168requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1169requires_openssl_tls1_3
1170run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1171 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1172 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1173 0 \
1174 -s "Protocol is TLSv1.3" \
1175 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1176 -s "received signature algorithm: 0x503" \
1177 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1178 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1179 -C "received HelloRetryRequest message"
1180
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1181requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1182requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1183requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1184requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1185requires_openssl_tls1_3
1186run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1187 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1188 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1189 0 \
1190 -s "Protocol is TLSv1.3" \
1191 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1192 -s "received signature algorithm: 0x603" \
1193 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1194 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1195 -C "received HelloRetryRequest message"
1196
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1197requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1198requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1199requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1200requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1201requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1202requires_openssl_tls1_3
1203run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1204 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1205 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1206 0 \
1207 -s "Protocol is TLSv1.3" \
1208 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1209 -s "received signature algorithm: 0x804" \
1210 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1211 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1212 -C "received HelloRetryRequest message"
1213
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1214requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1215requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1216requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1217requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1218requires_openssl_tls1_3
1219run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1220 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1221 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1222 0 \
1223 -s "Protocol is TLSv1.3" \
1224 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1225 -s "received signature algorithm: 0x403" \
1226 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1227 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1228 -C "received HelloRetryRequest message"
1229
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1230requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1231requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1232requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1233requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1234requires_openssl_tls1_3
1235run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1236 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1237 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1238 0 \
1239 -s "Protocol is TLSv1.3" \
1240 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1241 -s "received signature algorithm: 0x503" \
1242 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1243 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1244 -C "received HelloRetryRequest message"
1245
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1246requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1247requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1248requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1249requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1250requires_openssl_tls1_3
1251run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1252 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1253 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1254 0 \
1255 -s "Protocol is TLSv1.3" \
1256 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1257 -s "received signature algorithm: 0x603" \
1258 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1259 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1260 -C "received HelloRetryRequest message"
1261
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1262requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1263requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1264requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1265requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1266requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1267requires_openssl_tls1_3
1268run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1269 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1270 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1271 0 \
1272 -s "Protocol is TLSv1.3" \
1273 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1274 -s "received signature algorithm: 0x804" \
1275 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1276 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1277 -C "received HelloRetryRequest message"
1278
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1279requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1280requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1281requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1282requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1283requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1284requires_openssl_3_x
1285run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
1286 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1287 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
1288 0 \
1289 -s "Protocol is TLSv1.3" \
1290 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1291 -s "received signature algorithm: 0x403" \
1292 -s "got named group: ffdhe2048(0100)" \
1293 -s "Certificate verification was skipped" \
1294 -C "received HelloRetryRequest message"
1295
1296requires_config_enabled MBEDTLS_SSL_SRV_C
1297requires_config_enabled MBEDTLS_DEBUG_C
1298requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1299requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1300requires_openssl_tls1_3
1301requires_openssl_3_x
1302run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
1303 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1304 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
1305 0 \
1306 -s "Protocol is TLSv1.3" \
1307 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1308 -s "received signature algorithm: 0x503" \
1309 -s "got named group: ffdhe2048(0100)" \
1310 -s "Certificate verification was skipped" \
1311 -C "received HelloRetryRequest message"
1312
1313requires_config_enabled MBEDTLS_SSL_SRV_C
1314requires_config_enabled MBEDTLS_DEBUG_C
1315requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1316requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1317requires_openssl_tls1_3
1318requires_openssl_3_x
1319run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
1320 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1321 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
1322 0 \
1323 -s "Protocol is TLSv1.3" \
1324 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1325 -s "received signature algorithm: 0x603" \
1326 -s "got named group: ffdhe2048(0100)" \
1327 -s "Certificate verification was skipped" \
1328 -C "received HelloRetryRequest message"
1329
1330requires_config_enabled MBEDTLS_SSL_SRV_C
1331requires_config_enabled MBEDTLS_DEBUG_C
1332requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1333requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1334requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1335requires_openssl_tls1_3
1336requires_openssl_3_x
1337run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
1338 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1339 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
1340 0 \
1341 -s "Protocol is TLSv1.3" \
1342 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1343 -s "received signature algorithm: 0x804" \
1344 -s "got named group: ffdhe2048(0100)" \
1345 -s "Certificate verification was skipped" \
1346 -C "received HelloRetryRequest message"
1347
1348requires_config_enabled MBEDTLS_SSL_SRV_C
1349requires_config_enabled MBEDTLS_DEBUG_C
1350requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1351requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1352requires_openssl_tls1_3
1353requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1354run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
1355 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1356 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
1357 0 \
1358 -s "Protocol is TLSv1.3" \
1359 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1360 -s "received signature algorithm: 0x403" \
1361 -s "got named group: ffdhe8192(0104)" \
1362 -s "Certificate verification was skipped" \
1363 -C "received HelloRetryRequest message"
1364
1365requires_config_enabled MBEDTLS_SSL_SRV_C
1366requires_config_enabled MBEDTLS_DEBUG_C
1367requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1368requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1369requires_openssl_tls1_3
1370requires_openssl_3_x
1371run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
1372 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1373 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
1374 0 \
1375 -s "Protocol is TLSv1.3" \
1376 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1377 -s "received signature algorithm: 0x503" \
1378 -s "got named group: ffdhe8192(0104)" \
1379 -s "Certificate verification was skipped" \
1380 -C "received HelloRetryRequest message"
1381
1382requires_config_enabled MBEDTLS_SSL_SRV_C
1383requires_config_enabled MBEDTLS_DEBUG_C
1384requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1385requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1386requires_openssl_tls1_3
1387requires_openssl_3_x
1388run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
1389 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1390 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
1391 0 \
1392 -s "Protocol is TLSv1.3" \
1393 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1394 -s "received signature algorithm: 0x603" \
1395 -s "got named group: ffdhe8192(0104)" \
1396 -s "Certificate verification was skipped" \
1397 -C "received HelloRetryRequest message"
1398
1399requires_config_enabled MBEDTLS_SSL_SRV_C
1400requires_config_enabled MBEDTLS_DEBUG_C
1401requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1402requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1403requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1404requires_openssl_tls1_3
1405requires_openssl_3_x
1406run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
1407 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1408 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
1409 0 \
1410 -s "Protocol is TLSv1.3" \
1411 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1412 -s "received signature algorithm: 0x804" \
1413 -s "got named group: ffdhe8192(0104)" \
1414 -s "Certificate verification was skipped" \
1415 -C "received HelloRetryRequest message"
1416
1417requires_config_enabled MBEDTLS_SSL_SRV_C
1418requires_config_enabled MBEDTLS_DEBUG_C
1419requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1420requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1421requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1422run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1423 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1424 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1425 0 \
1426 -s "Protocol is TLSv1.3" \
1427 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1428 -s "received signature algorithm: 0x403" \
1429 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1430 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1431 -C "received HelloRetryRequest message"
1432
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1433requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1434requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1435requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1436requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1437requires_openssl_tls1_3
1438run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1439 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1440 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1441 0 \
1442 -s "Protocol is TLSv1.3" \
1443 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1444 -s "received signature algorithm: 0x503" \
1445 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1446 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1447 -C "received HelloRetryRequest message"
1448
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1449requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1450requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1451requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1452requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1453requires_openssl_tls1_3
1454run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1455 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1456 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1457 0 \
1458 -s "Protocol is TLSv1.3" \
1459 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1460 -s "received signature algorithm: 0x603" \
1461 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1462 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1463 -C "received HelloRetryRequest message"
1464
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1465requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1466requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1467requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1468requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1469requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1470requires_openssl_tls1_3
1471run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1472 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1473 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1474 0 \
1475 -s "Protocol is TLSv1.3" \
1476 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1477 -s "received signature algorithm: 0x804" \
1478 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1479 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1480 -C "received HelloRetryRequest message"
1481
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1482requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1483requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1484requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1485requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1486requires_openssl_tls1_3
1487run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1488 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1489 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1490 0 \
1491 -s "Protocol is TLSv1.3" \
1492 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1493 -s "received signature algorithm: 0x403" \
1494 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1495 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1496 -C "received HelloRetryRequest message"
1497
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1498requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1499requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1500requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1501requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1502requires_openssl_tls1_3
1503run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1504 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1505 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1506 0 \
1507 -s "Protocol is TLSv1.3" \
1508 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1509 -s "received signature algorithm: 0x503" \
1510 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1511 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1512 -C "received HelloRetryRequest message"
1513
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1514requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1515requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1516requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1517requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1518requires_openssl_tls1_3
1519run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1520 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1521 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1522 0 \
1523 -s "Protocol is TLSv1.3" \
1524 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1525 -s "received signature algorithm: 0x603" \
1526 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1527 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1528 -C "received HelloRetryRequest message"
1529
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1530requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1531requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1532requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1533requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1534requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1535requires_openssl_tls1_3
1536run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1537 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1538 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1539 0 \
1540 -s "Protocol is TLSv1.3" \
1541 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1542 -s "received signature algorithm: 0x804" \
1543 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1544 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1545 -C "received HelloRetryRequest message"
1546
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1547requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1548requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1549requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1550requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1551requires_openssl_tls1_3
1552run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1553 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1554 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1555 0 \
1556 -s "Protocol is TLSv1.3" \
1557 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1558 -s "received signature algorithm: 0x403" \
1559 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1560 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1561 -C "received HelloRetryRequest message"
1562
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1563requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1564requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1565requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1566requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1567requires_openssl_tls1_3
1568run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1569 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1570 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1571 0 \
1572 -s "Protocol is TLSv1.3" \
1573 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1574 -s "received signature algorithm: 0x503" \
1575 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1576 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1577 -C "received HelloRetryRequest message"
1578
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1579requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1580requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1581requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1582requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1583requires_openssl_tls1_3
1584run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1585 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1586 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1587 0 \
1588 -s "Protocol is TLSv1.3" \
1589 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1590 -s "received signature algorithm: 0x603" \
1591 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1592 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1593 -C "received HelloRetryRequest message"
1594
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1595requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1596requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1597requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1598requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1599requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1600requires_openssl_tls1_3
1601run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1602 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1603 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1604 0 \
1605 -s "Protocol is TLSv1.3" \
1606 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1607 -s "received signature algorithm: 0x804" \
1608 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1609 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1610 -C "received HelloRetryRequest message"
1611
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1612requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1613requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1614requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1615requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1616requires_openssl_tls1_3
1617run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1618 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1619 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1620 0 \
1621 -s "Protocol is TLSv1.3" \
1622 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1623 -s "received signature algorithm: 0x403" \
1624 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1625 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1626 -C "received HelloRetryRequest message"
1627
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1628requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1629requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1630requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1631requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1632requires_openssl_tls1_3
1633run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1634 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1635 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1636 0 \
1637 -s "Protocol is TLSv1.3" \
1638 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1639 -s "received signature algorithm: 0x503" \
1640 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1641 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1642 -C "received HelloRetryRequest message"
1643
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1644requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1645requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1646requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1647requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1648requires_openssl_tls1_3
1649run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1650 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1651 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1652 0 \
1653 -s "Protocol is TLSv1.3" \
1654 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1655 -s "received signature algorithm: 0x603" \
1656 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1657 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1658 -C "received HelloRetryRequest message"
1659
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1660requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1661requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1662requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1663requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1664requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1665requires_openssl_tls1_3
1666run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1667 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1668 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1669 0 \
1670 -s "Protocol is TLSv1.3" \
1671 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1672 -s "received signature algorithm: 0x804" \
1673 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1674 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1675 -C "received HelloRetryRequest message"
1676
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1677requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1678requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1679requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1680requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1681requires_openssl_tls1_3
1682run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1683 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1684 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1685 0 \
1686 -s "Protocol is TLSv1.3" \
1687 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1688 -s "received signature algorithm: 0x403" \
1689 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1690 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1691 -C "received HelloRetryRequest message"
1692
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1693requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1694requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1695requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1696requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1697requires_openssl_tls1_3
1698run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1699 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1700 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1701 0 \
1702 -s "Protocol is TLSv1.3" \
1703 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1704 -s "received signature algorithm: 0x503" \
1705 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1706 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1707 -C "received HelloRetryRequest message"
1708
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1709requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1710requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1711requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1712requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1713requires_openssl_tls1_3
1714run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1715 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1716 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1717 0 \
1718 -s "Protocol is TLSv1.3" \
1719 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1720 -s "received signature algorithm: 0x603" \
1721 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1722 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1723 -C "received HelloRetryRequest message"
1724
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1725requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1726requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1727requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1728requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1729requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1730requires_openssl_tls1_3
1731run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1732 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1733 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1734 0 \
1735 -s "Protocol is TLSv1.3" \
1736 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1737 -s "received signature algorithm: 0x804" \
1738 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1739 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1740 -C "received HelloRetryRequest message"
1741
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1742requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1743requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1744requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1745requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1746requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1747requires_openssl_3_x
1748run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
1749 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1750 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
1751 0 \
1752 -s "Protocol is TLSv1.3" \
1753 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1754 -s "received signature algorithm: 0x403" \
1755 -s "got named group: ffdhe2048(0100)" \
1756 -s "Certificate verification was skipped" \
1757 -C "received HelloRetryRequest message"
1758
1759requires_config_enabled MBEDTLS_SSL_SRV_C
1760requires_config_enabled MBEDTLS_DEBUG_C
1761requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1762requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1763requires_openssl_tls1_3
1764requires_openssl_3_x
1765run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
1766 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1767 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
1768 0 \
1769 -s "Protocol is TLSv1.3" \
1770 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1771 -s "received signature algorithm: 0x503" \
1772 -s "got named group: ffdhe2048(0100)" \
1773 -s "Certificate verification was skipped" \
1774 -C "received HelloRetryRequest message"
1775
1776requires_config_enabled MBEDTLS_SSL_SRV_C
1777requires_config_enabled MBEDTLS_DEBUG_C
1778requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1779requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1780requires_openssl_tls1_3
1781requires_openssl_3_x
1782run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
1783 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1784 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
1785 0 \
1786 -s "Protocol is TLSv1.3" \
1787 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1788 -s "received signature algorithm: 0x603" \
1789 -s "got named group: ffdhe2048(0100)" \
1790 -s "Certificate verification was skipped" \
1791 -C "received HelloRetryRequest message"
1792
1793requires_config_enabled MBEDTLS_SSL_SRV_C
1794requires_config_enabled MBEDTLS_DEBUG_C
1795requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1796requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1797requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1798requires_openssl_tls1_3
1799requires_openssl_3_x
1800run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
1801 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1802 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
1803 0 \
1804 -s "Protocol is TLSv1.3" \
1805 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1806 -s "received signature algorithm: 0x804" \
1807 -s "got named group: ffdhe2048(0100)" \
1808 -s "Certificate verification was skipped" \
1809 -C "received HelloRetryRequest message"
1810
1811requires_config_enabled MBEDTLS_SSL_SRV_C
1812requires_config_enabled MBEDTLS_DEBUG_C
1813requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1814requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1815requires_openssl_tls1_3
1816requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1817run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
1818 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1819 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
1820 0 \
1821 -s "Protocol is TLSv1.3" \
1822 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1823 -s "received signature algorithm: 0x403" \
1824 -s "got named group: ffdhe8192(0104)" \
1825 -s "Certificate verification was skipped" \
1826 -C "received HelloRetryRequest message"
1827
1828requires_config_enabled MBEDTLS_SSL_SRV_C
1829requires_config_enabled MBEDTLS_DEBUG_C
1830requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1831requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1832requires_openssl_tls1_3
1833requires_openssl_3_x
1834run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
1835 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1836 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
1837 0 \
1838 -s "Protocol is TLSv1.3" \
1839 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1840 -s "received signature algorithm: 0x503" \
1841 -s "got named group: ffdhe8192(0104)" \
1842 -s "Certificate verification was skipped" \
1843 -C "received HelloRetryRequest message"
1844
1845requires_config_enabled MBEDTLS_SSL_SRV_C
1846requires_config_enabled MBEDTLS_DEBUG_C
1847requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1848requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1849requires_openssl_tls1_3
1850requires_openssl_3_x
1851run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
1852 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1853 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
1854 0 \
1855 -s "Protocol is TLSv1.3" \
1856 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1857 -s "received signature algorithm: 0x603" \
1858 -s "got named group: ffdhe8192(0104)" \
1859 -s "Certificate verification was skipped" \
1860 -C "received HelloRetryRequest message"
1861
1862requires_config_enabled MBEDTLS_SSL_SRV_C
1863requires_config_enabled MBEDTLS_DEBUG_C
1864requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1865requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1866requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1867requires_openssl_tls1_3
1868requires_openssl_3_x
1869run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
1870 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1871 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
1872 0 \
1873 -s "Protocol is TLSv1.3" \
1874 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1875 -s "received signature algorithm: 0x804" \
1876 -s "got named group: ffdhe8192(0104)" \
1877 -s "Certificate verification was skipped" \
1878 -C "received HelloRetryRequest message"
1879
1880requires_config_enabled MBEDTLS_SSL_SRV_C
1881requires_config_enabled MBEDTLS_DEBUG_C
1882requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1883requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1884requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1885run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1886 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1887 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1888 0 \
1889 -s "Protocol is TLSv1.3" \
1890 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1891 -s "received signature algorithm: 0x403" \
1892 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1893 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1894 -C "received HelloRetryRequest message"
1895
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1896requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1897requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1898requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1899requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1900requires_openssl_tls1_3
1901run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1902 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1903 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1904 0 \
1905 -s "Protocol is TLSv1.3" \
1906 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1907 -s "received signature algorithm: 0x503" \
1908 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1909 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1910 -C "received HelloRetryRequest message"
1911
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1912requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1913requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1914requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1915requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1916requires_openssl_tls1_3
1917run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1918 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1919 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1920 0 \
1921 -s "Protocol is TLSv1.3" \
1922 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1923 -s "received signature algorithm: 0x603" \
1924 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1925 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1926 -C "received HelloRetryRequest message"
1927
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1928requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1929requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1930requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1931requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1932requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1933requires_openssl_tls1_3
1934run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1935 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1936 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1937 0 \
1938 -s "Protocol is TLSv1.3" \
1939 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1940 -s "received signature algorithm: 0x804" \
1941 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1942 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1943 -C "received HelloRetryRequest message"
1944
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1945requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1946requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1947requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1948requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1949requires_openssl_tls1_3
1950run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1951 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1952 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1953 0 \
1954 -s "Protocol is TLSv1.3" \
1955 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1956 -s "received signature algorithm: 0x403" \
1957 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1958 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1959 -C "received HelloRetryRequest message"
1960
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1961requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1962requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1963requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1964requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1965requires_openssl_tls1_3
1966run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1967 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1968 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1969 0 \
1970 -s "Protocol is TLSv1.3" \
1971 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1972 -s "received signature algorithm: 0x503" \
1973 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1974 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1975 -C "received HelloRetryRequest message"
1976
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1977requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1978requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1979requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1980requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1981requires_openssl_tls1_3
1982run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1983 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1984 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1985 0 \
1986 -s "Protocol is TLSv1.3" \
1987 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1988 -s "received signature algorithm: 0x603" \
1989 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1990 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1991 -C "received HelloRetryRequest message"
1992
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1993requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1994requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1995requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1996requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1997requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1998requires_openssl_tls1_3
1999run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2000 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2001 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2002 0 \
2003 -s "Protocol is TLSv1.3" \
2004 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2005 -s "received signature algorithm: 0x804" \
2006 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2007 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2008 -C "received HelloRetryRequest message"
2009
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2010requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2011requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2012requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2013requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2014requires_openssl_tls1_3
2015run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2016 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2017 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2018 0 \
2019 -s "Protocol is TLSv1.3" \
2020 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2021 -s "received signature algorithm: 0x403" \
2022 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2023 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2024 -C "received HelloRetryRequest message"
2025
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2026requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2027requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2028requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2029requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2030requires_openssl_tls1_3
2031run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2032 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2033 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2034 0 \
2035 -s "Protocol is TLSv1.3" \
2036 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2037 -s "received signature algorithm: 0x503" \
2038 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2039 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2040 -C "received HelloRetryRequest message"
2041
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2042requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2043requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2044requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2045requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2046requires_openssl_tls1_3
2047run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2048 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2049 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2050 0 \
2051 -s "Protocol is TLSv1.3" \
2052 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2053 -s "received signature algorithm: 0x603" \
2054 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2055 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2056 -C "received HelloRetryRequest message"
2057
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2058requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2059requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2060requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2061requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2062requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2063requires_openssl_tls1_3
2064run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2065 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2066 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2067 0 \
2068 -s "Protocol is TLSv1.3" \
2069 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2070 -s "received signature algorithm: 0x804" \
2071 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2072 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2073 -C "received HelloRetryRequest message"
2074
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2075requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2076requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2077requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2078requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2079requires_openssl_tls1_3
2080run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2081 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2082 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2083 0 \
2084 -s "Protocol is TLSv1.3" \
2085 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2086 -s "received signature algorithm: 0x403" \
2087 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2088 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2089 -C "received HelloRetryRequest message"
2090
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2091requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2092requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2093requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2094requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2095requires_openssl_tls1_3
2096run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2097 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2098 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2099 0 \
2100 -s "Protocol is TLSv1.3" \
2101 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2102 -s "received signature algorithm: 0x503" \
2103 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2104 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2105 -C "received HelloRetryRequest message"
2106
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2107requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2108requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2109requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2110requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2111requires_openssl_tls1_3
2112run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2113 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2114 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2115 0 \
2116 -s "Protocol is TLSv1.3" \
2117 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2118 -s "received signature algorithm: 0x603" \
2119 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2120 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2121 -C "received HelloRetryRequest message"
2122
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2123requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2124requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2125requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2126requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2127requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2128requires_openssl_tls1_3
2129run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2130 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2131 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2132 0 \
2133 -s "Protocol is TLSv1.3" \
2134 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2135 -s "received signature algorithm: 0x804" \
2136 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2137 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2138 -C "received HelloRetryRequest message"
2139
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2140requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2141requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2142requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2143requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2144requires_openssl_tls1_3
2145run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2146 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2147 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2148 0 \
2149 -s "Protocol is TLSv1.3" \
2150 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2151 -s "received signature algorithm: 0x403" \
2152 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2153 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2154 -C "received HelloRetryRequest message"
2155
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2156requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2157requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2158requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2159requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2160requires_openssl_tls1_3
2161run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2162 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2163 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2164 0 \
2165 -s "Protocol is TLSv1.3" \
2166 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2167 -s "received signature algorithm: 0x503" \
2168 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2169 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2170 -C "received HelloRetryRequest message"
2171
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2172requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2173requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2174requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2175requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2176requires_openssl_tls1_3
2177run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2178 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2179 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2180 0 \
2181 -s "Protocol is TLSv1.3" \
2182 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2183 -s "received signature algorithm: 0x603" \
2184 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2185 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2186 -C "received HelloRetryRequest message"
2187
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2188requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2189requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2190requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2191requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2192requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2193requires_openssl_tls1_3
2194run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2195 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2196 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2197 0 \
2198 -s "Protocol is TLSv1.3" \
2199 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2200 -s "received signature algorithm: 0x804" \
2201 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2202 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2203 -C "received HelloRetryRequest message"
2204
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2205requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2206requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2207requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2208requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2209requires_openssl_tls1_3
2210requires_openssl_3_x
2211run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
2212 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2213 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
2214 0 \
2215 -s "Protocol is TLSv1.3" \
2216 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2217 -s "received signature algorithm: 0x403" \
2218 -s "got named group: ffdhe2048(0100)" \
2219 -s "Certificate verification was skipped" \
2220 -C "received HelloRetryRequest message"
2221
2222requires_config_enabled MBEDTLS_SSL_SRV_C
2223requires_config_enabled MBEDTLS_DEBUG_C
2224requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2225requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2226requires_openssl_tls1_3
2227requires_openssl_3_x
2228run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
2229 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2230 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
2231 0 \
2232 -s "Protocol is TLSv1.3" \
2233 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2234 -s "received signature algorithm: 0x503" \
2235 -s "got named group: ffdhe2048(0100)" \
2236 -s "Certificate verification was skipped" \
2237 -C "received HelloRetryRequest message"
2238
2239requires_config_enabled MBEDTLS_SSL_SRV_C
2240requires_config_enabled MBEDTLS_DEBUG_C
2241requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2242requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2243requires_openssl_tls1_3
2244requires_openssl_3_x
2245run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
2246 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2247 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
2248 0 \
2249 -s "Protocol is TLSv1.3" \
2250 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2251 -s "received signature algorithm: 0x603" \
2252 -s "got named group: ffdhe2048(0100)" \
2253 -s "Certificate verification was skipped" \
2254 -C "received HelloRetryRequest message"
2255
2256requires_config_enabled MBEDTLS_SSL_SRV_C
2257requires_config_enabled MBEDTLS_DEBUG_C
2258requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2259requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2260requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2261requires_openssl_tls1_3
2262requires_openssl_3_x
2263run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
2264 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2265 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
2266 0 \
2267 -s "Protocol is TLSv1.3" \
2268 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2269 -s "received signature algorithm: 0x804" \
2270 -s "got named group: ffdhe2048(0100)" \
2271 -s "Certificate verification was skipped" \
2272 -C "received HelloRetryRequest message"
2273
2274requires_config_enabled MBEDTLS_SSL_SRV_C
2275requires_config_enabled MBEDTLS_DEBUG_C
2276requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2277requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2278requires_openssl_tls1_3
2279requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2280run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
2281 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2282 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
2283 0 \
2284 -s "Protocol is TLSv1.3" \
2285 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2286 -s "received signature algorithm: 0x403" \
2287 -s "got named group: ffdhe8192(0104)" \
2288 -s "Certificate verification was skipped" \
2289 -C "received HelloRetryRequest message"
2290
2291requires_config_enabled MBEDTLS_SSL_SRV_C
2292requires_config_enabled MBEDTLS_DEBUG_C
2293requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2294requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2295requires_openssl_tls1_3
2296requires_openssl_3_x
2297run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
2298 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2299 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
2300 0 \
2301 -s "Protocol is TLSv1.3" \
2302 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2303 -s "received signature algorithm: 0x503" \
2304 -s "got named group: ffdhe8192(0104)" \
2305 -s "Certificate verification was skipped" \
2306 -C "received HelloRetryRequest message"
2307
2308requires_config_enabled MBEDTLS_SSL_SRV_C
2309requires_config_enabled MBEDTLS_DEBUG_C
2310requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2311requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2312requires_openssl_tls1_3
2313requires_openssl_3_x
2314run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
2315 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2316 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
2317 0 \
2318 -s "Protocol is TLSv1.3" \
2319 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2320 -s "received signature algorithm: 0x603" \
2321 -s "got named group: ffdhe8192(0104)" \
2322 -s "Certificate verification was skipped" \
2323 -C "received HelloRetryRequest message"
2324
2325requires_config_enabled MBEDTLS_SSL_SRV_C
2326requires_config_enabled MBEDTLS_DEBUG_C
2327requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2328requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2329requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2330requires_openssl_tls1_3
2331requires_openssl_3_x
2332run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
2333 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2334 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
2335 0 \
2336 -s "Protocol is TLSv1.3" \
2337 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2338 -s "received signature algorithm: 0x804" \
2339 -s "got named group: ffdhe8192(0104)" \
2340 -s "Certificate verification was skipped" \
2341 -C "received HelloRetryRequest message"
2342
2343requires_config_enabled MBEDTLS_SSL_SRV_C
2344requires_config_enabled MBEDTLS_DEBUG_C
2345requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2346requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2347requires_gnutls_tls1_3
2348requires_gnutls_next_no_ticket
2349requires_gnutls_next_disable_tls13_compat
2350run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2351 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2352 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2353 0 \
2354 -s "Protocol is TLSv1.3" \
2355 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2356 -s "received signature algorithm: 0x403" \
2357 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2358 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2359 -C "received HelloRetryRequest message"
2360
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2361requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2362requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2363requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2364requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2365requires_gnutls_tls1_3
2366requires_gnutls_next_no_ticket
2367requires_gnutls_next_disable_tls13_compat
2368run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2369 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2370 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2371 0 \
2372 -s "Protocol is TLSv1.3" \
2373 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2374 -s "received signature algorithm: 0x503" \
2375 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2376 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2377 -C "received HelloRetryRequest message"
2378
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2379requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2380requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2381requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2382requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2383requires_gnutls_tls1_3
2384requires_gnutls_next_no_ticket
2385requires_gnutls_next_disable_tls13_compat
2386run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2387 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2388 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2389 0 \
2390 -s "Protocol is TLSv1.3" \
2391 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2392 -s "received signature algorithm: 0x603" \
2393 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2394 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2395 -C "received HelloRetryRequest message"
2396
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2397requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2398requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2399requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2400requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2401requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2402requires_gnutls_tls1_3
2403requires_gnutls_next_no_ticket
2404requires_gnutls_next_disable_tls13_compat
2405run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2406 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2407 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2408 0 \
2409 -s "Protocol is TLSv1.3" \
2410 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2411 -s "received signature algorithm: 0x804" \
2412 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2413 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2414 -C "received HelloRetryRequest message"
2415
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2416requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2417requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2418requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2419requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2420requires_gnutls_tls1_3
2421requires_gnutls_next_no_ticket
2422requires_gnutls_next_disable_tls13_compat
2423run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2424 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2425 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2426 0 \
2427 -s "Protocol is TLSv1.3" \
2428 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2429 -s "received signature algorithm: 0x403" \
2430 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2431 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2432 -C "received HelloRetryRequest message"
2433
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2434requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2435requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2436requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2437requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2438requires_gnutls_tls1_3
2439requires_gnutls_next_no_ticket
2440requires_gnutls_next_disable_tls13_compat
2441run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2442 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2443 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2444 0 \
2445 -s "Protocol is TLSv1.3" \
2446 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2447 -s "received signature algorithm: 0x503" \
2448 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2449 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2450 -C "received HelloRetryRequest message"
2451
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2452requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2453requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2454requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2455requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2456requires_gnutls_tls1_3
2457requires_gnutls_next_no_ticket
2458requires_gnutls_next_disable_tls13_compat
2459run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2460 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2461 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2462 0 \
2463 -s "Protocol is TLSv1.3" \
2464 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2465 -s "received signature algorithm: 0x603" \
2466 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2467 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2468 -C "received HelloRetryRequest message"
2469
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2470requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2471requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2472requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2473requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2474requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2475requires_gnutls_tls1_3
2476requires_gnutls_next_no_ticket
2477requires_gnutls_next_disable_tls13_compat
2478run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2479 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2480 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2481 0 \
2482 -s "Protocol is TLSv1.3" \
2483 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2484 -s "received signature algorithm: 0x804" \
2485 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2486 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2487 -C "received HelloRetryRequest message"
2488
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2489requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2490requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2491requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2492requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2493requires_gnutls_tls1_3
2494requires_gnutls_next_no_ticket
2495requires_gnutls_next_disable_tls13_compat
2496run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2497 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2498 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2499 0 \
2500 -s "Protocol is TLSv1.3" \
2501 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2502 -s "received signature algorithm: 0x403" \
2503 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2504 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2505 -C "received HelloRetryRequest message"
2506
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2507requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2508requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2509requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2510requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2511requires_gnutls_tls1_3
2512requires_gnutls_next_no_ticket
2513requires_gnutls_next_disable_tls13_compat
2514run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2515 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2516 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2517 0 \
2518 -s "Protocol is TLSv1.3" \
2519 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2520 -s "received signature algorithm: 0x503" \
2521 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2522 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2523 -C "received HelloRetryRequest message"
2524
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2525requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2526requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2527requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2528requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2529requires_gnutls_tls1_3
2530requires_gnutls_next_no_ticket
2531requires_gnutls_next_disable_tls13_compat
2532run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2533 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2534 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2535 0 \
2536 -s "Protocol is TLSv1.3" \
2537 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2538 -s "received signature algorithm: 0x603" \
2539 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2540 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2541 -C "received HelloRetryRequest message"
2542
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2543requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2544requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2545requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2546requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2547requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2548requires_gnutls_tls1_3
2549requires_gnutls_next_no_ticket
2550requires_gnutls_next_disable_tls13_compat
2551run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2552 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2553 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2554 0 \
2555 -s "Protocol is TLSv1.3" \
2556 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2557 -s "received signature algorithm: 0x804" \
2558 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2559 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2560 -C "received HelloRetryRequest message"
2561
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2562requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2563requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2564requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2565requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2566requires_gnutls_tls1_3
2567requires_gnutls_next_no_ticket
2568requires_gnutls_next_disable_tls13_compat
2569run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2570 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2571 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2572 0 \
2573 -s "Protocol is TLSv1.3" \
2574 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2575 -s "received signature algorithm: 0x403" \
2576 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2577 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2578 -C "received HelloRetryRequest message"
2579
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2580requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2581requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2582requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2583requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2584requires_gnutls_tls1_3
2585requires_gnutls_next_no_ticket
2586requires_gnutls_next_disable_tls13_compat
2587run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2588 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2589 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2590 0 \
2591 -s "Protocol is TLSv1.3" \
2592 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2593 -s "received signature algorithm: 0x503" \
2594 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2595 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2596 -C "received HelloRetryRequest message"
2597
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2598requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2599requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2600requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2601requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2602requires_gnutls_tls1_3
2603requires_gnutls_next_no_ticket
2604requires_gnutls_next_disable_tls13_compat
2605run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2606 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2607 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2608 0 \
2609 -s "Protocol is TLSv1.3" \
2610 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2611 -s "received signature algorithm: 0x603" \
2612 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2613 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2614 -C "received HelloRetryRequest message"
2615
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2616requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2617requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2618requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2619requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2620requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2621requires_gnutls_tls1_3
2622requires_gnutls_next_no_ticket
2623requires_gnutls_next_disable_tls13_compat
2624run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2625 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2626 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2627 0 \
2628 -s "Protocol is TLSv1.3" \
2629 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2630 -s "received signature algorithm: 0x804" \
2631 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2632 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2633 -C "received HelloRetryRequest message"
2634
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2635requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2636requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2637requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2638requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2639requires_gnutls_tls1_3
2640requires_gnutls_next_no_ticket
2641requires_gnutls_next_disable_tls13_compat
2642run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2643 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2644 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2645 0 \
2646 -s "Protocol is TLSv1.3" \
2647 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2648 -s "received signature algorithm: 0x403" \
2649 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2650 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2651 -C "received HelloRetryRequest message"
2652
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2653requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2654requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2655requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2656requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2657requires_gnutls_tls1_3
2658requires_gnutls_next_no_ticket
2659requires_gnutls_next_disable_tls13_compat
2660run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2661 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2662 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2663 0 \
2664 -s "Protocol is TLSv1.3" \
2665 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2666 -s "received signature algorithm: 0x503" \
2667 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2668 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2669 -C "received HelloRetryRequest message"
2670
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2671requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2672requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2673requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2674requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2675requires_gnutls_tls1_3
2676requires_gnutls_next_no_ticket
2677requires_gnutls_next_disable_tls13_compat
2678run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2679 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2680 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2681 0 \
2682 -s "Protocol is TLSv1.3" \
2683 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2684 -s "received signature algorithm: 0x603" \
2685 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2686 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2687 -C "received HelloRetryRequest message"
2688
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2689requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2690requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2691requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2692requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2693requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2694requires_gnutls_tls1_3
2695requires_gnutls_next_no_ticket
2696requires_gnutls_next_disable_tls13_compat
2697run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2698 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2699 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2700 0 \
2701 -s "Protocol is TLSv1.3" \
2702 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2703 -s "received signature algorithm: 0x804" \
2704 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2705 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2706 -C "received HelloRetryRequest message"
2707
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2708requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2709requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2710requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2711requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2712requires_gnutls_tls1_3
2713requires_gnutls_next_no_ticket
2714requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2715run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
2716 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2717 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
2718 0 \
2719 -s "Protocol is TLSv1.3" \
2720 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2721 -s "received signature algorithm: 0x403" \
2722 -s "got named group: ffdhe2048(0100)" \
2723 -s "Certificate verification was skipped" \
2724 -C "received HelloRetryRequest message"
2725
2726requires_config_enabled MBEDTLS_SSL_SRV_C
2727requires_config_enabled MBEDTLS_DEBUG_C
2728requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2729requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2730requires_gnutls_tls1_3
2731requires_gnutls_next_no_ticket
2732requires_gnutls_next_disable_tls13_compat
2733run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
2734 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2735 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
2736 0 \
2737 -s "Protocol is TLSv1.3" \
2738 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2739 -s "received signature algorithm: 0x503" \
2740 -s "got named group: ffdhe2048(0100)" \
2741 -s "Certificate verification was skipped" \
2742 -C "received HelloRetryRequest message"
2743
2744requires_config_enabled MBEDTLS_SSL_SRV_C
2745requires_config_enabled MBEDTLS_DEBUG_C
2746requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2747requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2748requires_gnutls_tls1_3
2749requires_gnutls_next_no_ticket
2750requires_gnutls_next_disable_tls13_compat
2751run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
2752 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2753 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
2754 0 \
2755 -s "Protocol is TLSv1.3" \
2756 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2757 -s "received signature algorithm: 0x603" \
2758 -s "got named group: ffdhe2048(0100)" \
2759 -s "Certificate verification was skipped" \
2760 -C "received HelloRetryRequest message"
2761
2762requires_config_enabled MBEDTLS_SSL_SRV_C
2763requires_config_enabled MBEDTLS_DEBUG_C
2764requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2765requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2766requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2767requires_gnutls_tls1_3
2768requires_gnutls_next_no_ticket
2769requires_gnutls_next_disable_tls13_compat
2770run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
2771 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2772 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
2773 0 \
2774 -s "Protocol is TLSv1.3" \
2775 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2776 -s "received signature algorithm: 0x804" \
2777 -s "got named group: ffdhe2048(0100)" \
2778 -s "Certificate verification was skipped" \
2779 -C "received HelloRetryRequest message"
2780
2781requires_config_enabled MBEDTLS_SSL_SRV_C
2782requires_config_enabled MBEDTLS_DEBUG_C
2783requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2784requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2785requires_gnutls_tls1_3
2786requires_gnutls_next_no_ticket
2787requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2788run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
2789 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2790 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
2791 0 \
2792 -s "Protocol is TLSv1.3" \
2793 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2794 -s "received signature algorithm: 0x403" \
2795 -s "got named group: ffdhe8192(0104)" \
2796 -s "Certificate verification was skipped" \
2797 -C "received HelloRetryRequest message"
2798
2799requires_config_enabled MBEDTLS_SSL_SRV_C
2800requires_config_enabled MBEDTLS_DEBUG_C
2801requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2802requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2803requires_gnutls_tls1_3
2804requires_gnutls_next_no_ticket
2805requires_gnutls_next_disable_tls13_compat
2806run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
2807 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2808 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
2809 0 \
2810 -s "Protocol is TLSv1.3" \
2811 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2812 -s "received signature algorithm: 0x503" \
2813 -s "got named group: ffdhe8192(0104)" \
2814 -s "Certificate verification was skipped" \
2815 -C "received HelloRetryRequest message"
2816
2817requires_config_enabled MBEDTLS_SSL_SRV_C
2818requires_config_enabled MBEDTLS_DEBUG_C
2819requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2820requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2821requires_gnutls_tls1_3
2822requires_gnutls_next_no_ticket
2823requires_gnutls_next_disable_tls13_compat
2824run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
2825 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2826 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
2827 0 \
2828 -s "Protocol is TLSv1.3" \
2829 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2830 -s "received signature algorithm: 0x603" \
2831 -s "got named group: ffdhe8192(0104)" \
2832 -s "Certificate verification was skipped" \
2833 -C "received HelloRetryRequest message"
2834
2835requires_config_enabled MBEDTLS_SSL_SRV_C
2836requires_config_enabled MBEDTLS_DEBUG_C
2837requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2838requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2839requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2840requires_gnutls_tls1_3
2841requires_gnutls_next_no_ticket
2842requires_gnutls_next_disable_tls13_compat
2843run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
2844 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2845 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
2846 0 \
2847 -s "Protocol is TLSv1.3" \
2848 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2849 -s "received signature algorithm: 0x804" \
2850 -s "got named group: ffdhe8192(0104)" \
2851 -s "Certificate verification was skipped" \
2852 -C "received HelloRetryRequest message"
2853
2854requires_config_enabled MBEDTLS_SSL_SRV_C
2855requires_config_enabled MBEDTLS_DEBUG_C
2856requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2857requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2858requires_gnutls_tls1_3
2859requires_gnutls_next_no_ticket
2860requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2861run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2862 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2863 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2864 0 \
2865 -s "Protocol is TLSv1.3" \
2866 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2867 -s "received signature algorithm: 0x403" \
2868 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2869 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2870 -C "received HelloRetryRequest message"
2871
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2872requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2873requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2874requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2875requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2876requires_gnutls_tls1_3
2877requires_gnutls_next_no_ticket
2878requires_gnutls_next_disable_tls13_compat
2879run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2880 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2881 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2882 0 \
2883 -s "Protocol is TLSv1.3" \
2884 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2885 -s "received signature algorithm: 0x503" \
2886 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2887 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2888 -C "received HelloRetryRequest message"
2889
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2890requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2891requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2892requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2893requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2894requires_gnutls_tls1_3
2895requires_gnutls_next_no_ticket
2896requires_gnutls_next_disable_tls13_compat
2897run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2898 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2899 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2900 0 \
2901 -s "Protocol is TLSv1.3" \
2902 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2903 -s "received signature algorithm: 0x603" \
2904 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2905 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2906 -C "received HelloRetryRequest message"
2907
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2908requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2909requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2910requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2911requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2912requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2913requires_gnutls_tls1_3
2914requires_gnutls_next_no_ticket
2915requires_gnutls_next_disable_tls13_compat
2916run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2917 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2918 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2919 0 \
2920 -s "Protocol is TLSv1.3" \
2921 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2922 -s "received signature algorithm: 0x804" \
2923 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2924 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2925 -C "received HelloRetryRequest message"
2926
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2927requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2928requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2929requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2930requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2931requires_gnutls_tls1_3
2932requires_gnutls_next_no_ticket
2933requires_gnutls_next_disable_tls13_compat
2934run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2935 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2936 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2937 0 \
2938 -s "Protocol is TLSv1.3" \
2939 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2940 -s "received signature algorithm: 0x403" \
2941 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2942 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2943 -C "received HelloRetryRequest message"
2944
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2945requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2946requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2947requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2948requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2949requires_gnutls_tls1_3
2950requires_gnutls_next_no_ticket
2951requires_gnutls_next_disable_tls13_compat
2952run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2953 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2954 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2955 0 \
2956 -s "Protocol is TLSv1.3" \
2957 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2958 -s "received signature algorithm: 0x503" \
2959 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2960 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2961 -C "received HelloRetryRequest message"
2962
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2963requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2964requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2965requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2966requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2967requires_gnutls_tls1_3
2968requires_gnutls_next_no_ticket
2969requires_gnutls_next_disable_tls13_compat
2970run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2971 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2972 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2973 0 \
2974 -s "Protocol is TLSv1.3" \
2975 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2976 -s "received signature algorithm: 0x603" \
2977 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2978 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2979 -C "received HelloRetryRequest message"
2980
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2981requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2982requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2983requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2984requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2985requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2986requires_gnutls_tls1_3
2987requires_gnutls_next_no_ticket
2988requires_gnutls_next_disable_tls13_compat
2989run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2990 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2991 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2992 0 \
2993 -s "Protocol is TLSv1.3" \
2994 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2995 -s "received signature algorithm: 0x804" \
2996 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2997 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2998 -C "received HelloRetryRequest message"
2999
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3000requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3001requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3002requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3003requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3004requires_gnutls_tls1_3
3005requires_gnutls_next_no_ticket
3006requires_gnutls_next_disable_tls13_compat
3007run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3008 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3009 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3010 0 \
3011 -s "Protocol is TLSv1.3" \
3012 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3013 -s "received signature algorithm: 0x403" \
3014 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3015 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3016 -C "received HelloRetryRequest message"
3017
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3018requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3019requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3020requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3021requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3022requires_gnutls_tls1_3
3023requires_gnutls_next_no_ticket
3024requires_gnutls_next_disable_tls13_compat
3025run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3026 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3027 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3028 0 \
3029 -s "Protocol is TLSv1.3" \
3030 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3031 -s "received signature algorithm: 0x503" \
3032 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3033 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3034 -C "received HelloRetryRequest message"
3035
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3036requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3037requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3038requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3039requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3040requires_gnutls_tls1_3
3041requires_gnutls_next_no_ticket
3042requires_gnutls_next_disable_tls13_compat
3043run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3044 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3045 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3046 0 \
3047 -s "Protocol is TLSv1.3" \
3048 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3049 -s "received signature algorithm: 0x603" \
3050 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3051 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3052 -C "received HelloRetryRequest message"
3053
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3054requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3055requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3056requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3057requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3058requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3059requires_gnutls_tls1_3
3060requires_gnutls_next_no_ticket
3061requires_gnutls_next_disable_tls13_compat
3062run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3063 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3064 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3065 0 \
3066 -s "Protocol is TLSv1.3" \
3067 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3068 -s "received signature algorithm: 0x804" \
3069 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3070 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3071 -C "received HelloRetryRequest message"
3072
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3073requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3074requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3075requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3076requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3077requires_gnutls_tls1_3
3078requires_gnutls_next_no_ticket
3079requires_gnutls_next_disable_tls13_compat
3080run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3081 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3082 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3083 0 \
3084 -s "Protocol is TLSv1.3" \
3085 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3086 -s "received signature algorithm: 0x403" \
3087 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3088 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3089 -C "received HelloRetryRequest message"
3090
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3091requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3092requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3093requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3094requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3095requires_gnutls_tls1_3
3096requires_gnutls_next_no_ticket
3097requires_gnutls_next_disable_tls13_compat
3098run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3099 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3100 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3101 0 \
3102 -s "Protocol is TLSv1.3" \
3103 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3104 -s "received signature algorithm: 0x503" \
3105 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3106 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3107 -C "received HelloRetryRequest message"
3108
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3109requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3110requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3111requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3112requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3113requires_gnutls_tls1_3
3114requires_gnutls_next_no_ticket
3115requires_gnutls_next_disable_tls13_compat
3116run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3117 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3118 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3119 0 \
3120 -s "Protocol is TLSv1.3" \
3121 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3122 -s "received signature algorithm: 0x603" \
3123 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3124 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3125 -C "received HelloRetryRequest message"
3126
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3127requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3128requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3129requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3130requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3131requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3132requires_gnutls_tls1_3
3133requires_gnutls_next_no_ticket
3134requires_gnutls_next_disable_tls13_compat
3135run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3136 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3137 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3138 0 \
3139 -s "Protocol is TLSv1.3" \
3140 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3141 -s "received signature algorithm: 0x804" \
3142 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3143 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3144 -C "received HelloRetryRequest message"
3145
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3146requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3147requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3148requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3149requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3150requires_gnutls_tls1_3
3151requires_gnutls_next_no_ticket
3152requires_gnutls_next_disable_tls13_compat
3153run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3154 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3155 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3156 0 \
3157 -s "Protocol is TLSv1.3" \
3158 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3159 -s "received signature algorithm: 0x403" \
3160 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3161 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3162 -C "received HelloRetryRequest message"
3163
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3164requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3165requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3166requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3167requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3168requires_gnutls_tls1_3
3169requires_gnutls_next_no_ticket
3170requires_gnutls_next_disable_tls13_compat
3171run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3172 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3173 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3174 0 \
3175 -s "Protocol is TLSv1.3" \
3176 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3177 -s "received signature algorithm: 0x503" \
3178 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3179 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3180 -C "received HelloRetryRequest message"
3181
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3182requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3183requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3184requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3185requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3186requires_gnutls_tls1_3
3187requires_gnutls_next_no_ticket
3188requires_gnutls_next_disable_tls13_compat
3189run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3190 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3191 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3192 0 \
3193 -s "Protocol is TLSv1.3" \
3194 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3195 -s "received signature algorithm: 0x603" \
3196 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3197 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3198 -C "received HelloRetryRequest message"
3199
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3200requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3201requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3202requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3203requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3204requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3205requires_gnutls_tls1_3
3206requires_gnutls_next_no_ticket
3207requires_gnutls_next_disable_tls13_compat
3208run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3209 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3210 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3211 0 \
3212 -s "Protocol is TLSv1.3" \
3213 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3214 -s "received signature algorithm: 0x804" \
3215 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3216 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3217 -C "received HelloRetryRequest message"
3218
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3219requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3220requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3221requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3222requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3223requires_gnutls_tls1_3
3224requires_gnutls_next_no_ticket
3225requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3226run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
3227 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3228 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3229 0 \
3230 -s "Protocol is TLSv1.3" \
3231 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3232 -s "received signature algorithm: 0x403" \
3233 -s "got named group: ffdhe2048(0100)" \
3234 -s "Certificate verification was skipped" \
3235 -C "received HelloRetryRequest message"
3236
3237requires_config_enabled MBEDTLS_SSL_SRV_C
3238requires_config_enabled MBEDTLS_DEBUG_C
3239requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3240requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3241requires_gnutls_tls1_3
3242requires_gnutls_next_no_ticket
3243requires_gnutls_next_disable_tls13_compat
3244run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
3245 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3246 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3247 0 \
3248 -s "Protocol is TLSv1.3" \
3249 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3250 -s "received signature algorithm: 0x503" \
3251 -s "got named group: ffdhe2048(0100)" \
3252 -s "Certificate verification was skipped" \
3253 -C "received HelloRetryRequest message"
3254
3255requires_config_enabled MBEDTLS_SSL_SRV_C
3256requires_config_enabled MBEDTLS_DEBUG_C
3257requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3258requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3259requires_gnutls_tls1_3
3260requires_gnutls_next_no_ticket
3261requires_gnutls_next_disable_tls13_compat
3262run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
3263 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3264 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3265 0 \
3266 -s "Protocol is TLSv1.3" \
3267 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3268 -s "received signature algorithm: 0x603" \
3269 -s "got named group: ffdhe2048(0100)" \
3270 -s "Certificate verification was skipped" \
3271 -C "received HelloRetryRequest message"
3272
3273requires_config_enabled MBEDTLS_SSL_SRV_C
3274requires_config_enabled MBEDTLS_DEBUG_C
3275requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3276requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3277requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3278requires_gnutls_tls1_3
3279requires_gnutls_next_no_ticket
3280requires_gnutls_next_disable_tls13_compat
3281run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
3282 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3283 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3284 0 \
3285 -s "Protocol is TLSv1.3" \
3286 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3287 -s "received signature algorithm: 0x804" \
3288 -s "got named group: ffdhe2048(0100)" \
3289 -s "Certificate verification was skipped" \
3290 -C "received HelloRetryRequest message"
3291
3292requires_config_enabled MBEDTLS_SSL_SRV_C
3293requires_config_enabled MBEDTLS_DEBUG_C
3294requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3295requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3296requires_gnutls_tls1_3
3297requires_gnutls_next_no_ticket
3298requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3299run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
3300 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3301 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
3302 0 \
3303 -s "Protocol is TLSv1.3" \
3304 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3305 -s "received signature algorithm: 0x403" \
3306 -s "got named group: ffdhe8192(0104)" \
3307 -s "Certificate verification was skipped" \
3308 -C "received HelloRetryRequest message"
3309
3310requires_config_enabled MBEDTLS_SSL_SRV_C
3311requires_config_enabled MBEDTLS_DEBUG_C
3312requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3313requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3314requires_gnutls_tls1_3
3315requires_gnutls_next_no_ticket
3316requires_gnutls_next_disable_tls13_compat
3317run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
3318 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3319 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
3320 0 \
3321 -s "Protocol is TLSv1.3" \
3322 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3323 -s "received signature algorithm: 0x503" \
3324 -s "got named group: ffdhe8192(0104)" \
3325 -s "Certificate verification was skipped" \
3326 -C "received HelloRetryRequest message"
3327
3328requires_config_enabled MBEDTLS_SSL_SRV_C
3329requires_config_enabled MBEDTLS_DEBUG_C
3330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3331requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3332requires_gnutls_tls1_3
3333requires_gnutls_next_no_ticket
3334requires_gnutls_next_disable_tls13_compat
3335run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
3336 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3337 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
3338 0 \
3339 -s "Protocol is TLSv1.3" \
3340 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3341 -s "received signature algorithm: 0x603" \
3342 -s "got named group: ffdhe8192(0104)" \
3343 -s "Certificate verification was skipped" \
3344 -C "received HelloRetryRequest message"
3345
3346requires_config_enabled MBEDTLS_SSL_SRV_C
3347requires_config_enabled MBEDTLS_DEBUG_C
3348requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3349requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3350requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3351requires_gnutls_tls1_3
3352requires_gnutls_next_no_ticket
3353requires_gnutls_next_disable_tls13_compat
3354run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
3355 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3356 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
3357 0 \
3358 -s "Protocol is TLSv1.3" \
3359 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3360 -s "received signature algorithm: 0x804" \
3361 -s "got named group: ffdhe8192(0104)" \
3362 -s "Certificate verification was skipped" \
3363 -C "received HelloRetryRequest message"
3364
3365requires_config_enabled MBEDTLS_SSL_SRV_C
3366requires_config_enabled MBEDTLS_DEBUG_C
3367requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3368requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3369requires_gnutls_tls1_3
3370requires_gnutls_next_no_ticket
3371requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3372run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3373 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3374 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3375 0 \
3376 -s "Protocol is TLSv1.3" \
3377 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3378 -s "received signature algorithm: 0x403" \
3379 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3380 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3381 -C "received HelloRetryRequest message"
3382
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3383requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3384requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3385requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3386requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3387requires_gnutls_tls1_3
3388requires_gnutls_next_no_ticket
3389requires_gnutls_next_disable_tls13_compat
3390run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3391 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3392 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3393 0 \
3394 -s "Protocol is TLSv1.3" \
3395 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3396 -s "received signature algorithm: 0x503" \
3397 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3398 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3399 -C "received HelloRetryRequest message"
3400
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3401requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3402requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3403requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3404requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3405requires_gnutls_tls1_3
3406requires_gnutls_next_no_ticket
3407requires_gnutls_next_disable_tls13_compat
3408run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3409 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3410 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3411 0 \
3412 -s "Protocol is TLSv1.3" \
3413 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3414 -s "received signature algorithm: 0x603" \
3415 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3416 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3417 -C "received HelloRetryRequest message"
3418
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3419requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3420requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3421requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3422requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3423requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3424requires_gnutls_tls1_3
3425requires_gnutls_next_no_ticket
3426requires_gnutls_next_disable_tls13_compat
3427run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3428 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3429 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3430 0 \
3431 -s "Protocol is TLSv1.3" \
3432 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3433 -s "received signature algorithm: 0x804" \
3434 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3435 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3436 -C "received HelloRetryRequest message"
3437
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3438requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3439requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3440requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3441requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3442requires_gnutls_tls1_3
3443requires_gnutls_next_no_ticket
3444requires_gnutls_next_disable_tls13_compat
3445run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3446 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3447 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3448 0 \
3449 -s "Protocol is TLSv1.3" \
3450 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3451 -s "received signature algorithm: 0x403" \
3452 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3453 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3454 -C "received HelloRetryRequest message"
3455
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3456requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3457requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3458requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3459requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3460requires_gnutls_tls1_3
3461requires_gnutls_next_no_ticket
3462requires_gnutls_next_disable_tls13_compat
3463run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3464 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3465 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3466 0 \
3467 -s "Protocol is TLSv1.3" \
3468 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3469 -s "received signature algorithm: 0x503" \
3470 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3471 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3472 -C "received HelloRetryRequest message"
3473
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3474requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3475requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3476requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3477requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3478requires_gnutls_tls1_3
3479requires_gnutls_next_no_ticket
3480requires_gnutls_next_disable_tls13_compat
3481run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3482 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3483 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3484 0 \
3485 -s "Protocol is TLSv1.3" \
3486 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3487 -s "received signature algorithm: 0x603" \
3488 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3489 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3490 -C "received HelloRetryRequest message"
3491
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3492requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3493requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3494requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3495requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3496requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3497requires_gnutls_tls1_3
3498requires_gnutls_next_no_ticket
3499requires_gnutls_next_disable_tls13_compat
3500run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3501 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3502 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3503 0 \
3504 -s "Protocol is TLSv1.3" \
3505 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3506 -s "received signature algorithm: 0x804" \
3507 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3508 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3509 -C "received HelloRetryRequest message"
3510
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3511requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3512requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3513requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3514requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3515requires_gnutls_tls1_3
3516requires_gnutls_next_no_ticket
3517requires_gnutls_next_disable_tls13_compat
3518run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3519 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3520 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3521 0 \
3522 -s "Protocol is TLSv1.3" \
3523 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3524 -s "received signature algorithm: 0x403" \
3525 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3526 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3527 -C "received HelloRetryRequest message"
3528
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3529requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3530requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3531requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3532requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3533requires_gnutls_tls1_3
3534requires_gnutls_next_no_ticket
3535requires_gnutls_next_disable_tls13_compat
3536run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3537 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3538 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3539 0 \
3540 -s "Protocol is TLSv1.3" \
3541 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3542 -s "received signature algorithm: 0x503" \
3543 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3544 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3545 -C "received HelloRetryRequest message"
3546
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3547requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3548requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3549requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3550requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3551requires_gnutls_tls1_3
3552requires_gnutls_next_no_ticket
3553requires_gnutls_next_disable_tls13_compat
3554run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3555 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3556 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3557 0 \
3558 -s "Protocol is TLSv1.3" \
3559 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3560 -s "received signature algorithm: 0x603" \
3561 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3562 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3563 -C "received HelloRetryRequest message"
3564
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3565requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3566requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3567requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3568requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3569requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3570requires_gnutls_tls1_3
3571requires_gnutls_next_no_ticket
3572requires_gnutls_next_disable_tls13_compat
3573run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3574 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3575 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3576 0 \
3577 -s "Protocol is TLSv1.3" \
3578 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3579 -s "received signature algorithm: 0x804" \
3580 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3581 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3582 -C "received HelloRetryRequest message"
3583
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3584requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3585requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3586requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3587requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3588requires_gnutls_tls1_3
3589requires_gnutls_next_no_ticket
3590requires_gnutls_next_disable_tls13_compat
3591run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3592 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3593 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3594 0 \
3595 -s "Protocol is TLSv1.3" \
3596 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3597 -s "received signature algorithm: 0x403" \
3598 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3599 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3600 -C "received HelloRetryRequest message"
3601
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3602requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3603requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3604requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3605requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3606requires_gnutls_tls1_3
3607requires_gnutls_next_no_ticket
3608requires_gnutls_next_disable_tls13_compat
3609run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3610 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3611 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3612 0 \
3613 -s "Protocol is TLSv1.3" \
3614 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3615 -s "received signature algorithm: 0x503" \
3616 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3617 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3618 -C "received HelloRetryRequest message"
3619
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3620requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3621requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3622requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3623requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3624requires_gnutls_tls1_3
3625requires_gnutls_next_no_ticket
3626requires_gnutls_next_disable_tls13_compat
3627run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3628 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3629 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3630 0 \
3631 -s "Protocol is TLSv1.3" \
3632 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3633 -s "received signature algorithm: 0x603" \
3634 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3635 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3636 -C "received HelloRetryRequest message"
3637
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3638requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3639requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3640requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3641requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3642requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3643requires_gnutls_tls1_3
3644requires_gnutls_next_no_ticket
3645requires_gnutls_next_disable_tls13_compat
3646run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3647 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3648 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3649 0 \
3650 -s "Protocol is TLSv1.3" \
3651 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3652 -s "received signature algorithm: 0x804" \
3653 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3654 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3655 -C "received HelloRetryRequest message"
3656
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3657requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3658requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3659requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3660requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3661requires_gnutls_tls1_3
3662requires_gnutls_next_no_ticket
3663requires_gnutls_next_disable_tls13_compat
3664run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3665 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3666 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3667 0 \
3668 -s "Protocol is TLSv1.3" \
3669 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3670 -s "received signature algorithm: 0x403" \
3671 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3672 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3673 -C "received HelloRetryRequest message"
3674
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3675requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3676requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3677requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3678requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3679requires_gnutls_tls1_3
3680requires_gnutls_next_no_ticket
3681requires_gnutls_next_disable_tls13_compat
3682run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3683 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3684 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3685 0 \
3686 -s "Protocol is TLSv1.3" \
3687 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3688 -s "received signature algorithm: 0x503" \
3689 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3690 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3691 -C "received HelloRetryRequest message"
3692
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3693requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3694requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3695requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3696requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3697requires_gnutls_tls1_3
3698requires_gnutls_next_no_ticket
3699requires_gnutls_next_disable_tls13_compat
3700run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3701 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3702 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3703 0 \
3704 -s "Protocol is TLSv1.3" \
3705 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3706 -s "received signature algorithm: 0x603" \
3707 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3708 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3709 -C "received HelloRetryRequest message"
3710
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3711requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3712requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3713requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3714requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3715requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3716requires_gnutls_tls1_3
3717requires_gnutls_next_no_ticket
3718requires_gnutls_next_disable_tls13_compat
3719run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3720 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3721 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3722 0 \
3723 -s "Protocol is TLSv1.3" \
3724 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3725 -s "received signature algorithm: 0x804" \
3726 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3727 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3728 -C "received HelloRetryRequest message"
3729
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3730requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3731requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3732requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3733requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3734requires_gnutls_tls1_3
3735requires_gnutls_next_no_ticket
3736requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3737run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
3738 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3739 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3740 0 \
3741 -s "Protocol is TLSv1.3" \
3742 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3743 -s "received signature algorithm: 0x403" \
3744 -s "got named group: ffdhe2048(0100)" \
3745 -s "Certificate verification was skipped" \
3746 -C "received HelloRetryRequest message"
3747
3748requires_config_enabled MBEDTLS_SSL_SRV_C
3749requires_config_enabled MBEDTLS_DEBUG_C
3750requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3751requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3752requires_gnutls_tls1_3
3753requires_gnutls_next_no_ticket
3754requires_gnutls_next_disable_tls13_compat
3755run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
3756 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3757 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3758 0 \
3759 -s "Protocol is TLSv1.3" \
3760 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3761 -s "received signature algorithm: 0x503" \
3762 -s "got named group: ffdhe2048(0100)" \
3763 -s "Certificate verification was skipped" \
3764 -C "received HelloRetryRequest message"
3765
3766requires_config_enabled MBEDTLS_SSL_SRV_C
3767requires_config_enabled MBEDTLS_DEBUG_C
3768requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3769requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3770requires_gnutls_tls1_3
3771requires_gnutls_next_no_ticket
3772requires_gnutls_next_disable_tls13_compat
3773run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
3774 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3775 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3776 0 \
3777 -s "Protocol is TLSv1.3" \
3778 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3779 -s "received signature algorithm: 0x603" \
3780 -s "got named group: ffdhe2048(0100)" \
3781 -s "Certificate verification was skipped" \
3782 -C "received HelloRetryRequest message"
3783
3784requires_config_enabled MBEDTLS_SSL_SRV_C
3785requires_config_enabled MBEDTLS_DEBUG_C
3786requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3787requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3788requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3789requires_gnutls_tls1_3
3790requires_gnutls_next_no_ticket
3791requires_gnutls_next_disable_tls13_compat
3792run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
3793 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3794 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3795 0 \
3796 -s "Protocol is TLSv1.3" \
3797 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3798 -s "received signature algorithm: 0x804" \
3799 -s "got named group: ffdhe2048(0100)" \
3800 -s "Certificate verification was skipped" \
3801 -C "received HelloRetryRequest message"
3802
3803requires_config_enabled MBEDTLS_SSL_SRV_C
3804requires_config_enabled MBEDTLS_DEBUG_C
3805requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3806requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3807requires_gnutls_tls1_3
3808requires_gnutls_next_no_ticket
3809requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3810run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
3811 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3812 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
3813 0 \
3814 -s "Protocol is TLSv1.3" \
3815 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3816 -s "received signature algorithm: 0x403" \
3817 -s "got named group: ffdhe8192(0104)" \
3818 -s "Certificate verification was skipped" \
3819 -C "received HelloRetryRequest message"
3820
3821requires_config_enabled MBEDTLS_SSL_SRV_C
3822requires_config_enabled MBEDTLS_DEBUG_C
3823requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3824requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3825requires_gnutls_tls1_3
3826requires_gnutls_next_no_ticket
3827requires_gnutls_next_disable_tls13_compat
3828run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
3829 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3830 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
3831 0 \
3832 -s "Protocol is TLSv1.3" \
3833 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3834 -s "received signature algorithm: 0x503" \
3835 -s "got named group: ffdhe8192(0104)" \
3836 -s "Certificate verification was skipped" \
3837 -C "received HelloRetryRequest message"
3838
3839requires_config_enabled MBEDTLS_SSL_SRV_C
3840requires_config_enabled MBEDTLS_DEBUG_C
3841requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3842requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3843requires_gnutls_tls1_3
3844requires_gnutls_next_no_ticket
3845requires_gnutls_next_disable_tls13_compat
3846run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
3847 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3848 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
3849 0 \
3850 -s "Protocol is TLSv1.3" \
3851 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3852 -s "received signature algorithm: 0x603" \
3853 -s "got named group: ffdhe8192(0104)" \
3854 -s "Certificate verification was skipped" \
3855 -C "received HelloRetryRequest message"
3856
3857requires_config_enabled MBEDTLS_SSL_SRV_C
3858requires_config_enabled MBEDTLS_DEBUG_C
3859requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3860requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3861requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3862requires_gnutls_tls1_3
3863requires_gnutls_next_no_ticket
3864requires_gnutls_next_disable_tls13_compat
3865run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
3866 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3867 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
3868 0 \
3869 -s "Protocol is TLSv1.3" \
3870 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3871 -s "received signature algorithm: 0x804" \
3872 -s "got named group: ffdhe8192(0104)" \
3873 -s "Certificate verification was skipped" \
3874 -C "received HelloRetryRequest message"
3875
3876requires_config_enabled MBEDTLS_SSL_SRV_C
3877requires_config_enabled MBEDTLS_DEBUG_C
3878requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3879requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3880requires_gnutls_tls1_3
3881requires_gnutls_next_no_ticket
3882requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3883run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3884 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3885 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3886 0 \
3887 -s "Protocol is TLSv1.3" \
3888 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3889 -s "received signature algorithm: 0x403" \
3890 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3891 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3892 -C "received HelloRetryRequest message"
3893
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3894requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3895requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3896requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3897requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3898requires_gnutls_tls1_3
3899requires_gnutls_next_no_ticket
3900requires_gnutls_next_disable_tls13_compat
3901run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3902 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3903 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3904 0 \
3905 -s "Protocol is TLSv1.3" \
3906 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3907 -s "received signature algorithm: 0x503" \
3908 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3909 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3910 -C "received HelloRetryRequest message"
3911
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3912requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3913requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3914requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3915requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3916requires_gnutls_tls1_3
3917requires_gnutls_next_no_ticket
3918requires_gnutls_next_disable_tls13_compat
3919run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3920 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3921 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3922 0 \
3923 -s "Protocol is TLSv1.3" \
3924 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3925 -s "received signature algorithm: 0x603" \
3926 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3927 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3928 -C "received HelloRetryRequest message"
3929
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3930requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3931requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3932requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3933requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3934requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3935requires_gnutls_tls1_3
3936requires_gnutls_next_no_ticket
3937requires_gnutls_next_disable_tls13_compat
3938run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3939 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3940 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3941 0 \
3942 -s "Protocol is TLSv1.3" \
3943 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3944 -s "received signature algorithm: 0x804" \
3945 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3946 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3947 -C "received HelloRetryRequest message"
3948
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3949requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3950requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3951requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3952requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3953requires_gnutls_tls1_3
3954requires_gnutls_next_no_ticket
3955requires_gnutls_next_disable_tls13_compat
3956run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3957 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3958 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3959 0 \
3960 -s "Protocol is TLSv1.3" \
3961 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3962 -s "received signature algorithm: 0x403" \
3963 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3964 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3965 -C "received HelloRetryRequest message"
3966
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3967requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3968requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3969requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3970requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3971requires_gnutls_tls1_3
3972requires_gnutls_next_no_ticket
3973requires_gnutls_next_disable_tls13_compat
3974run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3975 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3976 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3977 0 \
3978 -s "Protocol is TLSv1.3" \
3979 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3980 -s "received signature algorithm: 0x503" \
3981 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3982 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3983 -C "received HelloRetryRequest message"
3984
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3985requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3986requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3987requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3988requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3989requires_gnutls_tls1_3
3990requires_gnutls_next_no_ticket
3991requires_gnutls_next_disable_tls13_compat
3992run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3993 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3994 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3995 0 \
3996 -s "Protocol is TLSv1.3" \
3997 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3998 -s "received signature algorithm: 0x603" \
3999 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4000 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4001 -C "received HelloRetryRequest message"
4002
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4003requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4004requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4005requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4006requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4007requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4008requires_gnutls_tls1_3
4009requires_gnutls_next_no_ticket
4010requires_gnutls_next_disable_tls13_compat
4011run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4012 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4013 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4014 0 \
4015 -s "Protocol is TLSv1.3" \
4016 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4017 -s "received signature algorithm: 0x804" \
4018 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4019 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4020 -C "received HelloRetryRequest message"
4021
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4022requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4023requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4024requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4025requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4026requires_gnutls_tls1_3
4027requires_gnutls_next_no_ticket
4028requires_gnutls_next_disable_tls13_compat
4029run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4030 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4031 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4032 0 \
4033 -s "Protocol is TLSv1.3" \
4034 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4035 -s "received signature algorithm: 0x403" \
4036 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4037 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4038 -C "received HelloRetryRequest message"
4039
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4040requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4041requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4042requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4043requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4044requires_gnutls_tls1_3
4045requires_gnutls_next_no_ticket
4046requires_gnutls_next_disable_tls13_compat
4047run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4048 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4049 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4050 0 \
4051 -s "Protocol is TLSv1.3" \
4052 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4053 -s "received signature algorithm: 0x503" \
4054 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4055 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4056 -C "received HelloRetryRequest message"
4057
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4058requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4059requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4060requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4061requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4062requires_gnutls_tls1_3
4063requires_gnutls_next_no_ticket
4064requires_gnutls_next_disable_tls13_compat
4065run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4066 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4067 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4068 0 \
4069 -s "Protocol is TLSv1.3" \
4070 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4071 -s "received signature algorithm: 0x603" \
4072 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4073 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4074 -C "received HelloRetryRequest message"
4075
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4076requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4077requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4078requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4079requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4080requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4081requires_gnutls_tls1_3
4082requires_gnutls_next_no_ticket
4083requires_gnutls_next_disable_tls13_compat
4084run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4085 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4086 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4087 0 \
4088 -s "Protocol is TLSv1.3" \
4089 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4090 -s "received signature algorithm: 0x804" \
4091 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4092 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4093 -C "received HelloRetryRequest message"
4094
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4095requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4096requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4097requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4098requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4099requires_gnutls_tls1_3
4100requires_gnutls_next_no_ticket
4101requires_gnutls_next_disable_tls13_compat
4102run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4103 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4104 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4105 0 \
4106 -s "Protocol is TLSv1.3" \
4107 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4108 -s "received signature algorithm: 0x403" \
4109 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4110 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4111 -C "received HelloRetryRequest message"
4112
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4113requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4114requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4115requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4116requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4117requires_gnutls_tls1_3
4118requires_gnutls_next_no_ticket
4119requires_gnutls_next_disable_tls13_compat
4120run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4121 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4122 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4123 0 \
4124 -s "Protocol is TLSv1.3" \
4125 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4126 -s "received signature algorithm: 0x503" \
4127 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4128 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4129 -C "received HelloRetryRequest message"
4130
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4131requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4132requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4133requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4134requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4135requires_gnutls_tls1_3
4136requires_gnutls_next_no_ticket
4137requires_gnutls_next_disable_tls13_compat
4138run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4139 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4140 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4141 0 \
4142 -s "Protocol is TLSv1.3" \
4143 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4144 -s "received signature algorithm: 0x603" \
4145 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4146 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4147 -C "received HelloRetryRequest message"
4148
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4149requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4150requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4151requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4152requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4153requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4154requires_gnutls_tls1_3
4155requires_gnutls_next_no_ticket
4156requires_gnutls_next_disable_tls13_compat
4157run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4158 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4159 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4160 0 \
4161 -s "Protocol is TLSv1.3" \
4162 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4163 -s "received signature algorithm: 0x804" \
4164 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4165 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4166 -C "received HelloRetryRequest message"
4167
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4168requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4169requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4170requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4171requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4172requires_gnutls_tls1_3
4173requires_gnutls_next_no_ticket
4174requires_gnutls_next_disable_tls13_compat
4175run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4176 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4177 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4178 0 \
4179 -s "Protocol is TLSv1.3" \
4180 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4181 -s "received signature algorithm: 0x403" \
4182 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4183 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4184 -C "received HelloRetryRequest message"
4185
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4186requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4187requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4188requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4189requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4190requires_gnutls_tls1_3
4191requires_gnutls_next_no_ticket
4192requires_gnutls_next_disable_tls13_compat
4193run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4194 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4195 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4196 0 \
4197 -s "Protocol is TLSv1.3" \
4198 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4199 -s "received signature algorithm: 0x503" \
4200 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4201 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4202 -C "received HelloRetryRequest message"
4203
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4204requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4205requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4206requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4207requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4208requires_gnutls_tls1_3
4209requires_gnutls_next_no_ticket
4210requires_gnutls_next_disable_tls13_compat
4211run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4212 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4213 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4214 0 \
4215 -s "Protocol is TLSv1.3" \
4216 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4217 -s "received signature algorithm: 0x603" \
4218 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4219 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4220 -C "received HelloRetryRequest message"
4221
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4222requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4223requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4224requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4225requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4226requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4227requires_gnutls_tls1_3
4228requires_gnutls_next_no_ticket
4229requires_gnutls_next_disable_tls13_compat
4230run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4231 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4232 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4233 0 \
4234 -s "Protocol is TLSv1.3" \
4235 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4236 -s "received signature algorithm: 0x804" \
4237 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4238 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4239 -C "received HelloRetryRequest message"
4240
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4241requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4242requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4243requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4244requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4245requires_gnutls_tls1_3
4246requires_gnutls_next_no_ticket
4247requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4248run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
4249 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4250 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
4251 0 \
4252 -s "Protocol is TLSv1.3" \
4253 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4254 -s "received signature algorithm: 0x403" \
4255 -s "got named group: ffdhe2048(0100)" \
4256 -s "Certificate verification was skipped" \
4257 -C "received HelloRetryRequest message"
4258
4259requires_config_enabled MBEDTLS_SSL_SRV_C
4260requires_config_enabled MBEDTLS_DEBUG_C
4261requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4262requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4263requires_gnutls_tls1_3
4264requires_gnutls_next_no_ticket
4265requires_gnutls_next_disable_tls13_compat
4266run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
4267 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4268 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
4269 0 \
4270 -s "Protocol is TLSv1.3" \
4271 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4272 -s "received signature algorithm: 0x503" \
4273 -s "got named group: ffdhe2048(0100)" \
4274 -s "Certificate verification was skipped" \
4275 -C "received HelloRetryRequest message"
4276
4277requires_config_enabled MBEDTLS_SSL_SRV_C
4278requires_config_enabled MBEDTLS_DEBUG_C
4279requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4280requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4281requires_gnutls_tls1_3
4282requires_gnutls_next_no_ticket
4283requires_gnutls_next_disable_tls13_compat
4284run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
4285 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4286 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
4287 0 \
4288 -s "Protocol is TLSv1.3" \
4289 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4290 -s "received signature algorithm: 0x603" \
4291 -s "got named group: ffdhe2048(0100)" \
4292 -s "Certificate verification was skipped" \
4293 -C "received HelloRetryRequest message"
4294
4295requires_config_enabled MBEDTLS_SSL_SRV_C
4296requires_config_enabled MBEDTLS_DEBUG_C
4297requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4298requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4299requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4300requires_gnutls_tls1_3
4301requires_gnutls_next_no_ticket
4302requires_gnutls_next_disable_tls13_compat
4303run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
4304 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4305 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
4306 0 \
4307 -s "Protocol is TLSv1.3" \
4308 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4309 -s "received signature algorithm: 0x804" \
4310 -s "got named group: ffdhe2048(0100)" \
4311 -s "Certificate verification was skipped" \
4312 -C "received HelloRetryRequest message"
4313
4314requires_config_enabled MBEDTLS_SSL_SRV_C
4315requires_config_enabled MBEDTLS_DEBUG_C
4316requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4317requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4318requires_gnutls_tls1_3
4319requires_gnutls_next_no_ticket
4320requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4321run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
4322 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4323 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4324 0 \
4325 -s "Protocol is TLSv1.3" \
4326 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4327 -s "received signature algorithm: 0x403" \
4328 -s "got named group: ffdhe8192(0104)" \
4329 -s "Certificate verification was skipped" \
4330 -C "received HelloRetryRequest message"
4331
4332requires_config_enabled MBEDTLS_SSL_SRV_C
4333requires_config_enabled MBEDTLS_DEBUG_C
4334requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4335requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4336requires_gnutls_tls1_3
4337requires_gnutls_next_no_ticket
4338requires_gnutls_next_disable_tls13_compat
4339run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
4340 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4341 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4342 0 \
4343 -s "Protocol is TLSv1.3" \
4344 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4345 -s "received signature algorithm: 0x503" \
4346 -s "got named group: ffdhe8192(0104)" \
4347 -s "Certificate verification was skipped" \
4348 -C "received HelloRetryRequest message"
4349
4350requires_config_enabled MBEDTLS_SSL_SRV_C
4351requires_config_enabled MBEDTLS_DEBUG_C
4352requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4353requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4354requires_gnutls_tls1_3
4355requires_gnutls_next_no_ticket
4356requires_gnutls_next_disable_tls13_compat
4357run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
4358 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4359 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4360 0 \
4361 -s "Protocol is TLSv1.3" \
4362 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4363 -s "received signature algorithm: 0x603" \
4364 -s "got named group: ffdhe8192(0104)" \
4365 -s "Certificate verification was skipped" \
4366 -C "received HelloRetryRequest message"
4367
4368requires_config_enabled MBEDTLS_SSL_SRV_C
4369requires_config_enabled MBEDTLS_DEBUG_C
4370requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4371requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4372requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4373requires_gnutls_tls1_3
4374requires_gnutls_next_no_ticket
4375requires_gnutls_next_disable_tls13_compat
4376run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
4377 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4378 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4379 0 \
4380 -s "Protocol is TLSv1.3" \
4381 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4382 -s "received signature algorithm: 0x804" \
4383 -s "got named group: ffdhe8192(0104)" \
4384 -s "Certificate verification was skipped" \
4385 -C "received HelloRetryRequest message"
4386
4387requires_config_enabled MBEDTLS_SSL_SRV_C
4388requires_config_enabled MBEDTLS_DEBUG_C
4389requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4390requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4391requires_gnutls_tls1_3
4392requires_gnutls_next_no_ticket
4393requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4394run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4395 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4396 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4397 0 \
4398 -s "Protocol is TLSv1.3" \
4399 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4400 -s "received signature algorithm: 0x403" \
4401 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4402 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4403 -C "received HelloRetryRequest message"
4404
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4405requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4406requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4407requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4408requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4409requires_gnutls_tls1_3
4410requires_gnutls_next_no_ticket
4411requires_gnutls_next_disable_tls13_compat
4412run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4413 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4414 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4415 0 \
4416 -s "Protocol is TLSv1.3" \
4417 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4418 -s "received signature algorithm: 0x503" \
4419 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4420 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4421 -C "received HelloRetryRequest message"
4422
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4423requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4424requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4425requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4426requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4427requires_gnutls_tls1_3
4428requires_gnutls_next_no_ticket
4429requires_gnutls_next_disable_tls13_compat
4430run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4431 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4432 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4433 0 \
4434 -s "Protocol is TLSv1.3" \
4435 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4436 -s "received signature algorithm: 0x603" \
4437 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4438 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4439 -C "received HelloRetryRequest message"
4440
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4441requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4442requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4443requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4444requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4445requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4446requires_gnutls_tls1_3
4447requires_gnutls_next_no_ticket
4448requires_gnutls_next_disable_tls13_compat
4449run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4450 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4451 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4452 0 \
4453 -s "Protocol is TLSv1.3" \
4454 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4455 -s "received signature algorithm: 0x804" \
4456 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4457 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4458 -C "received HelloRetryRequest message"
4459
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4460requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4461requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4462requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4463requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4464requires_gnutls_tls1_3
4465requires_gnutls_next_no_ticket
4466requires_gnutls_next_disable_tls13_compat
4467run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4468 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4469 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4470 0 \
4471 -s "Protocol is TLSv1.3" \
4472 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4473 -s "received signature algorithm: 0x403" \
4474 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4475 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4476 -C "received HelloRetryRequest message"
4477
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4478requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4479requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4480requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4481requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4482requires_gnutls_tls1_3
4483requires_gnutls_next_no_ticket
4484requires_gnutls_next_disable_tls13_compat
4485run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4486 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4487 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4488 0 \
4489 -s "Protocol is TLSv1.3" \
4490 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4491 -s "received signature algorithm: 0x503" \
4492 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4493 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4494 -C "received HelloRetryRequest message"
4495
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4496requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4497requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4498requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4499requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4500requires_gnutls_tls1_3
4501requires_gnutls_next_no_ticket
4502requires_gnutls_next_disable_tls13_compat
4503run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4504 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4505 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4506 0 \
4507 -s "Protocol is TLSv1.3" \
4508 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4509 -s "received signature algorithm: 0x603" \
4510 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4511 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4512 -C "received HelloRetryRequest message"
4513
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4514requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4515requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4516requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4517requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4518requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4519requires_gnutls_tls1_3
4520requires_gnutls_next_no_ticket
4521requires_gnutls_next_disable_tls13_compat
4522run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4523 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4524 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4525 0 \
4526 -s "Protocol is TLSv1.3" \
4527 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4528 -s "received signature algorithm: 0x804" \
4529 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4530 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4531 -C "received HelloRetryRequest message"
4532
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4533requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4534requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4535requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4536requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4537requires_gnutls_tls1_3
4538requires_gnutls_next_no_ticket
4539requires_gnutls_next_disable_tls13_compat
4540run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4541 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4542 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4543 0 \
4544 -s "Protocol is TLSv1.3" \
4545 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4546 -s "received signature algorithm: 0x403" \
4547 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4548 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4549 -C "received HelloRetryRequest message"
4550
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4551requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4552requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4553requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4554requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4555requires_gnutls_tls1_3
4556requires_gnutls_next_no_ticket
4557requires_gnutls_next_disable_tls13_compat
4558run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4559 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4560 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4561 0 \
4562 -s "Protocol is TLSv1.3" \
4563 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4564 -s "received signature algorithm: 0x503" \
4565 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4566 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4567 -C "received HelloRetryRequest message"
4568
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4569requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4570requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4571requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4572requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4573requires_gnutls_tls1_3
4574requires_gnutls_next_no_ticket
4575requires_gnutls_next_disable_tls13_compat
4576run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4577 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4578 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4579 0 \
4580 -s "Protocol is TLSv1.3" \
4581 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4582 -s "received signature algorithm: 0x603" \
4583 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4584 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4585 -C "received HelloRetryRequest message"
4586
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4587requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4588requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4589requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4590requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4591requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4592requires_gnutls_tls1_3
4593requires_gnutls_next_no_ticket
4594requires_gnutls_next_disable_tls13_compat
4595run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4596 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4597 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4598 0 \
4599 -s "Protocol is TLSv1.3" \
4600 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4601 -s "received signature algorithm: 0x804" \
4602 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4603 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4604 -C "received HelloRetryRequest message"
4605
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4606requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4607requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4608requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4609requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4610requires_gnutls_tls1_3
4611requires_gnutls_next_no_ticket
4612requires_gnutls_next_disable_tls13_compat
4613run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4614 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4615 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4616 0 \
4617 -s "Protocol is TLSv1.3" \
4618 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4619 -s "received signature algorithm: 0x403" \
4620 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4621 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4622 -C "received HelloRetryRequest message"
4623
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4624requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4625requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4626requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4627requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4628requires_gnutls_tls1_3
4629requires_gnutls_next_no_ticket
4630requires_gnutls_next_disable_tls13_compat
4631run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4632 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4633 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4634 0 \
4635 -s "Protocol is TLSv1.3" \
4636 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4637 -s "received signature algorithm: 0x503" \
4638 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4639 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4640 -C "received HelloRetryRequest message"
4641
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4642requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4643requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4644requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4645requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4646requires_gnutls_tls1_3
4647requires_gnutls_next_no_ticket
4648requires_gnutls_next_disable_tls13_compat
4649run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4650 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4651 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4652 0 \
4653 -s "Protocol is TLSv1.3" \
4654 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4655 -s "received signature algorithm: 0x603" \
4656 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4657 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4658 -C "received HelloRetryRequest message"
4659
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4660requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4661requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4662requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4663requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4664requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4665requires_gnutls_tls1_3
4666requires_gnutls_next_no_ticket
4667requires_gnutls_next_disable_tls13_compat
4668run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4669 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4670 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4671 0 \
4672 -s "Protocol is TLSv1.3" \
4673 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4674 -s "received signature algorithm: 0x804" \
4675 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4676 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4677 -C "received HelloRetryRequest message"
4678
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4679requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4680requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4681requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4682requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4683requires_gnutls_tls1_3
4684requires_gnutls_next_no_ticket
4685requires_gnutls_next_disable_tls13_compat
4686run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4687 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4688 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4689 0 \
4690 -s "Protocol is TLSv1.3" \
4691 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4692 -s "received signature algorithm: 0x403" \
4693 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4694 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4695 -C "received HelloRetryRequest message"
4696
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4697requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4698requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4699requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4700requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4701requires_gnutls_tls1_3
4702requires_gnutls_next_no_ticket
4703requires_gnutls_next_disable_tls13_compat
4704run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4705 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4706 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4707 0 \
4708 -s "Protocol is TLSv1.3" \
4709 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4710 -s "received signature algorithm: 0x503" \
4711 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4712 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4713 -C "received HelloRetryRequest message"
4714
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4715requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4716requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4717requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4718requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4719requires_gnutls_tls1_3
4720requires_gnutls_next_no_ticket
4721requires_gnutls_next_disable_tls13_compat
4722run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4723 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4724 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4725 0 \
4726 -s "Protocol is TLSv1.3" \
4727 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4728 -s "received signature algorithm: 0x603" \
4729 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4730 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4731 -C "received HelloRetryRequest message"
4732
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4733requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4734requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4735requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4736requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4737requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4738requires_gnutls_tls1_3
4739requires_gnutls_next_no_ticket
4740requires_gnutls_next_disable_tls13_compat
4741run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4742 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4743 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4744 0 \
4745 -s "Protocol is TLSv1.3" \
4746 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4747 -s "received signature algorithm: 0x804" \
4748 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4749 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4750 -C "received HelloRetryRequest message"
4751
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4752requires_config_enabled MBEDTLS_SSL_SRV_C
4753requires_config_enabled MBEDTLS_DEBUG_C
4754requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4755requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4756requires_gnutls_tls1_3
4757requires_gnutls_next_no_ticket
4758requires_gnutls_next_disable_tls13_compat
4759run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
4760 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4761 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
4762 0 \
4763 -s "Protocol is TLSv1.3" \
4764 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4765 -s "received signature algorithm: 0x403" \
4766 -s "got named group: ffdhe2048(0100)" \
4767 -s "Certificate verification was skipped" \
4768 -C "received HelloRetryRequest message"
4769
4770requires_config_enabled MBEDTLS_SSL_SRV_C
4771requires_config_enabled MBEDTLS_DEBUG_C
4772requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4773requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4774requires_gnutls_tls1_3
4775requires_gnutls_next_no_ticket
4776requires_gnutls_next_disable_tls13_compat
4777run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
4778 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4779 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
4780 0 \
4781 -s "Protocol is TLSv1.3" \
4782 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4783 -s "received signature algorithm: 0x503" \
4784 -s "got named group: ffdhe2048(0100)" \
4785 -s "Certificate verification was skipped" \
4786 -C "received HelloRetryRequest message"
4787
4788requires_config_enabled MBEDTLS_SSL_SRV_C
4789requires_config_enabled MBEDTLS_DEBUG_C
4790requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4791requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4792requires_gnutls_tls1_3
4793requires_gnutls_next_no_ticket
4794requires_gnutls_next_disable_tls13_compat
4795run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
4796 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4797 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
4798 0 \
4799 -s "Protocol is TLSv1.3" \
4800 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4801 -s "received signature algorithm: 0x603" \
4802 -s "got named group: ffdhe2048(0100)" \
4803 -s "Certificate verification was skipped" \
4804 -C "received HelloRetryRequest message"
4805
4806requires_config_enabled MBEDTLS_SSL_SRV_C
4807requires_config_enabled MBEDTLS_DEBUG_C
4808requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4809requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4810requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4811requires_gnutls_tls1_3
4812requires_gnutls_next_no_ticket
4813requires_gnutls_next_disable_tls13_compat
4814run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
4815 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4816 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
4817 0 \
4818 -s "Protocol is TLSv1.3" \
4819 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4820 -s "received signature algorithm: 0x804" \
4821 -s "got named group: ffdhe2048(0100)" \
4822 -s "Certificate verification was skipped" \
4823 -C "received HelloRetryRequest message"
4824
4825requires_config_enabled MBEDTLS_SSL_SRV_C
4826requires_config_enabled MBEDTLS_DEBUG_C
4827requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4828requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4829requires_gnutls_tls1_3
4830requires_gnutls_next_no_ticket
4831requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4832run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
4833 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4834 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4835 0 \
4836 -s "Protocol is TLSv1.3" \
4837 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4838 -s "received signature algorithm: 0x403" \
4839 -s "got named group: ffdhe8192(0104)" \
4840 -s "Certificate verification was skipped" \
4841 -C "received HelloRetryRequest message"
4842
4843requires_config_enabled MBEDTLS_SSL_SRV_C
4844requires_config_enabled MBEDTLS_DEBUG_C
4845requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4846requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4847requires_gnutls_tls1_3
4848requires_gnutls_next_no_ticket
4849requires_gnutls_next_disable_tls13_compat
4850run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
4851 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4852 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4853 0 \
4854 -s "Protocol is TLSv1.3" \
4855 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4856 -s "received signature algorithm: 0x503" \
4857 -s "got named group: ffdhe8192(0104)" \
4858 -s "Certificate verification was skipped" \
4859 -C "received HelloRetryRequest message"
4860
4861requires_config_enabled MBEDTLS_SSL_SRV_C
4862requires_config_enabled MBEDTLS_DEBUG_C
4863requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4864requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4865requires_gnutls_tls1_3
4866requires_gnutls_next_no_ticket
4867requires_gnutls_next_disable_tls13_compat
4868run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
4869 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4870 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4871 0 \
4872 -s "Protocol is TLSv1.3" \
4873 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4874 -s "received signature algorithm: 0x603" \
4875 -s "got named group: ffdhe8192(0104)" \
4876 -s "Certificate verification was skipped" \
4877 -C "received HelloRetryRequest message"
4878
4879requires_config_enabled MBEDTLS_SSL_SRV_C
4880requires_config_enabled MBEDTLS_DEBUG_C
4881requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4882requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4883requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4884requires_gnutls_tls1_3
4885requires_gnutls_next_no_ticket
4886requires_gnutls_next_disable_tls13_compat
4887run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
4888 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4889 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4890 0 \
4891 -s "Protocol is TLSv1.3" \
4892 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4893 -s "received signature algorithm: 0x804" \
4894 -s "got named group: ffdhe8192(0104)" \
4895 -s "Certificate verification was skipped" \
4896 -C "received HelloRetryRequest message"
4897
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4898requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4899requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4900requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4901requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4902requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4903run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4904 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4905 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4906 0 \
4907 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4908 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4909 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4910 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4911 -c "NamedGroup: secp256r1 ( 17 )" \
4912 -c "Verifying peer X.509 certificate... ok" \
4913 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4914
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4915requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4916requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4917requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4918requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4919requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4920run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4921 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4922 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4923 0 \
4924 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4925 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4926 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4927 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4928 -c "NamedGroup: secp256r1 ( 17 )" \
4929 -c "Verifying peer X.509 certificate... ok" \
4930 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4931
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4932requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4933requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4934requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4935requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4936requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4937run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4938 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4939 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4940 0 \
4941 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4942 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4943 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4944 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4945 -c "NamedGroup: secp256r1 ( 17 )" \
4946 -c "Verifying peer X.509 certificate... ok" \
4947 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4948
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4949requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4950requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4951requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4952requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4953requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4954requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4955run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4956 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4957 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4958 0 \
4959 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4960 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4961 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4962 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4963 -c "NamedGroup: secp256r1 ( 17 )" \
4964 -c "Verifying peer X.509 certificate... ok" \
4965 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4966
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4967requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4968requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4969requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4970requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4971requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4972run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4973 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4974 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4975 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4976 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4977 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4978 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4979 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4980 -c "NamedGroup: secp384r1 ( 18 )" \
4981 -c "Verifying peer X.509 certificate... ok" \
4982 -C "received HelloRetryRequest message"
4983
4984requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4985requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4986requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4987requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4988requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4989run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4990 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4991 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4992 0 \
4993 -c "HTTP/1.0 200 ok" \
4994 -c "Protocol is TLSv1.3" \
4995 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4996 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4997 -c "NamedGroup: secp384r1 ( 18 )" \
4998 -c "Verifying peer X.509 certificate... ok" \
4999 -C "received HelloRetryRequest message"
5000
5001requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5002requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5003requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5004requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5005requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5006run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5007 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5008 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5009 0 \
5010 -c "HTTP/1.0 200 ok" \
5011 -c "Protocol is TLSv1.3" \
5012 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5013 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5014 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5015 -c "Verifying peer X.509 certificate... ok" \
5016 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5017
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5018requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5019requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5020requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5021requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5022requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5023requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5024run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5025 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5026 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5027 0 \
5028 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5029 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5030 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5031 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5032 -c "NamedGroup: secp384r1 ( 18 )" \
5033 -c "Verifying peer X.509 certificate... ok" \
5034 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5035
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5036requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5037requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5038requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5039requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5040requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5041run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5042 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5043 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5044 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5045 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5046 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5047 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5048 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5049 -c "NamedGroup: secp521r1 ( 19 )" \
5050 -c "Verifying peer X.509 certificate... ok" \
5051 -C "received HelloRetryRequest message"
5052
5053requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5054requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5055requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5056requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5057requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5058run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5059 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5060 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5061 0 \
5062 -c "HTTP/1.0 200 ok" \
5063 -c "Protocol is TLSv1.3" \
5064 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5065 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5066 -c "NamedGroup: secp521r1 ( 19 )" \
5067 -c "Verifying peer X.509 certificate... ok" \
5068 -C "received HelloRetryRequest message"
5069
5070requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5071requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5072requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5073requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5074requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5075run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5076 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5077 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5078 0 \
5079 -c "HTTP/1.0 200 ok" \
5080 -c "Protocol is TLSv1.3" \
5081 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5082 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5083 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5084 -c "Verifying peer X.509 certificate... ok" \
5085 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5086
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5087requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5088requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5089requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5090requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5091requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5092requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5093run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5094 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5095 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5096 0 \
5097 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5098 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5099 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5100 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5101 -c "NamedGroup: secp521r1 ( 19 )" \
5102 -c "Verifying peer X.509 certificate... ok" \
5103 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5104
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5105requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5106requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5107requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5108requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5109requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5110run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5111 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5112 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5113 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5114 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5115 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5116 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5117 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5118 -c "NamedGroup: x25519 ( 1d )" \
5119 -c "Verifying peer X.509 certificate... ok" \
5120 -C "received HelloRetryRequest message"
5121
5122requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5123requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5124requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5125requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5126requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5127run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5128 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5129 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5130 0 \
5131 -c "HTTP/1.0 200 ok" \
5132 -c "Protocol is TLSv1.3" \
5133 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5134 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5135 -c "NamedGroup: x25519 ( 1d )" \
5136 -c "Verifying peer X.509 certificate... ok" \
5137 -C "received HelloRetryRequest message"
5138
5139requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5140requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5141requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5142requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5143requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5144run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5145 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5146 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5147 0 \
5148 -c "HTTP/1.0 200 ok" \
5149 -c "Protocol is TLSv1.3" \
5150 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5151 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5152 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5153 -c "Verifying peer X.509 certificate... ok" \
5154 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5155
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5156requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5157requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5158requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5159requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5160requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5161requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5162run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5163 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5164 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5165 0 \
5166 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5167 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5168 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5169 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5170 -c "NamedGroup: x25519 ( 1d )" \
5171 -c "Verifying peer X.509 certificate... ok" \
5172 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5173
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5174requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5175requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5176requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5177requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5178requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5179run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5180 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5181 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5182 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5183 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5184 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5185 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5186 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5187 -c "NamedGroup: x448 ( 1e )" \
5188 -c "Verifying peer X.509 certificate... ok" \
5189 -C "received HelloRetryRequest message"
5190
5191requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5192requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5193requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5194requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5195requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5196run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5197 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5198 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5199 0 \
5200 -c "HTTP/1.0 200 ok" \
5201 -c "Protocol is TLSv1.3" \
5202 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5203 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5204 -c "NamedGroup: x448 ( 1e )" \
5205 -c "Verifying peer X.509 certificate... ok" \
5206 -C "received HelloRetryRequest message"
5207
5208requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5209requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5210requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5211requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5212requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5213run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5214 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5215 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5216 0 \
5217 -c "HTTP/1.0 200 ok" \
5218 -c "Protocol is TLSv1.3" \
5219 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5220 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5221 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5222 -c "Verifying peer X.509 certificate... ok" \
5223 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5224
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5225requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5226requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5227requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5228requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5229requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5230requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5231run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5232 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5233 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5234 0 \
5235 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5236 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5237 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5238 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5239 -c "NamedGroup: x448 ( 1e )" \
5240 -c "Verifying peer X.509 certificate... ok" \
5241 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5242
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5243requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5244requires_openssl_3_x
5245requires_config_enabled MBEDTLS_SSL_CLI_C
5246requires_config_enabled MBEDTLS_DEBUG_C
5247requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5248requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5249run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
5250 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5251 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
5252 0 \
5253 -c "HTTP/1.0 200 ok" \
5254 -c "Protocol is TLSv1.3" \
5255 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5256 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5257 -c "NamedGroup: ffdhe2048 ( 100 )" \
5258 -c "Verifying peer X.509 certificate... ok" \
5259 -C "received HelloRetryRequest message"
5260
5261requires_openssl_tls1_3
5262requires_openssl_3_x
5263requires_config_enabled MBEDTLS_SSL_CLI_C
5264requires_config_enabled MBEDTLS_DEBUG_C
5265requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5266requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5267run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
5268 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5269 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
5270 0 \
5271 -c "HTTP/1.0 200 ok" \
5272 -c "Protocol is TLSv1.3" \
5273 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5274 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5275 -c "NamedGroup: ffdhe2048 ( 100 )" \
5276 -c "Verifying peer X.509 certificate... ok" \
5277 -C "received HelloRetryRequest message"
5278
5279requires_openssl_tls1_3
5280requires_openssl_3_x
5281requires_config_enabled MBEDTLS_SSL_CLI_C
5282requires_config_enabled MBEDTLS_DEBUG_C
5283requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5284requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5285run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
5286 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5287 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
5288 0 \
5289 -c "HTTP/1.0 200 ok" \
5290 -c "Protocol is TLSv1.3" \
5291 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5292 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5293 -c "NamedGroup: ffdhe2048 ( 100 )" \
5294 -c "Verifying peer X.509 certificate... ok" \
5295 -C "received HelloRetryRequest message"
5296
5297requires_openssl_tls1_3
5298requires_openssl_3_x
5299requires_config_enabled MBEDTLS_SSL_CLI_C
5300requires_config_enabled MBEDTLS_DEBUG_C
5301requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5302requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5303requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5304run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
5305 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5306 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
5307 0 \
5308 -c "HTTP/1.0 200 ok" \
5309 -c "Protocol is TLSv1.3" \
5310 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5311 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5312 -c "NamedGroup: ffdhe2048 ( 100 )" \
5313 -c "Verifying peer X.509 certificate... ok" \
5314 -C "received HelloRetryRequest message"
5315
5316requires_openssl_tls1_3
5317requires_openssl_3_x
5318requires_config_enabled MBEDTLS_SSL_CLI_C
5319requires_config_enabled MBEDTLS_DEBUG_C
5320requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5321requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5322run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
5323 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5324 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
5325 0 \
5326 -c "HTTP/1.0 200 ok" \
5327 -c "Protocol is TLSv1.3" \
5328 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5329 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5330 -c "NamedGroup: ffdhe8192 ( 104 )" \
5331 -c "Verifying peer X.509 certificate... ok" \
5332 -C "received HelloRetryRequest message"
5333
5334requires_openssl_tls1_3
5335requires_openssl_3_x
5336requires_config_enabled MBEDTLS_SSL_CLI_C
5337requires_config_enabled MBEDTLS_DEBUG_C
5338requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5339requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5340run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
5341 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5342 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
5343 0 \
5344 -c "HTTP/1.0 200 ok" \
5345 -c "Protocol is TLSv1.3" \
5346 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5347 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5348 -c "NamedGroup: ffdhe8192 ( 104 )" \
5349 -c "Verifying peer X.509 certificate... ok" \
5350 -C "received HelloRetryRequest message"
5351
5352requires_openssl_tls1_3
5353requires_openssl_3_x
5354requires_config_enabled MBEDTLS_SSL_CLI_C
5355requires_config_enabled MBEDTLS_DEBUG_C
5356requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5357requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5358run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
5359 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5360 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
5361 0 \
5362 -c "HTTP/1.0 200 ok" \
5363 -c "Protocol is TLSv1.3" \
5364 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5365 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5366 -c "NamedGroup: ffdhe8192 ( 104 )" \
5367 -c "Verifying peer X.509 certificate... ok" \
5368 -C "received HelloRetryRequest message"
5369
5370requires_openssl_tls1_3
5371requires_openssl_3_x
5372requires_config_enabled MBEDTLS_SSL_CLI_C
5373requires_config_enabled MBEDTLS_DEBUG_C
5374requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5375requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5376requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5377run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
5378 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5379 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
5380 0 \
5381 -c "HTTP/1.0 200 ok" \
5382 -c "Protocol is TLSv1.3" \
5383 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5384 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5385 -c "NamedGroup: ffdhe8192 ( 104 )" \
5386 -c "Verifying peer X.509 certificate... ok" \
5387 -C "received HelloRetryRequest message"
5388
5389requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5390requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5391requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5392requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5393requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5394run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5395 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5396 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5397 0 \
5398 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5399 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5400 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5401 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5402 -c "NamedGroup: secp256r1 ( 17 )" \
5403 -c "Verifying peer X.509 certificate... ok" \
5404 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5405
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5406requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5407requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5408requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5409requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5410requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5411run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5412 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5413 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5414 0 \
5415 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5416 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5417 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5418 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5419 -c "NamedGroup: secp256r1 ( 17 )" \
5420 -c "Verifying peer X.509 certificate... ok" \
5421 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5422
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5423requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5424requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5425requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5426requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5427requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5428run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5429 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5430 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5431 0 \
5432 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5433 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5434 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5435 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5436 -c "NamedGroup: secp256r1 ( 17 )" \
5437 -c "Verifying peer X.509 certificate... ok" \
5438 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5439
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5440requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5441requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5442requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5443requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5444requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5445requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5446run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5447 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5448 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5449 0 \
5450 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5451 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5452 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5453 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5454 -c "NamedGroup: secp256r1 ( 17 )" \
5455 -c "Verifying peer X.509 certificate... ok" \
5456 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5457
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5458requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5459requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5460requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5461requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5462requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5463run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5464 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5465 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5466 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5467 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5468 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5469 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5470 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5471 -c "NamedGroup: secp384r1 ( 18 )" \
5472 -c "Verifying peer X.509 certificate... ok" \
5473 -C "received HelloRetryRequest message"
5474
5475requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5476requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5477requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5478requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5479requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5480run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5481 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5482 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5483 0 \
5484 -c "HTTP/1.0 200 ok" \
5485 -c "Protocol is TLSv1.3" \
5486 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5487 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5488 -c "NamedGroup: secp384r1 ( 18 )" \
5489 -c "Verifying peer X.509 certificate... ok" \
5490 -C "received HelloRetryRequest message"
5491
5492requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5493requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5494requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5495requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5496requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5497run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5498 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5499 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5500 0 \
5501 -c "HTTP/1.0 200 ok" \
5502 -c "Protocol is TLSv1.3" \
5503 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5504 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5505 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5506 -c "Verifying peer X.509 certificate... ok" \
5507 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5508
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5509requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5510requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5511requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5512requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5513requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5514requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5515run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5516 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5517 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5518 0 \
5519 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5520 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5521 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5522 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5523 -c "NamedGroup: secp384r1 ( 18 )" \
5524 -c "Verifying peer X.509 certificate... ok" \
5525 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5526
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5527requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5528requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5529requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5530requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5531requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5532run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5533 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5534 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5535 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5536 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5537 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5538 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5539 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5540 -c "NamedGroup: secp521r1 ( 19 )" \
5541 -c "Verifying peer X.509 certificate... ok" \
5542 -C "received HelloRetryRequest message"
5543
5544requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5545requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5546requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5547requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5548requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5549run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5550 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5551 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5552 0 \
5553 -c "HTTP/1.0 200 ok" \
5554 -c "Protocol is TLSv1.3" \
5555 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5556 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5557 -c "NamedGroup: secp521r1 ( 19 )" \
5558 -c "Verifying peer X.509 certificate... ok" \
5559 -C "received HelloRetryRequest message"
5560
5561requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5562requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5563requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5564requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5565requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5566run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5567 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5568 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5569 0 \
5570 -c "HTTP/1.0 200 ok" \
5571 -c "Protocol is TLSv1.3" \
5572 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5573 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5574 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5575 -c "Verifying peer X.509 certificate... ok" \
5576 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5577
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5578requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5579requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5580requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5581requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5582requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5583requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5584run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5585 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5586 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5587 0 \
5588 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5589 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5590 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5591 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5592 -c "NamedGroup: secp521r1 ( 19 )" \
5593 -c "Verifying peer X.509 certificate... ok" \
5594 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5595
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5596requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5597requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5598requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5599requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5600requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5601run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5602 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5603 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5604 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5605 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5606 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5607 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5608 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5609 -c "NamedGroup: x25519 ( 1d )" \
5610 -c "Verifying peer X.509 certificate... ok" \
5611 -C "received HelloRetryRequest message"
5612
5613requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5614requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5615requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5616requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5617requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5618run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5619 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5620 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5621 0 \
5622 -c "HTTP/1.0 200 ok" \
5623 -c "Protocol is TLSv1.3" \
5624 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5625 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5626 -c "NamedGroup: x25519 ( 1d )" \
5627 -c "Verifying peer X.509 certificate... ok" \
5628 -C "received HelloRetryRequest message"
5629
5630requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5631requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5632requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5633requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5634requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5635run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5636 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5637 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5638 0 \
5639 -c "HTTP/1.0 200 ok" \
5640 -c "Protocol is TLSv1.3" \
5641 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5642 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5643 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5644 -c "Verifying peer X.509 certificate... ok" \
5645 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5646
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5647requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5648requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5649requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5650requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5651requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5652requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5653run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5654 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5655 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5656 0 \
5657 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5658 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5659 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5660 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5661 -c "NamedGroup: x25519 ( 1d )" \
5662 -c "Verifying peer X.509 certificate... ok" \
5663 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5664
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5665requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5666requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5667requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5668requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5669requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5670run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5671 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5672 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5673 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5674 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5675 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5676 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5677 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5678 -c "NamedGroup: x448 ( 1e )" \
5679 -c "Verifying peer X.509 certificate... ok" \
5680 -C "received HelloRetryRequest message"
5681
5682requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5683requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5684requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5685requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5686requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5687run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5688 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5689 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5690 0 \
5691 -c "HTTP/1.0 200 ok" \
5692 -c "Protocol is TLSv1.3" \
5693 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5694 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5695 -c "NamedGroup: x448 ( 1e )" \
5696 -c "Verifying peer X.509 certificate... ok" \
5697 -C "received HelloRetryRequest message"
5698
5699requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5700requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5701requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5702requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5703requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5704run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5705 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5706 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5707 0 \
5708 -c "HTTP/1.0 200 ok" \
5709 -c "Protocol is TLSv1.3" \
5710 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5711 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5712 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5713 -c "Verifying peer X.509 certificate... ok" \
5714 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5715
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5716requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5717requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5718requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5719requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5720requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5721requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5722run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5723 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5724 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5725 0 \
5726 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5727 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5728 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5729 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5730 -c "NamedGroup: x448 ( 1e )" \
5731 -c "Verifying peer X.509 certificate... ok" \
5732 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5733
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5734requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5735requires_openssl_3_x
5736requires_config_enabled MBEDTLS_SSL_CLI_C
5737requires_config_enabled MBEDTLS_DEBUG_C
5738requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5739requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5740run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
5741 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5742 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
5743 0 \
5744 -c "HTTP/1.0 200 ok" \
5745 -c "Protocol is TLSv1.3" \
5746 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5747 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5748 -c "NamedGroup: ffdhe2048 ( 100 )" \
5749 -c "Verifying peer X.509 certificate... ok" \
5750 -C "received HelloRetryRequest message"
5751
5752requires_openssl_tls1_3
5753requires_openssl_3_x
5754requires_config_enabled MBEDTLS_SSL_CLI_C
5755requires_config_enabled MBEDTLS_DEBUG_C
5756requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5757requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5758run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
5759 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5760 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
5761 0 \
5762 -c "HTTP/1.0 200 ok" \
5763 -c "Protocol is TLSv1.3" \
5764 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5765 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5766 -c "NamedGroup: ffdhe2048 ( 100 )" \
5767 -c "Verifying peer X.509 certificate... ok" \
5768 -C "received HelloRetryRequest message"
5769
5770requires_openssl_tls1_3
5771requires_openssl_3_x
5772requires_config_enabled MBEDTLS_SSL_CLI_C
5773requires_config_enabled MBEDTLS_DEBUG_C
5774requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5775requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5776run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
5777 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5778 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
5779 0 \
5780 -c "HTTP/1.0 200 ok" \
5781 -c "Protocol is TLSv1.3" \
5782 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5783 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5784 -c "NamedGroup: ffdhe2048 ( 100 )" \
5785 -c "Verifying peer X.509 certificate... ok" \
5786 -C "received HelloRetryRequest message"
5787
5788requires_openssl_tls1_3
5789requires_openssl_3_x
5790requires_config_enabled MBEDTLS_SSL_CLI_C
5791requires_config_enabled MBEDTLS_DEBUG_C
5792requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5793requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5794requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5795run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
5796 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5797 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
5798 0 \
5799 -c "HTTP/1.0 200 ok" \
5800 -c "Protocol is TLSv1.3" \
5801 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5802 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5803 -c "NamedGroup: ffdhe2048 ( 100 )" \
5804 -c "Verifying peer X.509 certificate... ok" \
5805 -C "received HelloRetryRequest message"
5806
5807requires_openssl_tls1_3
5808requires_openssl_3_x
5809requires_config_enabled MBEDTLS_SSL_CLI_C
5810requires_config_enabled MBEDTLS_DEBUG_C
5811requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5812requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5813run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
5814 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5815 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
5816 0 \
5817 -c "HTTP/1.0 200 ok" \
5818 -c "Protocol is TLSv1.3" \
5819 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5820 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5821 -c "NamedGroup: ffdhe8192 ( 104 )" \
5822 -c "Verifying peer X.509 certificate... ok" \
5823 -C "received HelloRetryRequest message"
5824
5825requires_openssl_tls1_3
5826requires_openssl_3_x
5827requires_config_enabled MBEDTLS_SSL_CLI_C
5828requires_config_enabled MBEDTLS_DEBUG_C
5829requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5830requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5831run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
5832 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5833 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
5834 0 \
5835 -c "HTTP/1.0 200 ok" \
5836 -c "Protocol is TLSv1.3" \
5837 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5838 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5839 -c "NamedGroup: ffdhe8192 ( 104 )" \
5840 -c "Verifying peer X.509 certificate... ok" \
5841 -C "received HelloRetryRequest message"
5842
5843requires_openssl_tls1_3
5844requires_openssl_3_x
5845requires_config_enabled MBEDTLS_SSL_CLI_C
5846requires_config_enabled MBEDTLS_DEBUG_C
5847requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5848requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5849run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
5850 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5851 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
5852 0 \
5853 -c "HTTP/1.0 200 ok" \
5854 -c "Protocol is TLSv1.3" \
5855 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5856 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5857 -c "NamedGroup: ffdhe8192 ( 104 )" \
5858 -c "Verifying peer X.509 certificate... ok" \
5859 -C "received HelloRetryRequest message"
5860
5861requires_openssl_tls1_3
5862requires_openssl_3_x
5863requires_config_enabled MBEDTLS_SSL_CLI_C
5864requires_config_enabled MBEDTLS_DEBUG_C
5865requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5866requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5867requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5868run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
5869 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5870 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
5871 0 \
5872 -c "HTTP/1.0 200 ok" \
5873 -c "Protocol is TLSv1.3" \
5874 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5875 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5876 -c "NamedGroup: ffdhe8192 ( 104 )" \
5877 -c "Verifying peer X.509 certificate... ok" \
5878 -C "received HelloRetryRequest message"
5879
5880requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5881requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5882requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5883requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5884requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5885run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5886 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5887 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5888 0 \
5889 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5890 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5891 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5892 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5893 -c "NamedGroup: secp256r1 ( 17 )" \
5894 -c "Verifying peer X.509 certificate... ok" \
5895 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5896
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5897requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5898requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5899requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5900requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5901requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5902run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5903 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5904 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5905 0 \
5906 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5907 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5908 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5909 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5910 -c "NamedGroup: secp256r1 ( 17 )" \
5911 -c "Verifying peer X.509 certificate... ok" \
5912 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5913
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5914requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5915requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5916requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5917requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5918requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5919run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5920 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5921 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5922 0 \
5923 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5924 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5925 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5926 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5927 -c "NamedGroup: secp256r1 ( 17 )" \
5928 -c "Verifying peer X.509 certificate... ok" \
5929 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5930
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5931requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5932requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5933requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5934requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5935requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5936requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5937run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5938 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5939 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5940 0 \
5941 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5942 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5943 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5944 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5945 -c "NamedGroup: secp256r1 ( 17 )" \
5946 -c "Verifying peer X.509 certificate... ok" \
5947 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5948
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5949requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5950requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5951requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5952requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5953requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5954run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5955 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5956 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5957 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5958 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5959 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5960 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5961 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5962 -c "NamedGroup: secp384r1 ( 18 )" \
5963 -c "Verifying peer X.509 certificate... ok" \
5964 -C "received HelloRetryRequest message"
5965
5966requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5967requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5968requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5969requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5970requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5971run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5972 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5973 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5974 0 \
5975 -c "HTTP/1.0 200 ok" \
5976 -c "Protocol is TLSv1.3" \
5977 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5978 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5979 -c "NamedGroup: secp384r1 ( 18 )" \
5980 -c "Verifying peer X.509 certificate... ok" \
5981 -C "received HelloRetryRequest message"
5982
5983requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5984requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5985requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5986requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5987requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5988run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5989 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5990 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5991 0 \
5992 -c "HTTP/1.0 200 ok" \
5993 -c "Protocol is TLSv1.3" \
5994 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5995 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5996 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5997 -c "Verifying peer X.509 certificate... ok" \
5998 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5999
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6000requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6001requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6002requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6003requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6004requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6005requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6006run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6007 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6008 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6009 0 \
6010 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6011 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6012 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6013 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6014 -c "NamedGroup: secp384r1 ( 18 )" \
6015 -c "Verifying peer X.509 certificate... ok" \
6016 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6017
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6018requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6019requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6020requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6021requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6022requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6023run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6024 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6025 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6026 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6027 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6028 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6029 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6030 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6031 -c "NamedGroup: secp521r1 ( 19 )" \
6032 -c "Verifying peer X.509 certificate... ok" \
6033 -C "received HelloRetryRequest message"
6034
6035requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6036requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6037requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6038requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6039requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6040run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6041 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6042 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6043 0 \
6044 -c "HTTP/1.0 200 ok" \
6045 -c "Protocol is TLSv1.3" \
6046 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6047 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6048 -c "NamedGroup: secp521r1 ( 19 )" \
6049 -c "Verifying peer X.509 certificate... ok" \
6050 -C "received HelloRetryRequest message"
6051
6052requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6053requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6054requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6055requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6056requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6057run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6058 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6059 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6060 0 \
6061 -c "HTTP/1.0 200 ok" \
6062 -c "Protocol is TLSv1.3" \
6063 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6064 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6065 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6066 -c "Verifying peer X.509 certificate... ok" \
6067 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6068
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6069requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6070requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6071requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6072requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6073requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6074requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6075run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6076 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6077 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6078 0 \
6079 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6080 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6081 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6082 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6083 -c "NamedGroup: secp521r1 ( 19 )" \
6084 -c "Verifying peer X.509 certificate... ok" \
6085 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6086
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6087requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6088requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6089requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6090requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6091requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6092run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6093 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6094 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6095 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6096 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6097 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6098 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6099 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6100 -c "NamedGroup: x25519 ( 1d )" \
6101 -c "Verifying peer X.509 certificate... ok" \
6102 -C "received HelloRetryRequest message"
6103
6104requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6105requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6106requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6107requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6108requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6109run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6110 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6111 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6112 0 \
6113 -c "HTTP/1.0 200 ok" \
6114 -c "Protocol is TLSv1.3" \
6115 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6116 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6117 -c "NamedGroup: x25519 ( 1d )" \
6118 -c "Verifying peer X.509 certificate... ok" \
6119 -C "received HelloRetryRequest message"
6120
6121requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6122requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6123requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6124requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6125requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6126run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6127 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6128 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6129 0 \
6130 -c "HTTP/1.0 200 ok" \
6131 -c "Protocol is TLSv1.3" \
6132 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6133 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6134 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6135 -c "Verifying peer X.509 certificate... ok" \
6136 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6137
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6138requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6139requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6140requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6141requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6142requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6143requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6144run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6145 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6146 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6147 0 \
6148 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6149 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6150 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6151 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6152 -c "NamedGroup: x25519 ( 1d )" \
6153 -c "Verifying peer X.509 certificate... ok" \
6154 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6155
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6156requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6157requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6158requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6159requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6160requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6161run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6162 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6163 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6164 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6165 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6166 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6167 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6168 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6169 -c "NamedGroup: x448 ( 1e )" \
6170 -c "Verifying peer X.509 certificate... ok" \
6171 -C "received HelloRetryRequest message"
6172
6173requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6174requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6175requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6176requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6177requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6178run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6179 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6180 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6181 0 \
6182 -c "HTTP/1.0 200 ok" \
6183 -c "Protocol is TLSv1.3" \
6184 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6185 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6186 -c "NamedGroup: x448 ( 1e )" \
6187 -c "Verifying peer X.509 certificate... ok" \
6188 -C "received HelloRetryRequest message"
6189
6190requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6191requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6192requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6193requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6194requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6195run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6196 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6197 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6198 0 \
6199 -c "HTTP/1.0 200 ok" \
6200 -c "Protocol is TLSv1.3" \
6201 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6202 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6203 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6204 -c "Verifying peer X.509 certificate... ok" \
6205 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6206
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6207requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6208requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6209requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6210requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6211requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6212requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6213run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6214 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6215 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6216 0 \
6217 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6218 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6219 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6220 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6221 -c "NamedGroup: x448 ( 1e )" \
6222 -c "Verifying peer X.509 certificate... ok" \
6223 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6224
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6225requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6226requires_openssl_3_x
6227requires_config_enabled MBEDTLS_SSL_CLI_C
6228requires_config_enabled MBEDTLS_DEBUG_C
6229requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6230requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6231run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
6232 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6233 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
6234 0 \
6235 -c "HTTP/1.0 200 ok" \
6236 -c "Protocol is TLSv1.3" \
6237 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6238 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6239 -c "NamedGroup: ffdhe2048 ( 100 )" \
6240 -c "Verifying peer X.509 certificate... ok" \
6241 -C "received HelloRetryRequest message"
6242
6243requires_openssl_tls1_3
6244requires_openssl_3_x
6245requires_config_enabled MBEDTLS_SSL_CLI_C
6246requires_config_enabled MBEDTLS_DEBUG_C
6247requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6248requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6249run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
6250 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6251 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
6252 0 \
6253 -c "HTTP/1.0 200 ok" \
6254 -c "Protocol is TLSv1.3" \
6255 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6256 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6257 -c "NamedGroup: ffdhe2048 ( 100 )" \
6258 -c "Verifying peer X.509 certificate... ok" \
6259 -C "received HelloRetryRequest message"
6260
6261requires_openssl_tls1_3
6262requires_openssl_3_x
6263requires_config_enabled MBEDTLS_SSL_CLI_C
6264requires_config_enabled MBEDTLS_DEBUG_C
6265requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6266requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6267run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
6268 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6269 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
6270 0 \
6271 -c "HTTP/1.0 200 ok" \
6272 -c "Protocol is TLSv1.3" \
6273 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6274 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6275 -c "NamedGroup: ffdhe2048 ( 100 )" \
6276 -c "Verifying peer X.509 certificate... ok" \
6277 -C "received HelloRetryRequest message"
6278
6279requires_openssl_tls1_3
6280requires_openssl_3_x
6281requires_config_enabled MBEDTLS_SSL_CLI_C
6282requires_config_enabled MBEDTLS_DEBUG_C
6283requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6284requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6285requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6286run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
6287 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6288 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
6289 0 \
6290 -c "HTTP/1.0 200 ok" \
6291 -c "Protocol is TLSv1.3" \
6292 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6293 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6294 -c "NamedGroup: ffdhe2048 ( 100 )" \
6295 -c "Verifying peer X.509 certificate... ok" \
6296 -C "received HelloRetryRequest message"
6297
6298requires_openssl_tls1_3
6299requires_openssl_3_x
6300requires_config_enabled MBEDTLS_SSL_CLI_C
6301requires_config_enabled MBEDTLS_DEBUG_C
6302requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6303requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6304run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
6305 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6306 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
6307 0 \
6308 -c "HTTP/1.0 200 ok" \
6309 -c "Protocol is TLSv1.3" \
6310 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6311 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6312 -c "NamedGroup: ffdhe8192 ( 104 )" \
6313 -c "Verifying peer X.509 certificate... ok" \
6314 -C "received HelloRetryRequest message"
6315
6316requires_openssl_tls1_3
6317requires_openssl_3_x
6318requires_config_enabled MBEDTLS_SSL_CLI_C
6319requires_config_enabled MBEDTLS_DEBUG_C
6320requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6321requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6322run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
6323 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6324 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
6325 0 \
6326 -c "HTTP/1.0 200 ok" \
6327 -c "Protocol is TLSv1.3" \
6328 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6329 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6330 -c "NamedGroup: ffdhe8192 ( 104 )" \
6331 -c "Verifying peer X.509 certificate... ok" \
6332 -C "received HelloRetryRequest message"
6333
6334requires_openssl_tls1_3
6335requires_openssl_3_x
6336requires_config_enabled MBEDTLS_SSL_CLI_C
6337requires_config_enabled MBEDTLS_DEBUG_C
6338requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6339requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6340run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
6341 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6342 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
6343 0 \
6344 -c "HTTP/1.0 200 ok" \
6345 -c "Protocol is TLSv1.3" \
6346 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6347 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6348 -c "NamedGroup: ffdhe8192 ( 104 )" \
6349 -c "Verifying peer X.509 certificate... ok" \
6350 -C "received HelloRetryRequest message"
6351
6352requires_openssl_tls1_3
6353requires_openssl_3_x
6354requires_config_enabled MBEDTLS_SSL_CLI_C
6355requires_config_enabled MBEDTLS_DEBUG_C
6356requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6357requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6358requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6359run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
6360 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6361 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
6362 0 \
6363 -c "HTTP/1.0 200 ok" \
6364 -c "Protocol is TLSv1.3" \
6365 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6366 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6367 -c "NamedGroup: ffdhe8192 ( 104 )" \
6368 -c "Verifying peer X.509 certificate... ok" \
6369 -C "received HelloRetryRequest message"
6370
6371requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6372requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6373requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6374requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6375requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6376run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6377 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6378 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6379 0 \
6380 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6381 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6382 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6383 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6384 -c "NamedGroup: secp256r1 ( 17 )" \
6385 -c "Verifying peer X.509 certificate... ok" \
6386 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6387
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6388requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6389requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6390requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6391requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6392requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6393run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6394 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6395 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6396 0 \
6397 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6398 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6399 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6400 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6401 -c "NamedGroup: secp256r1 ( 17 )" \
6402 -c "Verifying peer X.509 certificate... ok" \
6403 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6404
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6405requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6406requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6407requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6408requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6409requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6410run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6411 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6412 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6413 0 \
6414 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6415 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6416 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6417 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6418 -c "NamedGroup: secp256r1 ( 17 )" \
6419 -c "Verifying peer X.509 certificate... ok" \
6420 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6421
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6422requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6423requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6424requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6425requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6426requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6427requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6428run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6429 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6430 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6431 0 \
6432 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6433 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6434 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6435 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6436 -c "NamedGroup: secp256r1 ( 17 )" \
6437 -c "Verifying peer X.509 certificate... ok" \
6438 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6439
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6440requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6441requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6442requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6443requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6444requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6445run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6446 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6447 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6448 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6449 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6450 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6451 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6452 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6453 -c "NamedGroup: secp384r1 ( 18 )" \
6454 -c "Verifying peer X.509 certificate... ok" \
6455 -C "received HelloRetryRequest message"
6456
6457requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6458requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6459requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6460requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6461requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6462run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6463 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6464 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6465 0 \
6466 -c "HTTP/1.0 200 ok" \
6467 -c "Protocol is TLSv1.3" \
6468 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6469 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6470 -c "NamedGroup: secp384r1 ( 18 )" \
6471 -c "Verifying peer X.509 certificate... ok" \
6472 -C "received HelloRetryRequest message"
6473
6474requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6475requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6476requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6477requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6478requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6479run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6480 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6481 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6482 0 \
6483 -c "HTTP/1.0 200 ok" \
6484 -c "Protocol is TLSv1.3" \
6485 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6486 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6487 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6488 -c "Verifying peer X.509 certificate... ok" \
6489 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6490
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6491requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6492requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6493requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6494requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6495requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6496requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6497run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6498 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6499 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6500 0 \
6501 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6502 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6503 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6504 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6505 -c "NamedGroup: secp384r1 ( 18 )" \
6506 -c "Verifying peer X.509 certificate... ok" \
6507 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6508
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6509requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6510requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6511requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6512requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6513requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6514run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6515 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6516 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6517 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6518 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6519 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6520 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6521 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6522 -c "NamedGroup: secp521r1 ( 19 )" \
6523 -c "Verifying peer X.509 certificate... ok" \
6524 -C "received HelloRetryRequest message"
6525
6526requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6527requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6528requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6529requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6530requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6531run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6532 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6533 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6534 0 \
6535 -c "HTTP/1.0 200 ok" \
6536 -c "Protocol is TLSv1.3" \
6537 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6538 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6539 -c "NamedGroup: secp521r1 ( 19 )" \
6540 -c "Verifying peer X.509 certificate... ok" \
6541 -C "received HelloRetryRequest message"
6542
6543requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6544requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6545requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6546requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6547requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6548run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6549 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6550 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6551 0 \
6552 -c "HTTP/1.0 200 ok" \
6553 -c "Protocol is TLSv1.3" \
6554 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6555 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6556 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6557 -c "Verifying peer X.509 certificate... ok" \
6558 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6559
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6560requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6561requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6562requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6563requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6564requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6565requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6566run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6567 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6568 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6569 0 \
6570 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6571 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6572 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6573 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6574 -c "NamedGroup: secp521r1 ( 19 )" \
6575 -c "Verifying peer X.509 certificate... ok" \
6576 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6577
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6578requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6579requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6580requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6581requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6582requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6583run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6584 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6585 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6586 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6587 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6588 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6589 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6590 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6591 -c "NamedGroup: x25519 ( 1d )" \
6592 -c "Verifying peer X.509 certificate... ok" \
6593 -C "received HelloRetryRequest message"
6594
6595requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6596requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6597requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6598requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6599requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6600run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6601 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6602 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6603 0 \
6604 -c "HTTP/1.0 200 ok" \
6605 -c "Protocol is TLSv1.3" \
6606 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6607 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6608 -c "NamedGroup: x25519 ( 1d )" \
6609 -c "Verifying peer X.509 certificate... ok" \
6610 -C "received HelloRetryRequest message"
6611
6612requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6613requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6614requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6615requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6616requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6617run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6618 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6619 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6620 0 \
6621 -c "HTTP/1.0 200 ok" \
6622 -c "Protocol is TLSv1.3" \
6623 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6624 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6625 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6626 -c "Verifying peer X.509 certificate... ok" \
6627 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6628
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6629requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6630requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6631requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6632requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6633requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6634requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6635run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6636 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6637 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6638 0 \
6639 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6640 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6641 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6642 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6643 -c "NamedGroup: x25519 ( 1d )" \
6644 -c "Verifying peer X.509 certificate... ok" \
6645 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6646
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6647requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6648requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6649requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6650requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6651requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6652run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6653 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6654 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6655 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6656 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6657 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6658 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6659 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6660 -c "NamedGroup: x448 ( 1e )" \
6661 -c "Verifying peer X.509 certificate... ok" \
6662 -C "received HelloRetryRequest message"
6663
6664requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6665requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6666requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6667requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6668requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6669run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6670 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6671 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6672 0 \
6673 -c "HTTP/1.0 200 ok" \
6674 -c "Protocol is TLSv1.3" \
6675 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6676 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6677 -c "NamedGroup: x448 ( 1e )" \
6678 -c "Verifying peer X.509 certificate... ok" \
6679 -C "received HelloRetryRequest message"
6680
6681requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6682requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6683requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6684requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6685requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6686run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6687 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6688 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6689 0 \
6690 -c "HTTP/1.0 200 ok" \
6691 -c "Protocol is TLSv1.3" \
6692 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6693 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6694 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6695 -c "Verifying peer X.509 certificate... ok" \
6696 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6697
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6698requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6699requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6700requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6701requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6702requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6703requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6704run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6705 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6706 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6707 0 \
6708 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6709 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6710 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6711 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6712 -c "NamedGroup: x448 ( 1e )" \
6713 -c "Verifying peer X.509 certificate... ok" \
6714 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6715
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6716requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6717requires_openssl_3_x
6718requires_config_enabled MBEDTLS_SSL_CLI_C
6719requires_config_enabled MBEDTLS_DEBUG_C
6720requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6721requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6722run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
6723 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6724 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
6725 0 \
6726 -c "HTTP/1.0 200 ok" \
6727 -c "Protocol is TLSv1.3" \
6728 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6729 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6730 -c "NamedGroup: ffdhe2048 ( 100 )" \
6731 -c "Verifying peer X.509 certificate... ok" \
6732 -C "received HelloRetryRequest message"
6733
6734requires_openssl_tls1_3
6735requires_openssl_3_x
6736requires_config_enabled MBEDTLS_SSL_CLI_C
6737requires_config_enabled MBEDTLS_DEBUG_C
6738requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6739requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6740run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
6741 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6742 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
6743 0 \
6744 -c "HTTP/1.0 200 ok" \
6745 -c "Protocol is TLSv1.3" \
6746 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6747 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6748 -c "NamedGroup: ffdhe2048 ( 100 )" \
6749 -c "Verifying peer X.509 certificate... ok" \
6750 -C "received HelloRetryRequest message"
6751
6752requires_openssl_tls1_3
6753requires_openssl_3_x
6754requires_config_enabled MBEDTLS_SSL_CLI_C
6755requires_config_enabled MBEDTLS_DEBUG_C
6756requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6757requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6758run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
6759 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6760 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
6761 0 \
6762 -c "HTTP/1.0 200 ok" \
6763 -c "Protocol is TLSv1.3" \
6764 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6765 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6766 -c "NamedGroup: ffdhe2048 ( 100 )" \
6767 -c "Verifying peer X.509 certificate... ok" \
6768 -C "received HelloRetryRequest message"
6769
6770requires_openssl_tls1_3
6771requires_openssl_3_x
6772requires_config_enabled MBEDTLS_SSL_CLI_C
6773requires_config_enabled MBEDTLS_DEBUG_C
6774requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6775requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6776requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6777run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
6778 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6779 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
6780 0 \
6781 -c "HTTP/1.0 200 ok" \
6782 -c "Protocol is TLSv1.3" \
6783 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6784 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6785 -c "NamedGroup: ffdhe2048 ( 100 )" \
6786 -c "Verifying peer X.509 certificate... ok" \
6787 -C "received HelloRetryRequest message"
6788
6789requires_openssl_tls1_3
6790requires_openssl_3_x
6791requires_config_enabled MBEDTLS_SSL_CLI_C
6792requires_config_enabled MBEDTLS_DEBUG_C
6793requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6794requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6795run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
6796 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6797 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
6798 0 \
6799 -c "HTTP/1.0 200 ok" \
6800 -c "Protocol is TLSv1.3" \
6801 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6802 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6803 -c "NamedGroup: ffdhe8192 ( 104 )" \
6804 -c "Verifying peer X.509 certificate... ok" \
6805 -C "received HelloRetryRequest message"
6806
6807requires_openssl_tls1_3
6808requires_openssl_3_x
6809requires_config_enabled MBEDTLS_SSL_CLI_C
6810requires_config_enabled MBEDTLS_DEBUG_C
6811requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6812requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6813run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
6814 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6815 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
6816 0 \
6817 -c "HTTP/1.0 200 ok" \
6818 -c "Protocol is TLSv1.3" \
6819 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6820 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6821 -c "NamedGroup: ffdhe8192 ( 104 )" \
6822 -c "Verifying peer X.509 certificate... ok" \
6823 -C "received HelloRetryRequest message"
6824
6825requires_openssl_tls1_3
6826requires_openssl_3_x
6827requires_config_enabled MBEDTLS_SSL_CLI_C
6828requires_config_enabled MBEDTLS_DEBUG_C
6829requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6830requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6831run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
6832 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6833 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
6834 0 \
6835 -c "HTTP/1.0 200 ok" \
6836 -c "Protocol is TLSv1.3" \
6837 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6838 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6839 -c "NamedGroup: ffdhe8192 ( 104 )" \
6840 -c "Verifying peer X.509 certificate... ok" \
6841 -C "received HelloRetryRequest message"
6842
6843requires_openssl_tls1_3
6844requires_openssl_3_x
6845requires_config_enabled MBEDTLS_SSL_CLI_C
6846requires_config_enabled MBEDTLS_DEBUG_C
6847requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6848requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6849requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6850run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
6851 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6852 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
6853 0 \
6854 -c "HTTP/1.0 200 ok" \
6855 -c "Protocol is TLSv1.3" \
6856 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6857 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6858 -c "NamedGroup: ffdhe8192 ( 104 )" \
6859 -c "Verifying peer X.509 certificate... ok" \
6860 -C "received HelloRetryRequest message"
6861
6862requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6863requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6864requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6865requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6866requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6867run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6868 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6869 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6870 0 \
6871 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6872 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6873 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6874 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6875 -c "NamedGroup: secp256r1 ( 17 )" \
6876 -c "Verifying peer X.509 certificate... ok" \
6877 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6878
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6879requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6880requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6881requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6882requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6883requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6884run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6885 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6886 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6887 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6888 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6889 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6890 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6891 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6892 -c "NamedGroup: secp256r1 ( 17 )" \
6893 -c "Verifying peer X.509 certificate... ok" \
6894 -C "received HelloRetryRequest message"
6895
6896requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6897requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6898requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6899requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6900requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6901run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6902 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6903 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6904 0 \
6905 -c "HTTP/1.0 200 ok" \
6906 -c "Protocol is TLSv1.3" \
6907 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6908 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6909 -c "NamedGroup: secp256r1 ( 17 )" \
6910 -c "Verifying peer X.509 certificate... ok" \
6911 -C "received HelloRetryRequest message"
6912
6913requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6914requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6915requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6916requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6917requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6918requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6919run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6920 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6921 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6922 0 \
6923 -c "HTTP/1.0 200 ok" \
6924 -c "Protocol is TLSv1.3" \
6925 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6926 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6927 -c "NamedGroup: secp256r1 ( 17 )" \
6928 -c "Verifying peer X.509 certificate... ok" \
6929 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6930
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6931requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6932requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6933requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6934requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6935requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6936run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6937 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6938 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6939 0 \
6940 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6941 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6942 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6943 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6944 -c "NamedGroup: secp384r1 ( 18 )" \
6945 -c "Verifying peer X.509 certificate... ok" \
6946 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6947
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6948requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6949requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6950requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6951requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6952requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6953run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6954 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6955 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6956 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6957 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6958 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6959 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6960 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6961 -c "NamedGroup: secp384r1 ( 18 )" \
6962 -c "Verifying peer X.509 certificate... ok" \
6963 -C "received HelloRetryRequest message"
6964
6965requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6966requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6967requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6968requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6969requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6970run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6971 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6972 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6973 0 \
6974 -c "HTTP/1.0 200 ok" \
6975 -c "Protocol is TLSv1.3" \
6976 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6977 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6978 -c "NamedGroup: secp384r1 ( 18 )" \
6979 -c "Verifying peer X.509 certificate... ok" \
6980 -C "received HelloRetryRequest message"
6981
6982requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6983requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6984requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6985requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6986requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6987requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6988run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6989 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6990 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6991 0 \
6992 -c "HTTP/1.0 200 ok" \
6993 -c "Protocol is TLSv1.3" \
6994 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6995 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6996 -c "NamedGroup: secp384r1 ( 18 )" \
6997 -c "Verifying peer X.509 certificate... ok" \
6998 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6999
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7000requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7001requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7002requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7003requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7004requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7005run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7006 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7007 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7008 0 \
7009 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7010 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7011 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7012 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7013 -c "NamedGroup: secp521r1 ( 19 )" \
7014 -c "Verifying peer X.509 certificate... ok" \
7015 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7016
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7017requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7018requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7019requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7020requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7021requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7022run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7023 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7024 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7025 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7026 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7027 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7028 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7029 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7030 -c "NamedGroup: secp521r1 ( 19 )" \
7031 -c "Verifying peer X.509 certificate... ok" \
7032 -C "received HelloRetryRequest message"
7033
7034requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7035requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7036requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7037requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7038requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7039run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7040 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7041 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7042 0 \
7043 -c "HTTP/1.0 200 ok" \
7044 -c "Protocol is TLSv1.3" \
7045 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7046 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7047 -c "NamedGroup: secp521r1 ( 19 )" \
7048 -c "Verifying peer X.509 certificate... ok" \
7049 -C "received HelloRetryRequest message"
7050
7051requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7052requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7053requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7054requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7055requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7056requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7057run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7058 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7059 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7060 0 \
7061 -c "HTTP/1.0 200 ok" \
7062 -c "Protocol is TLSv1.3" \
7063 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7064 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7065 -c "NamedGroup: secp521r1 ( 19 )" \
7066 -c "Verifying peer X.509 certificate... ok" \
7067 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7068
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7069requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7070requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7071requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7072requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7073requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7074run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7075 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7076 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7077 0 \
7078 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7079 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7080 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7081 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7082 -c "NamedGroup: x25519 ( 1d )" \
7083 -c "Verifying peer X.509 certificate... ok" \
7084 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7085
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7086requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7087requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7088requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7089requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7090requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7091run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7092 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7093 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7094 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7095 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7096 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7097 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7098 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7099 -c "NamedGroup: x25519 ( 1d )" \
7100 -c "Verifying peer X.509 certificate... ok" \
7101 -C "received HelloRetryRequest message"
7102
7103requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7104requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7105requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7106requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7107requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7108run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7109 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7110 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7111 0 \
7112 -c "HTTP/1.0 200 ok" \
7113 -c "Protocol is TLSv1.3" \
7114 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7115 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7116 -c "NamedGroup: x25519 ( 1d )" \
7117 -c "Verifying peer X.509 certificate... ok" \
7118 -C "received HelloRetryRequest message"
7119
7120requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7121requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7122requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7123requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7124requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7125requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7126run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7127 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7128 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7129 0 \
7130 -c "HTTP/1.0 200 ok" \
7131 -c "Protocol is TLSv1.3" \
7132 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7133 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7134 -c "NamedGroup: x25519 ( 1d )" \
7135 -c "Verifying peer X.509 certificate... ok" \
7136 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7137
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7138requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7139requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7140requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7141requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7142requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7143run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7144 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7145 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7146 0 \
7147 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7148 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7149 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7150 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7151 -c "NamedGroup: x448 ( 1e )" \
7152 -c "Verifying peer X.509 certificate... ok" \
7153 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7154
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7155requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7156requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7157requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7158requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7159requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7160run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7161 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7162 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7163 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7164 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7165 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7166 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7167 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7168 -c "NamedGroup: x448 ( 1e )" \
7169 -c "Verifying peer X.509 certificate... ok" \
7170 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7171
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7172requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7173requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7174requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7175requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7176requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7177run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7178 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7179 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7180 0 \
7181 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7182 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7183 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7184 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7185 -c "NamedGroup: x448 ( 1e )" \
7186 -c "Verifying peer X.509 certificate... ok" \
7187 -C "received HelloRetryRequest message"
7188
7189requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7190requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7191requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7192requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7193requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7194requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7195run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7196 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7197 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7198 0 \
7199 -c "HTTP/1.0 200 ok" \
7200 -c "Protocol is TLSv1.3" \
7201 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7202 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7203 -c "NamedGroup: x448 ( 1e )" \
7204 -c "Verifying peer X.509 certificate... ok" \
7205 -C "received HelloRetryRequest message"
7206
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7207requires_openssl_tls1_3
7208requires_openssl_3_x
7209requires_config_enabled MBEDTLS_SSL_CLI_C
7210requires_config_enabled MBEDTLS_DEBUG_C
7211requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7212requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7213run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
7214 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7215 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
7216 0 \
7217 -c "HTTP/1.0 200 ok" \
7218 -c "Protocol is TLSv1.3" \
7219 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7220 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7221 -c "NamedGroup: ffdhe2048 ( 100 )" \
7222 -c "Verifying peer X.509 certificate... ok" \
7223 -C "received HelloRetryRequest message"
7224
7225requires_openssl_tls1_3
7226requires_openssl_3_x
7227requires_config_enabled MBEDTLS_SSL_CLI_C
7228requires_config_enabled MBEDTLS_DEBUG_C
7229requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7230requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7231run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
7232 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7233 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
7234 0 \
7235 -c "HTTP/1.0 200 ok" \
7236 -c "Protocol is TLSv1.3" \
7237 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7238 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7239 -c "NamedGroup: ffdhe2048 ( 100 )" \
7240 -c "Verifying peer X.509 certificate... ok" \
7241 -C "received HelloRetryRequest message"
7242
7243requires_openssl_tls1_3
7244requires_openssl_3_x
7245requires_config_enabled MBEDTLS_SSL_CLI_C
7246requires_config_enabled MBEDTLS_DEBUG_C
7247requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7248requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7249run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
7250 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7251 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
7252 0 \
7253 -c "HTTP/1.0 200 ok" \
7254 -c "Protocol is TLSv1.3" \
7255 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7256 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7257 -c "NamedGroup: ffdhe2048 ( 100 )" \
7258 -c "Verifying peer X.509 certificate... ok" \
7259 -C "received HelloRetryRequest message"
7260
7261requires_openssl_tls1_3
7262requires_openssl_3_x
7263requires_config_enabled MBEDTLS_SSL_CLI_C
7264requires_config_enabled MBEDTLS_DEBUG_C
7265requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7266requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7267requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7268run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
7269 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7270 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
7271 0 \
7272 -c "HTTP/1.0 200 ok" \
7273 -c "Protocol is TLSv1.3" \
7274 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7275 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7276 -c "NamedGroup: ffdhe2048 ( 100 )" \
7277 -c "Verifying peer X.509 certificate... ok" \
7278 -C "received HelloRetryRequest message"
7279
7280requires_openssl_tls1_3
7281requires_openssl_3_x
7282requires_config_enabled MBEDTLS_SSL_CLI_C
7283requires_config_enabled MBEDTLS_DEBUG_C
7284requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7285requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7286run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
7287 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7288 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
7289 0 \
7290 -c "HTTP/1.0 200 ok" \
7291 -c "Protocol is TLSv1.3" \
7292 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7293 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7294 -c "NamedGroup: ffdhe8192 ( 104 )" \
7295 -c "Verifying peer X.509 certificate... ok" \
7296 -C "received HelloRetryRequest message"
7297
7298requires_openssl_tls1_3
7299requires_openssl_3_x
7300requires_config_enabled MBEDTLS_SSL_CLI_C
7301requires_config_enabled MBEDTLS_DEBUG_C
7302requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7303requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7304run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
7305 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7306 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
7307 0 \
7308 -c "HTTP/1.0 200 ok" \
7309 -c "Protocol is TLSv1.3" \
7310 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7311 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7312 -c "NamedGroup: ffdhe8192 ( 104 )" \
7313 -c "Verifying peer X.509 certificate... ok" \
7314 -C "received HelloRetryRequest message"
7315
7316requires_openssl_tls1_3
7317requires_openssl_3_x
7318requires_config_enabled MBEDTLS_SSL_CLI_C
7319requires_config_enabled MBEDTLS_DEBUG_C
7320requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7321requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7322run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
7323 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7324 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
7325 0 \
7326 -c "HTTP/1.0 200 ok" \
7327 -c "Protocol is TLSv1.3" \
7328 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7329 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7330 -c "NamedGroup: ffdhe8192 ( 104 )" \
7331 -c "Verifying peer X.509 certificate... ok" \
7332 -C "received HelloRetryRequest message"
7333
7334requires_openssl_tls1_3
7335requires_openssl_3_x
7336requires_config_enabled MBEDTLS_SSL_CLI_C
7337requires_config_enabled MBEDTLS_DEBUG_C
7338requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7339requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7340requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7341run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
7342 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7343 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
7344 0 \
7345 -c "HTTP/1.0 200 ok" \
7346 -c "Protocol is TLSv1.3" \
7347 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7348 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7349 -c "NamedGroup: ffdhe8192 ( 104 )" \
7350 -c "Verifying peer X.509 certificate... ok" \
7351 -C "received HelloRetryRequest message"
7352
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7353requires_gnutls_tls1_3
7354requires_gnutls_next_no_ticket
7355requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7356requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7357requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7358requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7359requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7360run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7361 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7362 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7363 0 \
7364 -c "HTTP/1.0 200 OK" \
7365 -c "Protocol is TLSv1.3" \
7366 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7367 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7368 -c "NamedGroup: secp256r1 ( 17 )" \
7369 -c "Verifying peer X.509 certificate... ok" \
7370 -C "received HelloRetryRequest message"
7371
7372requires_gnutls_tls1_3
7373requires_gnutls_next_no_ticket
7374requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7375requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7376requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7377requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7378requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7379run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7380 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7381 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7382 0 \
7383 -c "HTTP/1.0 200 OK" \
7384 -c "Protocol is TLSv1.3" \
7385 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7386 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7387 -c "NamedGroup: secp256r1 ( 17 )" \
7388 -c "Verifying peer X.509 certificate... ok" \
7389 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7390
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7391requires_gnutls_tls1_3
7392requires_gnutls_next_no_ticket
7393requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7394requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7395requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7396requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7397requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7398run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7399 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7400 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7401 0 \
7402 -c "HTTP/1.0 200 OK" \
7403 -c "Protocol is TLSv1.3" \
7404 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7405 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7406 -c "NamedGroup: secp256r1 ( 17 )" \
7407 -c "Verifying peer X.509 certificate... ok" \
7408 -C "received HelloRetryRequest message"
7409
7410requires_gnutls_tls1_3
7411requires_gnutls_next_no_ticket
7412requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7413requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7414requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7415requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7416requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7417requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7418run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7419 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7420 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7421 0 \
7422 -c "HTTP/1.0 200 OK" \
7423 -c "Protocol is TLSv1.3" \
7424 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7425 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7426 -c "NamedGroup: secp256r1 ( 17 )" \
7427 -c "Verifying peer X.509 certificate... ok" \
7428 -C "received HelloRetryRequest message"
7429
7430requires_gnutls_tls1_3
7431requires_gnutls_next_no_ticket
7432requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7433requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7434requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7435requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7436requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7437run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7438 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7439 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7440 0 \
7441 -c "HTTP/1.0 200 OK" \
7442 -c "Protocol is TLSv1.3" \
7443 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7444 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7445 -c "NamedGroup: secp384r1 ( 18 )" \
7446 -c "Verifying peer X.509 certificate... ok" \
7447 -C "received HelloRetryRequest message"
7448
7449requires_gnutls_tls1_3
7450requires_gnutls_next_no_ticket
7451requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7452requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7453requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7454requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7455requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7456run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7457 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7458 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7459 0 \
7460 -c "HTTP/1.0 200 OK" \
7461 -c "Protocol is TLSv1.3" \
7462 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7463 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7464 -c "NamedGroup: secp384r1 ( 18 )" \
7465 -c "Verifying peer X.509 certificate... ok" \
7466 -C "received HelloRetryRequest message"
7467
7468requires_gnutls_tls1_3
7469requires_gnutls_next_no_ticket
7470requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7471requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7472requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7473requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7474requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7475run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7476 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7477 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7478 0 \
7479 -c "HTTP/1.0 200 OK" \
7480 -c "Protocol is TLSv1.3" \
7481 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7482 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7483 -c "NamedGroup: secp384r1 ( 18 )" \
7484 -c "Verifying peer X.509 certificate... ok" \
7485 -C "received HelloRetryRequest message"
7486
7487requires_gnutls_tls1_3
7488requires_gnutls_next_no_ticket
7489requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7490requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7491requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7492requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7493requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7494requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7495run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7496 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7497 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7498 0 \
7499 -c "HTTP/1.0 200 OK" \
7500 -c "Protocol is TLSv1.3" \
7501 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7502 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7503 -c "NamedGroup: secp384r1 ( 18 )" \
7504 -c "Verifying peer X.509 certificate... ok" \
7505 -C "received HelloRetryRequest message"
7506
7507requires_gnutls_tls1_3
7508requires_gnutls_next_no_ticket
7509requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7510requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7511requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7512requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7513requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7514run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7515 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7516 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7517 0 \
7518 -c "HTTP/1.0 200 OK" \
7519 -c "Protocol is TLSv1.3" \
7520 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7521 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7522 -c "NamedGroup: secp521r1 ( 19 )" \
7523 -c "Verifying peer X.509 certificate... ok" \
7524 -C "received HelloRetryRequest message"
7525
7526requires_gnutls_tls1_3
7527requires_gnutls_next_no_ticket
7528requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7529requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7530requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7531requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7532requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7533run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7534 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7535 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7536 0 \
7537 -c "HTTP/1.0 200 OK" \
7538 -c "Protocol is TLSv1.3" \
7539 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7540 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7541 -c "NamedGroup: secp521r1 ( 19 )" \
7542 -c "Verifying peer X.509 certificate... ok" \
7543 -C "received HelloRetryRequest message"
7544
7545requires_gnutls_tls1_3
7546requires_gnutls_next_no_ticket
7547requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7548requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7549requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7550requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7551requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7552run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7553 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7554 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7555 0 \
7556 -c "HTTP/1.0 200 OK" \
7557 -c "Protocol is TLSv1.3" \
7558 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7559 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7560 -c "NamedGroup: secp521r1 ( 19 )" \
7561 -c "Verifying peer X.509 certificate... ok" \
7562 -C "received HelloRetryRequest message"
7563
7564requires_gnutls_tls1_3
7565requires_gnutls_next_no_ticket
7566requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7567requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7568requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7569requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7570requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7571requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7572run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7573 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7574 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7575 0 \
7576 -c "HTTP/1.0 200 OK" \
7577 -c "Protocol is TLSv1.3" \
7578 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7579 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7580 -c "NamedGroup: secp521r1 ( 19 )" \
7581 -c "Verifying peer X.509 certificate... ok" \
7582 -C "received HelloRetryRequest message"
7583
7584requires_gnutls_tls1_3
7585requires_gnutls_next_no_ticket
7586requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7587requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7588requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7589requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7590requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7591run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7592 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7593 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7594 0 \
7595 -c "HTTP/1.0 200 OK" \
7596 -c "Protocol is TLSv1.3" \
7597 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7598 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7599 -c "NamedGroup: x25519 ( 1d )" \
7600 -c "Verifying peer X.509 certificate... ok" \
7601 -C "received HelloRetryRequest message"
7602
7603requires_gnutls_tls1_3
7604requires_gnutls_next_no_ticket
7605requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7606requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7607requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7608requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7609requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7610run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7611 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7612 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7613 0 \
7614 -c "HTTP/1.0 200 OK" \
7615 -c "Protocol is TLSv1.3" \
7616 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7617 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7618 -c "NamedGroup: x25519 ( 1d )" \
7619 -c "Verifying peer X.509 certificate... ok" \
7620 -C "received HelloRetryRequest message"
7621
7622requires_gnutls_tls1_3
7623requires_gnutls_next_no_ticket
7624requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7625requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7626requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7627requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7628requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7629run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7630 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7631 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7632 0 \
7633 -c "HTTP/1.0 200 OK" \
7634 -c "Protocol is TLSv1.3" \
7635 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7636 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7637 -c "NamedGroup: x25519 ( 1d )" \
7638 -c "Verifying peer X.509 certificate... ok" \
7639 -C "received HelloRetryRequest message"
7640
7641requires_gnutls_tls1_3
7642requires_gnutls_next_no_ticket
7643requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7644requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7645requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7646requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7647requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7648requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7649run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7650 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7651 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7652 0 \
7653 -c "HTTP/1.0 200 OK" \
7654 -c "Protocol is TLSv1.3" \
7655 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7656 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7657 -c "NamedGroup: x25519 ( 1d )" \
7658 -c "Verifying peer X.509 certificate... ok" \
7659 -C "received HelloRetryRequest message"
7660
7661requires_gnutls_tls1_3
7662requires_gnutls_next_no_ticket
7663requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7664requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7665requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7666requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7667requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7668run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7669 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7670 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7671 0 \
7672 -c "HTTP/1.0 200 OK" \
7673 -c "Protocol is TLSv1.3" \
7674 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7675 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7676 -c "NamedGroup: x448 ( 1e )" \
7677 -c "Verifying peer X.509 certificate... ok" \
7678 -C "received HelloRetryRequest message"
7679
7680requires_gnutls_tls1_3
7681requires_gnutls_next_no_ticket
7682requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7683requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7684requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7685requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7686requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7687run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7688 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7689 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7690 0 \
7691 -c "HTTP/1.0 200 OK" \
7692 -c "Protocol is TLSv1.3" \
7693 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7694 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7695 -c "NamedGroup: x448 ( 1e )" \
7696 -c "Verifying peer X.509 certificate... ok" \
7697 -C "received HelloRetryRequest message"
7698
7699requires_gnutls_tls1_3
7700requires_gnutls_next_no_ticket
7701requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7702requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7703requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7704requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7705requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7706run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7707 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7708 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7709 0 \
7710 -c "HTTP/1.0 200 OK" \
7711 -c "Protocol is TLSv1.3" \
7712 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7713 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7714 -c "NamedGroup: x448 ( 1e )" \
7715 -c "Verifying peer X.509 certificate... ok" \
7716 -C "received HelloRetryRequest message"
7717
7718requires_gnutls_tls1_3
7719requires_gnutls_next_no_ticket
7720requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7721requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7722requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7723requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7724requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7725requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7726run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7727 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7728 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7729 0 \
7730 -c "HTTP/1.0 200 OK" \
7731 -c "Protocol is TLSv1.3" \
7732 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7733 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7734 -c "NamedGroup: x448 ( 1e )" \
7735 -c "Verifying peer X.509 certificate... ok" \
7736 -C "received HelloRetryRequest message"
7737
7738requires_gnutls_tls1_3
7739requires_gnutls_next_no_ticket
7740requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7741requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7742requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7743requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7744requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7745run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
7746 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7747 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
7748 0 \
7749 -c "HTTP/1.0 200 OK" \
7750 -c "Protocol is TLSv1.3" \
7751 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7752 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7753 -c "NamedGroup: ffdhe2048 ( 100 )" \
7754 -c "Verifying peer X.509 certificate... ok" \
7755 -C "received HelloRetryRequest message"
7756
7757requires_gnutls_tls1_3
7758requires_gnutls_next_no_ticket
7759requires_gnutls_next_disable_tls13_compat
7760requires_config_enabled MBEDTLS_SSL_CLI_C
7761requires_config_enabled MBEDTLS_DEBUG_C
7762requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7763requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7764run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
7765 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7766 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
7767 0 \
7768 -c "HTTP/1.0 200 OK" \
7769 -c "Protocol is TLSv1.3" \
7770 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7771 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7772 -c "NamedGroup: ffdhe2048 ( 100 )" \
7773 -c "Verifying peer X.509 certificate... ok" \
7774 -C "received HelloRetryRequest message"
7775
7776requires_gnutls_tls1_3
7777requires_gnutls_next_no_ticket
7778requires_gnutls_next_disable_tls13_compat
7779requires_config_enabled MBEDTLS_SSL_CLI_C
7780requires_config_enabled MBEDTLS_DEBUG_C
7781requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7782requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7783run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
7784 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7785 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
7786 0 \
7787 -c "HTTP/1.0 200 OK" \
7788 -c "Protocol is TLSv1.3" \
7789 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7790 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7791 -c "NamedGroup: ffdhe2048 ( 100 )" \
7792 -c "Verifying peer X.509 certificate... ok" \
7793 -C "received HelloRetryRequest message"
7794
7795requires_gnutls_tls1_3
7796requires_gnutls_next_no_ticket
7797requires_gnutls_next_disable_tls13_compat
7798requires_config_enabled MBEDTLS_SSL_CLI_C
7799requires_config_enabled MBEDTLS_DEBUG_C
7800requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7801requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7802requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7803run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
7804 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7805 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
7806 0 \
7807 -c "HTTP/1.0 200 OK" \
7808 -c "Protocol is TLSv1.3" \
7809 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7810 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7811 -c "NamedGroup: ffdhe2048 ( 100 )" \
7812 -c "Verifying peer X.509 certificate... ok" \
7813 -C "received HelloRetryRequest message"
7814
7815requires_gnutls_tls1_3
7816requires_gnutls_next_no_ticket
7817requires_gnutls_next_disable_tls13_compat
7818requires_config_enabled MBEDTLS_SSL_CLI_C
7819requires_config_enabled MBEDTLS_DEBUG_C
7820requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7821requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7822run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
7823 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
7824 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
7825 0 \
7826 -c "HTTP/1.0 200 OK" \
7827 -c "Protocol is TLSv1.3" \
7828 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7829 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7830 -c "NamedGroup: ffdhe8192 ( 104 )" \
7831 -c "Verifying peer X.509 certificate... ok" \
7832 -C "received HelloRetryRequest message"
7833
7834requires_gnutls_tls1_3
7835requires_gnutls_next_no_ticket
7836requires_gnutls_next_disable_tls13_compat
7837requires_config_enabled MBEDTLS_SSL_CLI_C
7838requires_config_enabled MBEDTLS_DEBUG_C
7839requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7840requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7841run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
7842 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
7843 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
7844 0 \
7845 -c "HTTP/1.0 200 OK" \
7846 -c "Protocol is TLSv1.3" \
7847 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7848 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7849 -c "NamedGroup: ffdhe8192 ( 104 )" \
7850 -c "Verifying peer X.509 certificate... ok" \
7851 -C "received HelloRetryRequest message"
7852
7853requires_gnutls_tls1_3
7854requires_gnutls_next_no_ticket
7855requires_gnutls_next_disable_tls13_compat
7856requires_config_enabled MBEDTLS_SSL_CLI_C
7857requires_config_enabled MBEDTLS_DEBUG_C
7858requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7859requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7860run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
7861 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
7862 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
7863 0 \
7864 -c "HTTP/1.0 200 OK" \
7865 -c "Protocol is TLSv1.3" \
7866 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7867 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7868 -c "NamedGroup: ffdhe8192 ( 104 )" \
7869 -c "Verifying peer X.509 certificate... ok" \
7870 -C "received HelloRetryRequest message"
7871
7872requires_gnutls_tls1_3
7873requires_gnutls_next_no_ticket
7874requires_gnutls_next_disable_tls13_compat
7875requires_config_enabled MBEDTLS_SSL_CLI_C
7876requires_config_enabled MBEDTLS_DEBUG_C
7877requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7878requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7879requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7880run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
7881 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
7882 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
7883 0 \
7884 -c "HTTP/1.0 200 OK" \
7885 -c "Protocol is TLSv1.3" \
7886 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7887 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7888 -c "NamedGroup: ffdhe8192 ( 104 )" \
7889 -c "Verifying peer X.509 certificate... ok" \
7890 -C "received HelloRetryRequest message"
7891
7892requires_gnutls_tls1_3
7893requires_gnutls_next_no_ticket
7894requires_gnutls_next_disable_tls13_compat
7895requires_config_enabled MBEDTLS_SSL_CLI_C
7896requires_config_enabled MBEDTLS_DEBUG_C
7897requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7898requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7899run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7900 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7901 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7902 0 \
7903 -c "HTTP/1.0 200 OK" \
7904 -c "Protocol is TLSv1.3" \
7905 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7906 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7907 -c "NamedGroup: secp256r1 ( 17 )" \
7908 -c "Verifying peer X.509 certificate... ok" \
7909 -C "received HelloRetryRequest message"
7910
7911requires_gnutls_tls1_3
7912requires_gnutls_next_no_ticket
7913requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7914requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7915requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7916requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7917requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7918run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7919 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7920 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7921 0 \
7922 -c "HTTP/1.0 200 OK" \
7923 -c "Protocol is TLSv1.3" \
7924 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7925 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7926 -c "NamedGroup: secp256r1 ( 17 )" \
7927 -c "Verifying peer X.509 certificate... ok" \
7928 -C "received HelloRetryRequest message"
7929
7930requires_gnutls_tls1_3
7931requires_gnutls_next_no_ticket
7932requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7933requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7934requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7935requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7936requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7937run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7938 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7939 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7940 0 \
7941 -c "HTTP/1.0 200 OK" \
7942 -c "Protocol is TLSv1.3" \
7943 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7944 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7945 -c "NamedGroup: secp256r1 ( 17 )" \
7946 -c "Verifying peer X.509 certificate... ok" \
7947 -C "received HelloRetryRequest message"
7948
7949requires_gnutls_tls1_3
7950requires_gnutls_next_no_ticket
7951requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7952requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7953requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7954requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7955requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7956requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7957run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7958 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7959 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7960 0 \
7961 -c "HTTP/1.0 200 OK" \
7962 -c "Protocol is TLSv1.3" \
7963 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7964 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7965 -c "NamedGroup: secp256r1 ( 17 )" \
7966 -c "Verifying peer X.509 certificate... ok" \
7967 -C "received HelloRetryRequest message"
7968
7969requires_gnutls_tls1_3
7970requires_gnutls_next_no_ticket
7971requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7972requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7973requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7974requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7975requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7976run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7977 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7978 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7979 0 \
7980 -c "HTTP/1.0 200 OK" \
7981 -c "Protocol is TLSv1.3" \
7982 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7983 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7984 -c "NamedGroup: secp384r1 ( 18 )" \
7985 -c "Verifying peer X.509 certificate... ok" \
7986 -C "received HelloRetryRequest message"
7987
7988requires_gnutls_tls1_3
7989requires_gnutls_next_no_ticket
7990requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7991requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7992requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7993requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7994requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7995run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7996 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7997 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7998 0 \
7999 -c "HTTP/1.0 200 OK" \
8000 -c "Protocol is TLSv1.3" \
8001 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8002 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8003 -c "NamedGroup: secp384r1 ( 18 )" \
8004 -c "Verifying peer X.509 certificate... ok" \
8005 -C "received HelloRetryRequest message"
8006
8007requires_gnutls_tls1_3
8008requires_gnutls_next_no_ticket
8009requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8010requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8011requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8012requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8013requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8014run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8015 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8016 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8017 0 \
8018 -c "HTTP/1.0 200 OK" \
8019 -c "Protocol is TLSv1.3" \
8020 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8021 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8022 -c "NamedGroup: secp384r1 ( 18 )" \
8023 -c "Verifying peer X.509 certificate... ok" \
8024 -C "received HelloRetryRequest message"
8025
8026requires_gnutls_tls1_3
8027requires_gnutls_next_no_ticket
8028requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8029requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8030requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8031requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8032requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8033requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8034run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8035 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8036 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8037 0 \
8038 -c "HTTP/1.0 200 OK" \
8039 -c "Protocol is TLSv1.3" \
8040 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8041 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8042 -c "NamedGroup: secp384r1 ( 18 )" \
8043 -c "Verifying peer X.509 certificate... ok" \
8044 -C "received HelloRetryRequest message"
8045
8046requires_gnutls_tls1_3
8047requires_gnutls_next_no_ticket
8048requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8049requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8050requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8051requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8052requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8053run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8054 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8055 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8056 0 \
8057 -c "HTTP/1.0 200 OK" \
8058 -c "Protocol is TLSv1.3" \
8059 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8060 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8061 -c "NamedGroup: secp521r1 ( 19 )" \
8062 -c "Verifying peer X.509 certificate... ok" \
8063 -C "received HelloRetryRequest message"
8064
8065requires_gnutls_tls1_3
8066requires_gnutls_next_no_ticket
8067requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8068requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8069requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8070requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8071requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8072run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8073 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8074 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8075 0 \
8076 -c "HTTP/1.0 200 OK" \
8077 -c "Protocol is TLSv1.3" \
8078 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8079 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8080 -c "NamedGroup: secp521r1 ( 19 )" \
8081 -c "Verifying peer X.509 certificate... ok" \
8082 -C "received HelloRetryRequest message"
8083
8084requires_gnutls_tls1_3
8085requires_gnutls_next_no_ticket
8086requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8087requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8088requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8089requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8090requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8091run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8092 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8093 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8094 0 \
8095 -c "HTTP/1.0 200 OK" \
8096 -c "Protocol is TLSv1.3" \
8097 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8098 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8099 -c "NamedGroup: secp521r1 ( 19 )" \
8100 -c "Verifying peer X.509 certificate... ok" \
8101 -C "received HelloRetryRequest message"
8102
8103requires_gnutls_tls1_3
8104requires_gnutls_next_no_ticket
8105requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8106requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8107requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8108requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8109requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8110requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8111run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8112 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8113 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8114 0 \
8115 -c "HTTP/1.0 200 OK" \
8116 -c "Protocol is TLSv1.3" \
8117 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8118 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8119 -c "NamedGroup: secp521r1 ( 19 )" \
8120 -c "Verifying peer X.509 certificate... ok" \
8121 -C "received HelloRetryRequest message"
8122
8123requires_gnutls_tls1_3
8124requires_gnutls_next_no_ticket
8125requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8126requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8127requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8128requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8129requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8130run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8131 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8132 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8133 0 \
8134 -c "HTTP/1.0 200 OK" \
8135 -c "Protocol is TLSv1.3" \
8136 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8137 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8138 -c "NamedGroup: x25519 ( 1d )" \
8139 -c "Verifying peer X.509 certificate... ok" \
8140 -C "received HelloRetryRequest message"
8141
8142requires_gnutls_tls1_3
8143requires_gnutls_next_no_ticket
8144requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8145requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8146requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8147requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8148requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8149run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8150 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8151 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8152 0 \
8153 -c "HTTP/1.0 200 OK" \
8154 -c "Protocol is TLSv1.3" \
8155 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8156 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8157 -c "NamedGroup: x25519 ( 1d )" \
8158 -c "Verifying peer X.509 certificate... ok" \
8159 -C "received HelloRetryRequest message"
8160
8161requires_gnutls_tls1_3
8162requires_gnutls_next_no_ticket
8163requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8164requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8165requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8166requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8167requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8168run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8169 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8170 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8171 0 \
8172 -c "HTTP/1.0 200 OK" \
8173 -c "Protocol is TLSv1.3" \
8174 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8175 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8176 -c "NamedGroup: x25519 ( 1d )" \
8177 -c "Verifying peer X.509 certificate... ok" \
8178 -C "received HelloRetryRequest message"
8179
8180requires_gnutls_tls1_3
8181requires_gnutls_next_no_ticket
8182requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8183requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8184requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8185requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8186requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8187requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8188run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8189 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8190 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8191 0 \
8192 -c "HTTP/1.0 200 OK" \
8193 -c "Protocol is TLSv1.3" \
8194 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8195 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8196 -c "NamedGroup: x25519 ( 1d )" \
8197 -c "Verifying peer X.509 certificate... ok" \
8198 -C "received HelloRetryRequest message"
8199
8200requires_gnutls_tls1_3
8201requires_gnutls_next_no_ticket
8202requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8203requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8204requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8205requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8206requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8207run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8208 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8209 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8210 0 \
8211 -c "HTTP/1.0 200 OK" \
8212 -c "Protocol is TLSv1.3" \
8213 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8214 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8215 -c "NamedGroup: x448 ( 1e )" \
8216 -c "Verifying peer X.509 certificate... ok" \
8217 -C "received HelloRetryRequest message"
8218
8219requires_gnutls_tls1_3
8220requires_gnutls_next_no_ticket
8221requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8222requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8223requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8224requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8225requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8226run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8227 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8228 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8229 0 \
8230 -c "HTTP/1.0 200 OK" \
8231 -c "Protocol is TLSv1.3" \
8232 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8233 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8234 -c "NamedGroup: x448 ( 1e )" \
8235 -c "Verifying peer X.509 certificate... ok" \
8236 -C "received HelloRetryRequest message"
8237
8238requires_gnutls_tls1_3
8239requires_gnutls_next_no_ticket
8240requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8241requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8242requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8243requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8244requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8245run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8246 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8247 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8248 0 \
8249 -c "HTTP/1.0 200 OK" \
8250 -c "Protocol is TLSv1.3" \
8251 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8252 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8253 -c "NamedGroup: x448 ( 1e )" \
8254 -c "Verifying peer X.509 certificate... ok" \
8255 -C "received HelloRetryRequest message"
8256
8257requires_gnutls_tls1_3
8258requires_gnutls_next_no_ticket
8259requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8260requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8261requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8262requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8263requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8264requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8265run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8266 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8267 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8268 0 \
8269 -c "HTTP/1.0 200 OK" \
8270 -c "Protocol is TLSv1.3" \
8271 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8272 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8273 -c "NamedGroup: x448 ( 1e )" \
8274 -c "Verifying peer X.509 certificate... ok" \
8275 -C "received HelloRetryRequest message"
8276
8277requires_gnutls_tls1_3
8278requires_gnutls_next_no_ticket
8279requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8280requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8281requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8282requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8283requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8284run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
8285 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8286 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
8287 0 \
8288 -c "HTTP/1.0 200 OK" \
8289 -c "Protocol is TLSv1.3" \
8290 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8291 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8292 -c "NamedGroup: ffdhe2048 ( 100 )" \
8293 -c "Verifying peer X.509 certificate... ok" \
8294 -C "received HelloRetryRequest message"
8295
8296requires_gnutls_tls1_3
8297requires_gnutls_next_no_ticket
8298requires_gnutls_next_disable_tls13_compat
8299requires_config_enabled MBEDTLS_SSL_CLI_C
8300requires_config_enabled MBEDTLS_DEBUG_C
8301requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8302requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8303run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
8304 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8305 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
8306 0 \
8307 -c "HTTP/1.0 200 OK" \
8308 -c "Protocol is TLSv1.3" \
8309 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8310 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8311 -c "NamedGroup: ffdhe2048 ( 100 )" \
8312 -c "Verifying peer X.509 certificate... ok" \
8313 -C "received HelloRetryRequest message"
8314
8315requires_gnutls_tls1_3
8316requires_gnutls_next_no_ticket
8317requires_gnutls_next_disable_tls13_compat
8318requires_config_enabled MBEDTLS_SSL_CLI_C
8319requires_config_enabled MBEDTLS_DEBUG_C
8320requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8321requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8322run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
8323 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8324 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
8325 0 \
8326 -c "HTTP/1.0 200 OK" \
8327 -c "Protocol is TLSv1.3" \
8328 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8329 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8330 -c "NamedGroup: ffdhe2048 ( 100 )" \
8331 -c "Verifying peer X.509 certificate... ok" \
8332 -C "received HelloRetryRequest message"
8333
8334requires_gnutls_tls1_3
8335requires_gnutls_next_no_ticket
8336requires_gnutls_next_disable_tls13_compat
8337requires_config_enabled MBEDTLS_SSL_CLI_C
8338requires_config_enabled MBEDTLS_DEBUG_C
8339requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8340requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8341requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8342run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
8343 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8344 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
8345 0 \
8346 -c "HTTP/1.0 200 OK" \
8347 -c "Protocol is TLSv1.3" \
8348 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8349 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8350 -c "NamedGroup: ffdhe2048 ( 100 )" \
8351 -c "Verifying peer X.509 certificate... ok" \
8352 -C "received HelloRetryRequest message"
8353
8354requires_gnutls_tls1_3
8355requires_gnutls_next_no_ticket
8356requires_gnutls_next_disable_tls13_compat
8357requires_config_enabled MBEDTLS_SSL_CLI_C
8358requires_config_enabled MBEDTLS_DEBUG_C
8359requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8360requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8361run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
8362 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
8363 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
8364 0 \
8365 -c "HTTP/1.0 200 OK" \
8366 -c "Protocol is TLSv1.3" \
8367 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8368 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8369 -c "NamedGroup: ffdhe8192 ( 104 )" \
8370 -c "Verifying peer X.509 certificate... ok" \
8371 -C "received HelloRetryRequest message"
8372
8373requires_gnutls_tls1_3
8374requires_gnutls_next_no_ticket
8375requires_gnutls_next_disable_tls13_compat
8376requires_config_enabled MBEDTLS_SSL_CLI_C
8377requires_config_enabled MBEDTLS_DEBUG_C
8378requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8379requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8380run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
8381 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
8382 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
8383 0 \
8384 -c "HTTP/1.0 200 OK" \
8385 -c "Protocol is TLSv1.3" \
8386 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8387 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8388 -c "NamedGroup: ffdhe8192 ( 104 )" \
8389 -c "Verifying peer X.509 certificate... ok" \
8390 -C "received HelloRetryRequest message"
8391
8392requires_gnutls_tls1_3
8393requires_gnutls_next_no_ticket
8394requires_gnutls_next_disable_tls13_compat
8395requires_config_enabled MBEDTLS_SSL_CLI_C
8396requires_config_enabled MBEDTLS_DEBUG_C
8397requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8398requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8399run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
8400 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
8401 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
8402 0 \
8403 -c "HTTP/1.0 200 OK" \
8404 -c "Protocol is TLSv1.3" \
8405 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8406 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8407 -c "NamedGroup: ffdhe8192 ( 104 )" \
8408 -c "Verifying peer X.509 certificate... ok" \
8409 -C "received HelloRetryRequest message"
8410
8411requires_gnutls_tls1_3
8412requires_gnutls_next_no_ticket
8413requires_gnutls_next_disable_tls13_compat
8414requires_config_enabled MBEDTLS_SSL_CLI_C
8415requires_config_enabled MBEDTLS_DEBUG_C
8416requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8417requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8418requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8419run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
8420 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
8421 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
8422 0 \
8423 -c "HTTP/1.0 200 OK" \
8424 -c "Protocol is TLSv1.3" \
8425 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8426 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8427 -c "NamedGroup: ffdhe8192 ( 104 )" \
8428 -c "Verifying peer X.509 certificate... ok" \
8429 -C "received HelloRetryRequest message"
8430
8431requires_gnutls_tls1_3
8432requires_gnutls_next_no_ticket
8433requires_gnutls_next_disable_tls13_compat
8434requires_config_enabled MBEDTLS_SSL_CLI_C
8435requires_config_enabled MBEDTLS_DEBUG_C
8436requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8437requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8438run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8439 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8440 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8441 0 \
8442 -c "HTTP/1.0 200 OK" \
8443 -c "Protocol is TLSv1.3" \
8444 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8445 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8446 -c "NamedGroup: secp256r1 ( 17 )" \
8447 -c "Verifying peer X.509 certificate... ok" \
8448 -C "received HelloRetryRequest message"
8449
8450requires_gnutls_tls1_3
8451requires_gnutls_next_no_ticket
8452requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8453requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8454requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8455requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8456requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8457run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8458 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8459 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8460 0 \
8461 -c "HTTP/1.0 200 OK" \
8462 -c "Protocol is TLSv1.3" \
8463 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8464 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8465 -c "NamedGroup: secp256r1 ( 17 )" \
8466 -c "Verifying peer X.509 certificate... ok" \
8467 -C "received HelloRetryRequest message"
8468
8469requires_gnutls_tls1_3
8470requires_gnutls_next_no_ticket
8471requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8472requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8473requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8474requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8475requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8476run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8477 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8478 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8479 0 \
8480 -c "HTTP/1.0 200 OK" \
8481 -c "Protocol is TLSv1.3" \
8482 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8483 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8484 -c "NamedGroup: secp256r1 ( 17 )" \
8485 -c "Verifying peer X.509 certificate... ok" \
8486 -C "received HelloRetryRequest message"
8487
8488requires_gnutls_tls1_3
8489requires_gnutls_next_no_ticket
8490requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8491requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8492requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8493requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8494requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8495requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8496run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8497 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8498 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8499 0 \
8500 -c "HTTP/1.0 200 OK" \
8501 -c "Protocol is TLSv1.3" \
8502 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8503 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8504 -c "NamedGroup: secp256r1 ( 17 )" \
8505 -c "Verifying peer X.509 certificate... ok" \
8506 -C "received HelloRetryRequest message"
8507
8508requires_gnutls_tls1_3
8509requires_gnutls_next_no_ticket
8510requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8511requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8512requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8513requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8514requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8515run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8516 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8517 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8518 0 \
8519 -c "HTTP/1.0 200 OK" \
8520 -c "Protocol is TLSv1.3" \
8521 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8522 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8523 -c "NamedGroup: secp384r1 ( 18 )" \
8524 -c "Verifying peer X.509 certificate... ok" \
8525 -C "received HelloRetryRequest message"
8526
8527requires_gnutls_tls1_3
8528requires_gnutls_next_no_ticket
8529requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8530requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8531requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8532requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8533requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8534run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8535 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8536 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8537 0 \
8538 -c "HTTP/1.0 200 OK" \
8539 -c "Protocol is TLSv1.3" \
8540 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8541 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8542 -c "NamedGroup: secp384r1 ( 18 )" \
8543 -c "Verifying peer X.509 certificate... ok" \
8544 -C "received HelloRetryRequest message"
8545
8546requires_gnutls_tls1_3
8547requires_gnutls_next_no_ticket
8548requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8549requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8550requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8551requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8552requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8553run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8554 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8555 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8556 0 \
8557 -c "HTTP/1.0 200 OK" \
8558 -c "Protocol is TLSv1.3" \
8559 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8560 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8561 -c "NamedGroup: secp384r1 ( 18 )" \
8562 -c "Verifying peer X.509 certificate... ok" \
8563 -C "received HelloRetryRequest message"
8564
8565requires_gnutls_tls1_3
8566requires_gnutls_next_no_ticket
8567requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8568requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8569requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8570requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8571requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8572requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8573run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8574 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8575 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8576 0 \
8577 -c "HTTP/1.0 200 OK" \
8578 -c "Protocol is TLSv1.3" \
8579 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8580 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8581 -c "NamedGroup: secp384r1 ( 18 )" \
8582 -c "Verifying peer X.509 certificate... ok" \
8583 -C "received HelloRetryRequest message"
8584
8585requires_gnutls_tls1_3
8586requires_gnutls_next_no_ticket
8587requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8588requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8589requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8590requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8591requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8592run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8593 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8594 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8595 0 \
8596 -c "HTTP/1.0 200 OK" \
8597 -c "Protocol is TLSv1.3" \
8598 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8599 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8600 -c "NamedGroup: secp521r1 ( 19 )" \
8601 -c "Verifying peer X.509 certificate... ok" \
8602 -C "received HelloRetryRequest message"
8603
8604requires_gnutls_tls1_3
8605requires_gnutls_next_no_ticket
8606requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8607requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8608requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8609requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8610requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8611run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8612 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8613 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8614 0 \
8615 -c "HTTP/1.0 200 OK" \
8616 -c "Protocol is TLSv1.3" \
8617 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8618 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8619 -c "NamedGroup: secp521r1 ( 19 )" \
8620 -c "Verifying peer X.509 certificate... ok" \
8621 -C "received HelloRetryRequest message"
8622
8623requires_gnutls_tls1_3
8624requires_gnutls_next_no_ticket
8625requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8626requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8627requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8628requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8629requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8630run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8631 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8632 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8633 0 \
8634 -c "HTTP/1.0 200 OK" \
8635 -c "Protocol is TLSv1.3" \
8636 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8637 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8638 -c "NamedGroup: secp521r1 ( 19 )" \
8639 -c "Verifying peer X.509 certificate... ok" \
8640 -C "received HelloRetryRequest message"
8641
8642requires_gnutls_tls1_3
8643requires_gnutls_next_no_ticket
8644requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8645requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8646requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8647requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8648requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8649requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8650run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8651 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8652 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8653 0 \
8654 -c "HTTP/1.0 200 OK" \
8655 -c "Protocol is TLSv1.3" \
8656 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8657 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8658 -c "NamedGroup: secp521r1 ( 19 )" \
8659 -c "Verifying peer X.509 certificate... ok" \
8660 -C "received HelloRetryRequest message"
8661
8662requires_gnutls_tls1_3
8663requires_gnutls_next_no_ticket
8664requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8665requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8666requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8667requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8668requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8669run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8670 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8671 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8672 0 \
8673 -c "HTTP/1.0 200 OK" \
8674 -c "Protocol is TLSv1.3" \
8675 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8676 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8677 -c "NamedGroup: x25519 ( 1d )" \
8678 -c "Verifying peer X.509 certificate... ok" \
8679 -C "received HelloRetryRequest message"
8680
8681requires_gnutls_tls1_3
8682requires_gnutls_next_no_ticket
8683requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8684requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8685requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8686requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8687requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8688run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8689 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8690 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8691 0 \
8692 -c "HTTP/1.0 200 OK" \
8693 -c "Protocol is TLSv1.3" \
8694 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8695 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8696 -c "NamedGroup: x25519 ( 1d )" \
8697 -c "Verifying peer X.509 certificate... ok" \
8698 -C "received HelloRetryRequest message"
8699
8700requires_gnutls_tls1_3
8701requires_gnutls_next_no_ticket
8702requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8703requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8704requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8705requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8706requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8707run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8708 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8709 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8710 0 \
8711 -c "HTTP/1.0 200 OK" \
8712 -c "Protocol is TLSv1.3" \
8713 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8714 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8715 -c "NamedGroup: x25519 ( 1d )" \
8716 -c "Verifying peer X.509 certificate... ok" \
8717 -C "received HelloRetryRequest message"
8718
8719requires_gnutls_tls1_3
8720requires_gnutls_next_no_ticket
8721requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8722requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8723requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8724requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8725requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8726requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8727run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8728 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8729 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8730 0 \
8731 -c "HTTP/1.0 200 OK" \
8732 -c "Protocol is TLSv1.3" \
8733 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8734 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8735 -c "NamedGroup: x25519 ( 1d )" \
8736 -c "Verifying peer X.509 certificate... ok" \
8737 -C "received HelloRetryRequest message"
8738
8739requires_gnutls_tls1_3
8740requires_gnutls_next_no_ticket
8741requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8742requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8743requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8744requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8745requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8746run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8747 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8748 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8749 0 \
8750 -c "HTTP/1.0 200 OK" \
8751 -c "Protocol is TLSv1.3" \
8752 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8753 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8754 -c "NamedGroup: x448 ( 1e )" \
8755 -c "Verifying peer X.509 certificate... ok" \
8756 -C "received HelloRetryRequest message"
8757
8758requires_gnutls_tls1_3
8759requires_gnutls_next_no_ticket
8760requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8761requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8762requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8763requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8764requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8765run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8766 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8767 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8768 0 \
8769 -c "HTTP/1.0 200 OK" \
8770 -c "Protocol is TLSv1.3" \
8771 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8772 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8773 -c "NamedGroup: x448 ( 1e )" \
8774 -c "Verifying peer X.509 certificate... ok" \
8775 -C "received HelloRetryRequest message"
8776
8777requires_gnutls_tls1_3
8778requires_gnutls_next_no_ticket
8779requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8780requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8781requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8782requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8783requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8784run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8785 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8786 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8787 0 \
8788 -c "HTTP/1.0 200 OK" \
8789 -c "Protocol is TLSv1.3" \
8790 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8791 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8792 -c "NamedGroup: x448 ( 1e )" \
8793 -c "Verifying peer X.509 certificate... ok" \
8794 -C "received HelloRetryRequest message"
8795
8796requires_gnutls_tls1_3
8797requires_gnutls_next_no_ticket
8798requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8799requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8800requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8801requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8802requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8803requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8804run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8805 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8806 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8807 0 \
8808 -c "HTTP/1.0 200 OK" \
8809 -c "Protocol is TLSv1.3" \
8810 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8811 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8812 -c "NamedGroup: x448 ( 1e )" \
8813 -c "Verifying peer X.509 certificate... ok" \
8814 -C "received HelloRetryRequest message"
8815
8816requires_gnutls_tls1_3
8817requires_gnutls_next_no_ticket
8818requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8819requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8820requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8821requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8822requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8823run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
8824 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8825 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
8826 0 \
8827 -c "HTTP/1.0 200 OK" \
8828 -c "Protocol is TLSv1.3" \
8829 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8830 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8831 -c "NamedGroup: ffdhe2048 ( 100 )" \
8832 -c "Verifying peer X.509 certificate... ok" \
8833 -C "received HelloRetryRequest message"
8834
8835requires_gnutls_tls1_3
8836requires_gnutls_next_no_ticket
8837requires_gnutls_next_disable_tls13_compat
8838requires_config_enabled MBEDTLS_SSL_CLI_C
8839requires_config_enabled MBEDTLS_DEBUG_C
8840requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8841requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8842run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
8843 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8844 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
8845 0 \
8846 -c "HTTP/1.0 200 OK" \
8847 -c "Protocol is TLSv1.3" \
8848 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8849 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8850 -c "NamedGroup: ffdhe2048 ( 100 )" \
8851 -c "Verifying peer X.509 certificate... ok" \
8852 -C "received HelloRetryRequest message"
8853
8854requires_gnutls_tls1_3
8855requires_gnutls_next_no_ticket
8856requires_gnutls_next_disable_tls13_compat
8857requires_config_enabled MBEDTLS_SSL_CLI_C
8858requires_config_enabled MBEDTLS_DEBUG_C
8859requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8860requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8861run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
8862 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8863 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
8864 0 \
8865 -c "HTTP/1.0 200 OK" \
8866 -c "Protocol is TLSv1.3" \
8867 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8868 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8869 -c "NamedGroup: ffdhe2048 ( 100 )" \
8870 -c "Verifying peer X.509 certificate... ok" \
8871 -C "received HelloRetryRequest message"
8872
8873requires_gnutls_tls1_3
8874requires_gnutls_next_no_ticket
8875requires_gnutls_next_disable_tls13_compat
8876requires_config_enabled MBEDTLS_SSL_CLI_C
8877requires_config_enabled MBEDTLS_DEBUG_C
8878requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8879requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8880requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8881run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
8882 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8883 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
8884 0 \
8885 -c "HTTP/1.0 200 OK" \
8886 -c "Protocol is TLSv1.3" \
8887 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8888 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8889 -c "NamedGroup: ffdhe2048 ( 100 )" \
8890 -c "Verifying peer X.509 certificate... ok" \
8891 -C "received HelloRetryRequest message"
8892
8893requires_gnutls_tls1_3
8894requires_gnutls_next_no_ticket
8895requires_gnutls_next_disable_tls13_compat
8896requires_config_enabled MBEDTLS_SSL_CLI_C
8897requires_config_enabled MBEDTLS_DEBUG_C
8898requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8899requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8900run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
8901 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
8902 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
8903 0 \
8904 -c "HTTP/1.0 200 OK" \
8905 -c "Protocol is TLSv1.3" \
8906 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8907 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8908 -c "NamedGroup: ffdhe8192 ( 104 )" \
8909 -c "Verifying peer X.509 certificate... ok" \
8910 -C "received HelloRetryRequest message"
8911
8912requires_gnutls_tls1_3
8913requires_gnutls_next_no_ticket
8914requires_gnutls_next_disable_tls13_compat
8915requires_config_enabled MBEDTLS_SSL_CLI_C
8916requires_config_enabled MBEDTLS_DEBUG_C
8917requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8918requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8919run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
8920 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
8921 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
8922 0 \
8923 -c "HTTP/1.0 200 OK" \
8924 -c "Protocol is TLSv1.3" \
8925 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8926 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8927 -c "NamedGroup: ffdhe8192 ( 104 )" \
8928 -c "Verifying peer X.509 certificate... ok" \
8929 -C "received HelloRetryRequest message"
8930
8931requires_gnutls_tls1_3
8932requires_gnutls_next_no_ticket
8933requires_gnutls_next_disable_tls13_compat
8934requires_config_enabled MBEDTLS_SSL_CLI_C
8935requires_config_enabled MBEDTLS_DEBUG_C
8936requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8937requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8938run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
8939 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
8940 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
8941 0 \
8942 -c "HTTP/1.0 200 OK" \
8943 -c "Protocol is TLSv1.3" \
8944 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8945 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8946 -c "NamedGroup: ffdhe8192 ( 104 )" \
8947 -c "Verifying peer X.509 certificate... ok" \
8948 -C "received HelloRetryRequest message"
8949
8950requires_gnutls_tls1_3
8951requires_gnutls_next_no_ticket
8952requires_gnutls_next_disable_tls13_compat
8953requires_config_enabled MBEDTLS_SSL_CLI_C
8954requires_config_enabled MBEDTLS_DEBUG_C
8955requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8956requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8957requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8958run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
8959 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
8960 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
8961 0 \
8962 -c "HTTP/1.0 200 OK" \
8963 -c "Protocol is TLSv1.3" \
8964 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8965 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8966 -c "NamedGroup: ffdhe8192 ( 104 )" \
8967 -c "Verifying peer X.509 certificate... ok" \
8968 -C "received HelloRetryRequest message"
8969
8970requires_gnutls_tls1_3
8971requires_gnutls_next_no_ticket
8972requires_gnutls_next_disable_tls13_compat
8973requires_config_enabled MBEDTLS_SSL_CLI_C
8974requires_config_enabled MBEDTLS_DEBUG_C
8975requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8976requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8977run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8978 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8979 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8980 0 \
8981 -c "HTTP/1.0 200 OK" \
8982 -c "Protocol is TLSv1.3" \
8983 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8984 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8985 -c "NamedGroup: secp256r1 ( 17 )" \
8986 -c "Verifying peer X.509 certificate... ok" \
8987 -C "received HelloRetryRequest message"
8988
8989requires_gnutls_tls1_3
8990requires_gnutls_next_no_ticket
8991requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8992requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8993requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8994requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8995requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8996run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8997 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8998 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8999 0 \
9000 -c "HTTP/1.0 200 OK" \
9001 -c "Protocol is TLSv1.3" \
9002 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9003 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9004 -c "NamedGroup: secp256r1 ( 17 )" \
9005 -c "Verifying peer X.509 certificate... ok" \
9006 -C "received HelloRetryRequest message"
9007
9008requires_gnutls_tls1_3
9009requires_gnutls_next_no_ticket
9010requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9011requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9012requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9013requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9014requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9015run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9016 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9017 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9018 0 \
9019 -c "HTTP/1.0 200 OK" \
9020 -c "Protocol is TLSv1.3" \
9021 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9022 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9023 -c "NamedGroup: secp256r1 ( 17 )" \
9024 -c "Verifying peer X.509 certificate... ok" \
9025 -C "received HelloRetryRequest message"
9026
9027requires_gnutls_tls1_3
9028requires_gnutls_next_no_ticket
9029requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9030requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9031requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9032requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9033requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9034requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9035run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9036 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9037 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9038 0 \
9039 -c "HTTP/1.0 200 OK" \
9040 -c "Protocol is TLSv1.3" \
9041 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9042 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9043 -c "NamedGroup: secp256r1 ( 17 )" \
9044 -c "Verifying peer X.509 certificate... ok" \
9045 -C "received HelloRetryRequest message"
9046
9047requires_gnutls_tls1_3
9048requires_gnutls_next_no_ticket
9049requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9050requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9051requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9052requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9053requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9054run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9055 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9056 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9057 0 \
9058 -c "HTTP/1.0 200 OK" \
9059 -c "Protocol is TLSv1.3" \
9060 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9061 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9062 -c "NamedGroup: secp384r1 ( 18 )" \
9063 -c "Verifying peer X.509 certificate... ok" \
9064 -C "received HelloRetryRequest message"
9065
9066requires_gnutls_tls1_3
9067requires_gnutls_next_no_ticket
9068requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9069requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9070requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9071requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9072requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9073run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9074 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9075 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9076 0 \
9077 -c "HTTP/1.0 200 OK" \
9078 -c "Protocol is TLSv1.3" \
9079 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9080 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9081 -c "NamedGroup: secp384r1 ( 18 )" \
9082 -c "Verifying peer X.509 certificate... ok" \
9083 -C "received HelloRetryRequest message"
9084
9085requires_gnutls_tls1_3
9086requires_gnutls_next_no_ticket
9087requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9088requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9089requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9090requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9091requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9092run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9093 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9094 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9095 0 \
9096 -c "HTTP/1.0 200 OK" \
9097 -c "Protocol is TLSv1.3" \
9098 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9099 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9100 -c "NamedGroup: secp384r1 ( 18 )" \
9101 -c "Verifying peer X.509 certificate... ok" \
9102 -C "received HelloRetryRequest message"
9103
9104requires_gnutls_tls1_3
9105requires_gnutls_next_no_ticket
9106requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9107requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9108requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9109requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9110requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9111requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9112run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9113 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9114 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9115 0 \
9116 -c "HTTP/1.0 200 OK" \
9117 -c "Protocol is TLSv1.3" \
9118 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9119 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9120 -c "NamedGroup: secp384r1 ( 18 )" \
9121 -c "Verifying peer X.509 certificate... ok" \
9122 -C "received HelloRetryRequest message"
9123
9124requires_gnutls_tls1_3
9125requires_gnutls_next_no_ticket
9126requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9127requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9128requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9129requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9130requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9131run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9132 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9133 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9134 0 \
9135 -c "HTTP/1.0 200 OK" \
9136 -c "Protocol is TLSv1.3" \
9137 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9138 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9139 -c "NamedGroup: secp521r1 ( 19 )" \
9140 -c "Verifying peer X.509 certificate... ok" \
9141 -C "received HelloRetryRequest message"
9142
9143requires_gnutls_tls1_3
9144requires_gnutls_next_no_ticket
9145requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9146requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9147requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9148requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9149requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9150run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9151 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9152 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9153 0 \
9154 -c "HTTP/1.0 200 OK" \
9155 -c "Protocol is TLSv1.3" \
9156 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9157 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9158 -c "NamedGroup: secp521r1 ( 19 )" \
9159 -c "Verifying peer X.509 certificate... ok" \
9160 -C "received HelloRetryRequest message"
9161
9162requires_gnutls_tls1_3
9163requires_gnutls_next_no_ticket
9164requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9165requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9166requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9167requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9168requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9169run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9170 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9171 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9172 0 \
9173 -c "HTTP/1.0 200 OK" \
9174 -c "Protocol is TLSv1.3" \
9175 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9176 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9177 -c "NamedGroup: secp521r1 ( 19 )" \
9178 -c "Verifying peer X.509 certificate... ok" \
9179 -C "received HelloRetryRequest message"
9180
9181requires_gnutls_tls1_3
9182requires_gnutls_next_no_ticket
9183requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9184requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9185requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9186requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9187requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9188requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9189run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9190 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9191 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9192 0 \
9193 -c "HTTP/1.0 200 OK" \
9194 -c "Protocol is TLSv1.3" \
9195 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9196 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9197 -c "NamedGroup: secp521r1 ( 19 )" \
9198 -c "Verifying peer X.509 certificate... ok" \
9199 -C "received HelloRetryRequest message"
9200
9201requires_gnutls_tls1_3
9202requires_gnutls_next_no_ticket
9203requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9204requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9205requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9206requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9207requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9208run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9209 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9210 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9211 0 \
9212 -c "HTTP/1.0 200 OK" \
9213 -c "Protocol is TLSv1.3" \
9214 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9215 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9216 -c "NamedGroup: x25519 ( 1d )" \
9217 -c "Verifying peer X.509 certificate... ok" \
9218 -C "received HelloRetryRequest message"
9219
9220requires_gnutls_tls1_3
9221requires_gnutls_next_no_ticket
9222requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9223requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9224requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9225requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9226requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9227run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9228 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9229 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9230 0 \
9231 -c "HTTP/1.0 200 OK" \
9232 -c "Protocol is TLSv1.3" \
9233 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9234 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9235 -c "NamedGroup: x25519 ( 1d )" \
9236 -c "Verifying peer X.509 certificate... ok" \
9237 -C "received HelloRetryRequest message"
9238
9239requires_gnutls_tls1_3
9240requires_gnutls_next_no_ticket
9241requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9242requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9243requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9244requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9245requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9246run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9247 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9248 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9249 0 \
9250 -c "HTTP/1.0 200 OK" \
9251 -c "Protocol is TLSv1.3" \
9252 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9253 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9254 -c "NamedGroup: x25519 ( 1d )" \
9255 -c "Verifying peer X.509 certificate... ok" \
9256 -C "received HelloRetryRequest message"
9257
9258requires_gnutls_tls1_3
9259requires_gnutls_next_no_ticket
9260requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9261requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9262requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9263requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9264requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9265requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9266run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9267 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9268 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9269 0 \
9270 -c "HTTP/1.0 200 OK" \
9271 -c "Protocol is TLSv1.3" \
9272 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9273 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9274 -c "NamedGroup: x25519 ( 1d )" \
9275 -c "Verifying peer X.509 certificate... ok" \
9276 -C "received HelloRetryRequest message"
9277
9278requires_gnutls_tls1_3
9279requires_gnutls_next_no_ticket
9280requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9281requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9282requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9283requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9284requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9285run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9286 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9287 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9288 0 \
9289 -c "HTTP/1.0 200 OK" \
9290 -c "Protocol is TLSv1.3" \
9291 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9292 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9293 -c "NamedGroup: x448 ( 1e )" \
9294 -c "Verifying peer X.509 certificate... ok" \
9295 -C "received HelloRetryRequest message"
9296
9297requires_gnutls_tls1_3
9298requires_gnutls_next_no_ticket
9299requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9300requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9301requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9302requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9303requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9304run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9305 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9306 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9307 0 \
9308 -c "HTTP/1.0 200 OK" \
9309 -c "Protocol is TLSv1.3" \
9310 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9311 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9312 -c "NamedGroup: x448 ( 1e )" \
9313 -c "Verifying peer X.509 certificate... ok" \
9314 -C "received HelloRetryRequest message"
9315
9316requires_gnutls_tls1_3
9317requires_gnutls_next_no_ticket
9318requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9319requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9320requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9321requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9322requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9323run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9324 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9325 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9326 0 \
9327 -c "HTTP/1.0 200 OK" \
9328 -c "Protocol is TLSv1.3" \
9329 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9330 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9331 -c "NamedGroup: x448 ( 1e )" \
9332 -c "Verifying peer X.509 certificate... ok" \
9333 -C "received HelloRetryRequest message"
9334
9335requires_gnutls_tls1_3
9336requires_gnutls_next_no_ticket
9337requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9338requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9339requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9340requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9341requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9342requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9343run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9344 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9345 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9346 0 \
9347 -c "HTTP/1.0 200 OK" \
9348 -c "Protocol is TLSv1.3" \
9349 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9350 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9351 -c "NamedGroup: x448 ( 1e )" \
9352 -c "Verifying peer X.509 certificate... ok" \
9353 -C "received HelloRetryRequest message"
9354
9355requires_gnutls_tls1_3
9356requires_gnutls_next_no_ticket
9357requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9358requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9359requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9360requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9361requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9362run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
9363 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9364 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
9365 0 \
9366 -c "HTTP/1.0 200 OK" \
9367 -c "Protocol is TLSv1.3" \
9368 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9369 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9370 -c "NamedGroup: ffdhe2048 ( 100 )" \
9371 -c "Verifying peer X.509 certificate... ok" \
9372 -C "received HelloRetryRequest message"
9373
9374requires_gnutls_tls1_3
9375requires_gnutls_next_no_ticket
9376requires_gnutls_next_disable_tls13_compat
9377requires_config_enabled MBEDTLS_SSL_CLI_C
9378requires_config_enabled MBEDTLS_DEBUG_C
9379requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9380requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9381run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
9382 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9383 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
9384 0 \
9385 -c "HTTP/1.0 200 OK" \
9386 -c "Protocol is TLSv1.3" \
9387 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9388 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9389 -c "NamedGroup: ffdhe2048 ( 100 )" \
9390 -c "Verifying peer X.509 certificate... ok" \
9391 -C "received HelloRetryRequest message"
9392
9393requires_gnutls_tls1_3
9394requires_gnutls_next_no_ticket
9395requires_gnutls_next_disable_tls13_compat
9396requires_config_enabled MBEDTLS_SSL_CLI_C
9397requires_config_enabled MBEDTLS_DEBUG_C
9398requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9399requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9400run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
9401 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9402 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
9403 0 \
9404 -c "HTTP/1.0 200 OK" \
9405 -c "Protocol is TLSv1.3" \
9406 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9407 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9408 -c "NamedGroup: ffdhe2048 ( 100 )" \
9409 -c "Verifying peer X.509 certificate... ok" \
9410 -C "received HelloRetryRequest message"
9411
9412requires_gnutls_tls1_3
9413requires_gnutls_next_no_ticket
9414requires_gnutls_next_disable_tls13_compat
9415requires_config_enabled MBEDTLS_SSL_CLI_C
9416requires_config_enabled MBEDTLS_DEBUG_C
9417requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9418requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9419requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9420run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
9421 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9422 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
9423 0 \
9424 -c "HTTP/1.0 200 OK" \
9425 -c "Protocol is TLSv1.3" \
9426 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9427 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9428 -c "NamedGroup: ffdhe2048 ( 100 )" \
9429 -c "Verifying peer X.509 certificate... ok" \
9430 -C "received HelloRetryRequest message"
9431
9432requires_gnutls_tls1_3
9433requires_gnutls_next_no_ticket
9434requires_gnutls_next_disable_tls13_compat
9435requires_config_enabled MBEDTLS_SSL_CLI_C
9436requires_config_enabled MBEDTLS_DEBUG_C
9437requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9438requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9439run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
9440 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
9441 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
9442 0 \
9443 -c "HTTP/1.0 200 OK" \
9444 -c "Protocol is TLSv1.3" \
9445 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9446 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9447 -c "NamedGroup: ffdhe8192 ( 104 )" \
9448 -c "Verifying peer X.509 certificate... ok" \
9449 -C "received HelloRetryRequest message"
9450
9451requires_gnutls_tls1_3
9452requires_gnutls_next_no_ticket
9453requires_gnutls_next_disable_tls13_compat
9454requires_config_enabled MBEDTLS_SSL_CLI_C
9455requires_config_enabled MBEDTLS_DEBUG_C
9456requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9457requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9458run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
9459 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
9460 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
9461 0 \
9462 -c "HTTP/1.0 200 OK" \
9463 -c "Protocol is TLSv1.3" \
9464 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9465 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9466 -c "NamedGroup: ffdhe8192 ( 104 )" \
9467 -c "Verifying peer X.509 certificate... ok" \
9468 -C "received HelloRetryRequest message"
9469
9470requires_gnutls_tls1_3
9471requires_gnutls_next_no_ticket
9472requires_gnutls_next_disable_tls13_compat
9473requires_config_enabled MBEDTLS_SSL_CLI_C
9474requires_config_enabled MBEDTLS_DEBUG_C
9475requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9476requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9477run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
9478 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
9479 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
9480 0 \
9481 -c "HTTP/1.0 200 OK" \
9482 -c "Protocol is TLSv1.3" \
9483 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9484 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9485 -c "NamedGroup: ffdhe8192 ( 104 )" \
9486 -c "Verifying peer X.509 certificate... ok" \
9487 -C "received HelloRetryRequest message"
9488
9489requires_gnutls_tls1_3
9490requires_gnutls_next_no_ticket
9491requires_gnutls_next_disable_tls13_compat
9492requires_config_enabled MBEDTLS_SSL_CLI_C
9493requires_config_enabled MBEDTLS_DEBUG_C
9494requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9495requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9496requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9497run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
9498 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
9499 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
9500 0 \
9501 -c "HTTP/1.0 200 OK" \
9502 -c "Protocol is TLSv1.3" \
9503 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9504 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9505 -c "NamedGroup: ffdhe8192 ( 104 )" \
9506 -c "Verifying peer X.509 certificate... ok" \
9507 -C "received HelloRetryRequest message"
9508
9509requires_gnutls_tls1_3
9510requires_gnutls_next_no_ticket
9511requires_gnutls_next_disable_tls13_compat
9512requires_config_enabled MBEDTLS_SSL_CLI_C
9513requires_config_enabled MBEDTLS_DEBUG_C
9514requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9515requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9516run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9517 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9518 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9519 0 \
9520 -c "HTTP/1.0 200 OK" \
9521 -c "Protocol is TLSv1.3" \
9522 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9523 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9524 -c "NamedGroup: secp256r1 ( 17 )" \
9525 -c "Verifying peer X.509 certificate... ok" \
9526 -C "received HelloRetryRequest message"
9527
9528requires_gnutls_tls1_3
9529requires_gnutls_next_no_ticket
9530requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9531requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9532requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9533requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9534requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9535run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9536 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9537 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9538 0 \
9539 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9540 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9541 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9542 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9543 -c "NamedGroup: secp256r1 ( 17 )" \
9544 -c "Verifying peer X.509 certificate... ok" \
9545 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9546
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9547requires_gnutls_tls1_3
9548requires_gnutls_next_no_ticket
9549requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9550requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9551requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9552requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9553requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9554run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9555 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9556 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9557 0 \
9558 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9559 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9560 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9561 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9562 -c "NamedGroup: secp256r1 ( 17 )" \
9563 -c "Verifying peer X.509 certificate... ok" \
9564 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9565
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9566requires_gnutls_tls1_3
9567requires_gnutls_next_no_ticket
9568requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9569requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9570requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9571requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9572requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9573requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9574run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9575 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9576 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9577 0 \
9578 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9579 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9580 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9581 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9582 -c "NamedGroup: secp256r1 ( 17 )" \
9583 -c "Verifying peer X.509 certificate... ok" \
9584 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9585
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9586requires_gnutls_tls1_3
9587requires_gnutls_next_no_ticket
9588requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9589requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9590requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9591requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9592requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9593run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9594 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9595 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9596 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9597 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9598 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9599 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9600 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9601 -c "NamedGroup: secp384r1 ( 18 )" \
9602 -c "Verifying peer X.509 certificate... ok" \
9603 -C "received HelloRetryRequest message"
9604
9605requires_gnutls_tls1_3
9606requires_gnutls_next_no_ticket
9607requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9608requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9609requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9610requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9611requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9612run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9613 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9614 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9615 0 \
9616 -c "HTTP/1.0 200 OK" \
9617 -c "Protocol is TLSv1.3" \
9618 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9619 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9620 -c "NamedGroup: secp384r1 ( 18 )" \
9621 -c "Verifying peer X.509 certificate... ok" \
9622 -C "received HelloRetryRequest message"
9623
9624requires_gnutls_tls1_3
9625requires_gnutls_next_no_ticket
9626requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9627requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9628requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9629requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9630requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9631run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9632 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9633 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9634 0 \
9635 -c "HTTP/1.0 200 OK" \
9636 -c "Protocol is TLSv1.3" \
9637 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9638 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9639 -c "NamedGroup: secp384r1 ( 18 )" \
9640 -c "Verifying peer X.509 certificate... ok" \
9641 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9642
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9643requires_gnutls_tls1_3
9644requires_gnutls_next_no_ticket
9645requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9646requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9647requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9648requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9649requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9650requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9651run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9652 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9653 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9654 0 \
9655 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9656 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9657 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9658 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9659 -c "NamedGroup: secp384r1 ( 18 )" \
9660 -c "Verifying peer X.509 certificate... ok" \
9661 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9662
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9663requires_gnutls_tls1_3
9664requires_gnutls_next_no_ticket
9665requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9666requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9667requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9668requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9669requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9670run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9671 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9672 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9673 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9674 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9675 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9676 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9677 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9678 -c "NamedGroup: secp521r1 ( 19 )" \
9679 -c "Verifying peer X.509 certificate... ok" \
9680 -C "received HelloRetryRequest message"
9681
9682requires_gnutls_tls1_3
9683requires_gnutls_next_no_ticket
9684requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9685requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9686requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9687requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9688requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9689run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9690 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9691 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9692 0 \
9693 -c "HTTP/1.0 200 OK" \
9694 -c "Protocol is TLSv1.3" \
9695 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9696 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9697 -c "NamedGroup: secp521r1 ( 19 )" \
9698 -c "Verifying peer X.509 certificate... ok" \
9699 -C "received HelloRetryRequest message"
9700
9701requires_gnutls_tls1_3
9702requires_gnutls_next_no_ticket
9703requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9704requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9705requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9706requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9707requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9708run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9709 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9710 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9711 0 \
9712 -c "HTTP/1.0 200 OK" \
9713 -c "Protocol is TLSv1.3" \
9714 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9715 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9716 -c "NamedGroup: secp521r1 ( 19 )" \
9717 -c "Verifying peer X.509 certificate... ok" \
9718 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9719
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9720requires_gnutls_tls1_3
9721requires_gnutls_next_no_ticket
9722requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9723requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9724requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9725requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9726requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9727requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9728run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9729 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9730 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9731 0 \
9732 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9733 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9734 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9735 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9736 -c "NamedGroup: secp521r1 ( 19 )" \
9737 -c "Verifying peer X.509 certificate... ok" \
9738 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9739
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9740requires_gnutls_tls1_3
9741requires_gnutls_next_no_ticket
9742requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9743requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9744requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9745requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9746requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9747run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9748 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9749 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9750 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9751 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9752 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9753 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9754 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9755 -c "NamedGroup: x25519 ( 1d )" \
9756 -c "Verifying peer X.509 certificate... ok" \
9757 -C "received HelloRetryRequest message"
9758
9759requires_gnutls_tls1_3
9760requires_gnutls_next_no_ticket
9761requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9762requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9763requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9764requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9765requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9766run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9767 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9768 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9769 0 \
9770 -c "HTTP/1.0 200 OK" \
9771 -c "Protocol is TLSv1.3" \
9772 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9773 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9774 -c "NamedGroup: x25519 ( 1d )" \
9775 -c "Verifying peer X.509 certificate... ok" \
9776 -C "received HelloRetryRequest message"
9777
9778requires_gnutls_tls1_3
9779requires_gnutls_next_no_ticket
9780requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9781requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9782requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9783requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9784requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9785run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9786 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9787 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9788 0 \
9789 -c "HTTP/1.0 200 OK" \
9790 -c "Protocol is TLSv1.3" \
9791 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9792 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9793 -c "NamedGroup: x25519 ( 1d )" \
9794 -c "Verifying peer X.509 certificate... ok" \
9795 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9796
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9797requires_gnutls_tls1_3
9798requires_gnutls_next_no_ticket
9799requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9800requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9801requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9802requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9803requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9804requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9805run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9806 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9807 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9808 0 \
9809 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9810 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9811 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9812 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9813 -c "NamedGroup: x25519 ( 1d )" \
9814 -c "Verifying peer X.509 certificate... ok" \
9815 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9816
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9817requires_gnutls_tls1_3
9818requires_gnutls_next_no_ticket
9819requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9820requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9821requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9822requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9823requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9824run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9825 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9826 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9827 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9828 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9829 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9830 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9831 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9832 -c "NamedGroup: x448 ( 1e )" \
9833 -c "Verifying peer X.509 certificate... ok" \
9834 -C "received HelloRetryRequest message"
9835
9836requires_gnutls_tls1_3
9837requires_gnutls_next_no_ticket
9838requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9839requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9840requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9841requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9842requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9843run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9844 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9845 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9846 0 \
9847 -c "HTTP/1.0 200 OK" \
9848 -c "Protocol is TLSv1.3" \
9849 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9850 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9851 -c "NamedGroup: x448 ( 1e )" \
9852 -c "Verifying peer X.509 certificate... ok" \
9853 -C "received HelloRetryRequest message"
9854
9855requires_gnutls_tls1_3
9856requires_gnutls_next_no_ticket
9857requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9858requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9859requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9860requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9861requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9862run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9863 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9864 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9865 0 \
9866 -c "HTTP/1.0 200 OK" \
9867 -c "Protocol is TLSv1.3" \
9868 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9869 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9870 -c "NamedGroup: x448 ( 1e )" \
9871 -c "Verifying peer X.509 certificate... ok" \
9872 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9873
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9874requires_gnutls_tls1_3
9875requires_gnutls_next_no_ticket
9876requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9877requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9878requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9879requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9880requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9881requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9882run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9883 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9884 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9885 0 \
9886 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9887 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9888 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]9889 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9890 -c "NamedGroup: x448 ( 1e )" \
9891 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]9892 -C "received HelloRetryRequest message"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]9893
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9894requires_gnutls_tls1_3
9895requires_gnutls_next_no_ticket
9896requires_gnutls_next_disable_tls13_compat
9897requires_config_enabled MBEDTLS_SSL_CLI_C
9898requires_config_enabled MBEDTLS_DEBUG_C
9899requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9900requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9901run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
9902 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9903 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
9904 0 \
9905 -c "HTTP/1.0 200 OK" \
9906 -c "Protocol is TLSv1.3" \
9907 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9908 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9909 -c "NamedGroup: ffdhe2048 ( 100 )" \
9910 -c "Verifying peer X.509 certificate... ok" \
9911 -C "received HelloRetryRequest message"
9912
9913requires_gnutls_tls1_3
9914requires_gnutls_next_no_ticket
9915requires_gnutls_next_disable_tls13_compat
9916requires_config_enabled MBEDTLS_SSL_CLI_C
9917requires_config_enabled MBEDTLS_DEBUG_C
9918requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9919requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9920run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
9921 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9922 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
9923 0 \
9924 -c "HTTP/1.0 200 OK" \
9925 -c "Protocol is TLSv1.3" \
9926 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9927 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9928 -c "NamedGroup: ffdhe2048 ( 100 )" \
9929 -c "Verifying peer X.509 certificate... ok" \
9930 -C "received HelloRetryRequest message"
9931
9932requires_gnutls_tls1_3
9933requires_gnutls_next_no_ticket
9934requires_gnutls_next_disable_tls13_compat
9935requires_config_enabled MBEDTLS_SSL_CLI_C
9936requires_config_enabled MBEDTLS_DEBUG_C
9937requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9938requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9939run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
9940 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9941 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
9942 0 \
9943 -c "HTTP/1.0 200 OK" \
9944 -c "Protocol is TLSv1.3" \
9945 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9946 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9947 -c "NamedGroup: ffdhe2048 ( 100 )" \
9948 -c "Verifying peer X.509 certificate... ok" \
9949 -C "received HelloRetryRequest message"
9950
9951requires_gnutls_tls1_3
9952requires_gnutls_next_no_ticket
9953requires_gnutls_next_disable_tls13_compat
9954requires_config_enabled MBEDTLS_SSL_CLI_C
9955requires_config_enabled MBEDTLS_DEBUG_C
9956requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9957requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9958requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9959run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
9960 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9961 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
9962 0 \
9963 -c "HTTP/1.0 200 OK" \
9964 -c "Protocol is TLSv1.3" \
9965 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9966 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9967 -c "NamedGroup: ffdhe2048 ( 100 )" \
9968 -c "Verifying peer X.509 certificate... ok" \
9969 -C "received HelloRetryRequest message"
9970
9971requires_gnutls_tls1_3
9972requires_gnutls_next_no_ticket
9973requires_gnutls_next_disable_tls13_compat
9974requires_config_enabled MBEDTLS_SSL_CLI_C
9975requires_config_enabled MBEDTLS_DEBUG_C
9976requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9977requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9978run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
9979 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
9980 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
9981 0 \
9982 -c "HTTP/1.0 200 OK" \
9983 -c "Protocol is TLSv1.3" \
9984 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9985 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9986 -c "NamedGroup: ffdhe8192 ( 104 )" \
9987 -c "Verifying peer X.509 certificate... ok" \
9988 -C "received HelloRetryRequest message"
9989
9990requires_gnutls_tls1_3
9991requires_gnutls_next_no_ticket
9992requires_gnutls_next_disable_tls13_compat
9993requires_config_enabled MBEDTLS_SSL_CLI_C
9994requires_config_enabled MBEDTLS_DEBUG_C
9995requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9996requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9997run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
9998 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
9999 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
10000 0 \
10001 -c "HTTP/1.0 200 OK" \
10002 -c "Protocol is TLSv1.3" \
10003 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10004 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10005 -c "NamedGroup: ffdhe8192 ( 104 )" \
10006 -c "Verifying peer X.509 certificate... ok" \
10007 -C "received HelloRetryRequest message"
10008
10009requires_gnutls_tls1_3
10010requires_gnutls_next_no_ticket
10011requires_gnutls_next_disable_tls13_compat
10012requires_config_enabled MBEDTLS_SSL_CLI_C
10013requires_config_enabled MBEDTLS_DEBUG_C
10014requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10015requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10016run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
10017 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
10018 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
10019 0 \
10020 -c "HTTP/1.0 200 OK" \
10021 -c "Protocol is TLSv1.3" \
10022 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10023 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10024 -c "NamedGroup: ffdhe8192 ( 104 )" \
10025 -c "Verifying peer X.509 certificate... ok" \
10026 -C "received HelloRetryRequest message"
10027
10028requires_gnutls_tls1_3
10029requires_gnutls_next_no_ticket
10030requires_gnutls_next_disable_tls13_compat
10031requires_config_enabled MBEDTLS_SSL_CLI_C
10032requires_config_enabled MBEDTLS_DEBUG_C
10033requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10034requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10035requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10036run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
10037 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
10038 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
10039 0 \
10040 -c "HTTP/1.0 200 OK" \
10041 -c "Protocol is TLSv1.3" \
10042 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10043 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10044 -c "NamedGroup: ffdhe8192 ( 104 )" \
10045 -c "Verifying peer X.509 certificate... ok" \
10046 -C "received HelloRetryRequest message"
10047
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10048requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10049requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10050requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10051requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10052requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10053requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10054requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10055requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10056run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10057 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10058 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10059 0 \
10060 -s "Protocol is TLSv1.3" \
10061 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10062 -s "received signature algorithm: 0x403" \
10063 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10064 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10065 -c "Protocol is TLSv1.3" \
10066 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10067 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10068 -c "NamedGroup: secp256r1 ( 17 )" \
10069 -c "Verifying peer X.509 certificate... ok" \
10070 -C "received HelloRetryRequest message"
10071
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10072requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10073requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10074requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10075requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10076requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10077requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10078requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10079requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10080run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10081 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10082 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10083 0 \
10084 -s "Protocol is TLSv1.3" \
10085 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10086 -s "received signature algorithm: 0x503" \
10087 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10088 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10089 -c "Protocol is TLSv1.3" \
10090 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10091 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10092 -c "NamedGroup: secp256r1 ( 17 )" \
10093 -c "Verifying peer X.509 certificate... ok" \
10094 -C "received HelloRetryRequest message"
10095
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10096requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10097requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10098requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10099requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10100requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10101requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10102requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10103requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10104run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10105 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10106 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10107 0 \
10108 -s "Protocol is TLSv1.3" \
10109 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10110 -s "received signature algorithm: 0x603" \
10111 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10112 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10113 -c "Protocol is TLSv1.3" \
10114 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10115 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10116 -c "NamedGroup: secp256r1 ( 17 )" \
10117 -c "Verifying peer X.509 certificate... ok" \
10118 -C "received HelloRetryRequest message"
10119
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10120requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10121requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10122requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10123requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10124requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10125requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10126requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10127requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10128requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10129requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10130run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10131 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10132 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10133 0 \
10134 -s "Protocol is TLSv1.3" \
10135 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10136 -s "received signature algorithm: 0x804" \
10137 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10138 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10139 -c "Protocol is TLSv1.3" \
10140 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10141 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10142 -c "NamedGroup: secp256r1 ( 17 )" \
10143 -c "Verifying peer X.509 certificate... ok" \
10144 -C "received HelloRetryRequest message"
10145
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10146requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10147requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10148requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10149requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10150requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10151requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10152requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10153requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10154run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10155 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10156 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10157 0 \
10158 -s "Protocol is TLSv1.3" \
10159 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10160 -s "received signature algorithm: 0x403" \
10161 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10162 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10163 -c "Protocol is TLSv1.3" \
10164 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10165 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10166 -c "NamedGroup: secp384r1 ( 18 )" \
10167 -c "Verifying peer X.509 certificate... ok" \
10168 -C "received HelloRetryRequest message"
10169
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10170requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10171requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10172requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10173requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10174requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10175requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10176requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10177requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10178run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10179 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10180 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10181 0 \
10182 -s "Protocol is TLSv1.3" \
10183 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10184 -s "received signature algorithm: 0x503" \
10185 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10186 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10187 -c "Protocol is TLSv1.3" \
10188 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10189 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10190 -c "NamedGroup: secp384r1 ( 18 )" \
10191 -c "Verifying peer X.509 certificate... ok" \
10192 -C "received HelloRetryRequest message"
10193
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10194requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10195requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10196requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10197requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10198requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10199requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10200requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10201requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10202run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10203 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10204 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10205 0 \
10206 -s "Protocol is TLSv1.3" \
10207 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10208 -s "received signature algorithm: 0x603" \
10209 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10210 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10211 -c "Protocol is TLSv1.3" \
10212 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10213 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10214 -c "NamedGroup: secp384r1 ( 18 )" \
10215 -c "Verifying peer X.509 certificate... ok" \
10216 -C "received HelloRetryRequest message"
10217
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10218requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10219requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10220requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10221requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10222requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10223requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10224requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10225requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10226requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10227requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10228run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10229 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10230 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10231 0 \
10232 -s "Protocol is TLSv1.3" \
10233 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10234 -s "received signature algorithm: 0x804" \
10235 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10236 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10237 -c "Protocol is TLSv1.3" \
10238 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10239 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10240 -c "NamedGroup: secp384r1 ( 18 )" \
10241 -c "Verifying peer X.509 certificate... ok" \
10242 -C "received HelloRetryRequest message"
10243
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10244requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10245requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10246requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10247requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10248requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10249requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10250requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10251requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10252run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10253 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10254 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10255 0 \
10256 -s "Protocol is TLSv1.3" \
10257 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10258 -s "received signature algorithm: 0x403" \
10259 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10260 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10261 -c "Protocol is TLSv1.3" \
10262 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10263 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10264 -c "NamedGroup: secp521r1 ( 19 )" \
10265 -c "Verifying peer X.509 certificate... ok" \
10266 -C "received HelloRetryRequest message"
10267
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10268requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10269requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10270requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10271requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10272requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10273requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10274requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10275requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10276run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10277 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10278 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10279 0 \
10280 -s "Protocol is TLSv1.3" \
10281 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10282 -s "received signature algorithm: 0x503" \
10283 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10284 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10285 -c "Protocol is TLSv1.3" \
10286 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10287 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10288 -c "NamedGroup: secp521r1 ( 19 )" \
10289 -c "Verifying peer X.509 certificate... ok" \
10290 -C "received HelloRetryRequest message"
10291
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10292requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10293requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10294requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10295requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10296requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10297requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10298requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10299requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10300run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10301 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10302 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10303 0 \
10304 -s "Protocol is TLSv1.3" \
10305 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10306 -s "received signature algorithm: 0x603" \
10307 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10308 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10309 -c "Protocol is TLSv1.3" \
10310 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10311 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10312 -c "NamedGroup: secp521r1 ( 19 )" \
10313 -c "Verifying peer X.509 certificate... ok" \
10314 -C "received HelloRetryRequest message"
10315
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10316requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10317requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10318requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10319requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10320requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10321requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10322requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10323requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10324requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10325requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10326run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10327 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10328 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10329 0 \
10330 -s "Protocol is TLSv1.3" \
10331 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10332 -s "received signature algorithm: 0x804" \
10333 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10334 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10335 -c "Protocol is TLSv1.3" \
10336 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10337 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10338 -c "NamedGroup: secp521r1 ( 19 )" \
10339 -c "Verifying peer X.509 certificate... ok" \
10340 -C "received HelloRetryRequest message"
10341
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10342requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10343requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10344requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10345requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10346requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10347requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10348requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10349requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10350run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10351 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10352 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10353 0 \
10354 -s "Protocol is TLSv1.3" \
10355 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10356 -s "received signature algorithm: 0x403" \
10357 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10358 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10359 -c "Protocol is TLSv1.3" \
10360 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10361 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10362 -c "NamedGroup: x25519 ( 1d )" \
10363 -c "Verifying peer X.509 certificate... ok" \
10364 -C "received HelloRetryRequest message"
10365
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10366requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10367requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10368requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10369requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10370requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10371requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10372requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10373requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10374run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10375 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10376 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10377 0 \
10378 -s "Protocol is TLSv1.3" \
10379 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10380 -s "received signature algorithm: 0x503" \
10381 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10382 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10383 -c "Protocol is TLSv1.3" \
10384 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10385 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10386 -c "NamedGroup: x25519 ( 1d )" \
10387 -c "Verifying peer X.509 certificate... ok" \
10388 -C "received HelloRetryRequest message"
10389
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10390requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10391requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10392requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10393requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10394requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10395requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10396requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10397requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10398run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10399 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10400 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10401 0 \
10402 -s "Protocol is TLSv1.3" \
10403 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10404 -s "received signature algorithm: 0x603" \
10405 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10406 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10407 -c "Protocol is TLSv1.3" \
10408 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10409 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10410 -c "NamedGroup: x25519 ( 1d )" \
10411 -c "Verifying peer X.509 certificate... ok" \
10412 -C "received HelloRetryRequest message"
10413
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10414requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10415requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10416requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10417requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10418requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10419requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10420requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10421requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10422requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10423requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10424run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10425 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10426 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10427 0 \
10428 -s "Protocol is TLSv1.3" \
10429 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10430 -s "received signature algorithm: 0x804" \
10431 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10432 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10433 -c "Protocol is TLSv1.3" \
10434 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10435 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10436 -c "NamedGroup: x25519 ( 1d )" \
10437 -c "Verifying peer X.509 certificate... ok" \
10438 -C "received HelloRetryRequest message"
10439
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10440requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10441requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10442requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10443requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10444requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10445requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10446requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10447requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10448run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10449 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10450 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10451 0 \
10452 -s "Protocol is TLSv1.3" \
10453 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10454 -s "received signature algorithm: 0x403" \
10455 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10456 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10457 -c "Protocol is TLSv1.3" \
10458 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10459 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10460 -c "NamedGroup: x448 ( 1e )" \
10461 -c "Verifying peer X.509 certificate... ok" \
10462 -C "received HelloRetryRequest message"
10463
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10464requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10465requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10466requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10467requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10468requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10469requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10470requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10471requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10472run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10473 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10474 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10475 0 \
10476 -s "Protocol is TLSv1.3" \
10477 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10478 -s "received signature algorithm: 0x503" \
10479 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10480 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10481 -c "Protocol is TLSv1.3" \
10482 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10483 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10484 -c "NamedGroup: x448 ( 1e )" \
10485 -c "Verifying peer X.509 certificate... ok" \
10486 -C "received HelloRetryRequest message"
10487
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10488requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10489requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10490requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10491requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10492requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10493requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10494requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10495requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10496run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10497 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10498 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10499 0 \
10500 -s "Protocol is TLSv1.3" \
10501 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10502 -s "received signature algorithm: 0x603" \
10503 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10504 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10505 -c "Protocol is TLSv1.3" \
10506 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10507 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10508 -c "NamedGroup: x448 ( 1e )" \
10509 -c "Verifying peer X.509 certificate... ok" \
10510 -C "received HelloRetryRequest message"
10511
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10512requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10513requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10514requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10515requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10516requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10517requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10518requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10519requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10520requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10521requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10522run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10523 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10524 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10525 0 \
10526 -s "Protocol is TLSv1.3" \
10527 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10528 -s "received signature algorithm: 0x804" \
10529 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10530 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10531 -c "Protocol is TLSv1.3" \
10532 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10533 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10534 -c "NamedGroup: x448 ( 1e )" \
10535 -c "Verifying peer X.509 certificate... ok" \
10536 -C "received HelloRetryRequest message"
10537
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10538requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10539requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10540requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10541requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10542requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10543requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10544requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10545requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10546run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
10547 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10548 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
10549 0 \
10550 -s "Protocol is TLSv1.3" \
10551 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10552 -s "received signature algorithm: 0x403" \
10553 -s "got named group: ffdhe2048(0100)" \
10554 -s "Certificate verification was skipped" \
10555 -c "Protocol is TLSv1.3" \
10556 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10557 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10558 -c "NamedGroup: ffdhe2048 ( 100 )" \
10559 -c "Verifying peer X.509 certificate... ok" \
10560 -C "received HelloRetryRequest message"
10561
10562requires_config_enabled MBEDTLS_SSL_SRV_C
10563requires_config_enabled MBEDTLS_DEBUG_C
10564requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10565requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10566requires_config_enabled MBEDTLS_SSL_CLI_C
10567requires_config_enabled MBEDTLS_DEBUG_C
10568requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10569requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10570run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
10571 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10572 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
10573 0 \
10574 -s "Protocol is TLSv1.3" \
10575 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10576 -s "received signature algorithm: 0x503" \
10577 -s "got named group: ffdhe2048(0100)" \
10578 -s "Certificate verification was skipped" \
10579 -c "Protocol is TLSv1.3" \
10580 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10581 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10582 -c "NamedGroup: ffdhe2048 ( 100 )" \
10583 -c "Verifying peer X.509 certificate... ok" \
10584 -C "received HelloRetryRequest message"
10585
10586requires_config_enabled MBEDTLS_SSL_SRV_C
10587requires_config_enabled MBEDTLS_DEBUG_C
10588requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10589requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10590requires_config_enabled MBEDTLS_SSL_CLI_C
10591requires_config_enabled MBEDTLS_DEBUG_C
10592requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10593requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10594run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
10595 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10596 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
10597 0 \
10598 -s "Protocol is TLSv1.3" \
10599 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10600 -s "received signature algorithm: 0x603" \
10601 -s "got named group: ffdhe2048(0100)" \
10602 -s "Certificate verification was skipped" \
10603 -c "Protocol is TLSv1.3" \
10604 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10605 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10606 -c "NamedGroup: ffdhe2048 ( 100 )" \
10607 -c "Verifying peer X.509 certificate... ok" \
10608 -C "received HelloRetryRequest message"
10609
10610requires_config_enabled MBEDTLS_SSL_SRV_C
10611requires_config_enabled MBEDTLS_DEBUG_C
10612requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10613requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10614requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10615requires_config_enabled MBEDTLS_SSL_CLI_C
10616requires_config_enabled MBEDTLS_DEBUG_C
10617requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10618requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10619requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10620run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
10621 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10622 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
10623 0 \
10624 -s "Protocol is TLSv1.3" \
10625 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10626 -s "received signature algorithm: 0x804" \
10627 -s "got named group: ffdhe2048(0100)" \
10628 -s "Certificate verification was skipped" \
10629 -c "Protocol is TLSv1.3" \
10630 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10631 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10632 -c "NamedGroup: ffdhe2048 ( 100 )" \
10633 -c "Verifying peer X.509 certificate... ok" \
10634 -C "received HelloRetryRequest message"
10635
10636requires_config_enabled MBEDTLS_SSL_SRV_C
10637requires_config_enabled MBEDTLS_DEBUG_C
10638requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10639requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10640requires_config_enabled MBEDTLS_SSL_CLI_C
10641requires_config_enabled MBEDTLS_DEBUG_C
10642requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10643requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10644run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
10645 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10646 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
10647 0 \
10648 -s "Protocol is TLSv1.3" \
10649 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10650 -s "received signature algorithm: 0x403" \
10651 -s "got named group: ffdhe8192(0104)" \
10652 -s "Certificate verification was skipped" \
10653 -c "Protocol is TLSv1.3" \
10654 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10655 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10656 -c "NamedGroup: ffdhe8192 ( 104 )" \
10657 -c "Verifying peer X.509 certificate... ok" \
10658 -C "received HelloRetryRequest message"
10659
10660requires_config_enabled MBEDTLS_SSL_SRV_C
10661requires_config_enabled MBEDTLS_DEBUG_C
10662requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10663requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10664requires_config_enabled MBEDTLS_SSL_CLI_C
10665requires_config_enabled MBEDTLS_DEBUG_C
10666requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10667requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10668run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
10669 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10670 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
10671 0 \
10672 -s "Protocol is TLSv1.3" \
10673 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10674 -s "received signature algorithm: 0x503" \
10675 -s "got named group: ffdhe8192(0104)" \
10676 -s "Certificate verification was skipped" \
10677 -c "Protocol is TLSv1.3" \
10678 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10679 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10680 -c "NamedGroup: ffdhe8192 ( 104 )" \
10681 -c "Verifying peer X.509 certificate... ok" \
10682 -C "received HelloRetryRequest message"
10683
10684requires_config_enabled MBEDTLS_SSL_SRV_C
10685requires_config_enabled MBEDTLS_DEBUG_C
10686requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10687requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10688requires_config_enabled MBEDTLS_SSL_CLI_C
10689requires_config_enabled MBEDTLS_DEBUG_C
10690requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10691requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10692run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
10693 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10694 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
10695 0 \
10696 -s "Protocol is TLSv1.3" \
10697 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10698 -s "received signature algorithm: 0x603" \
10699 -s "got named group: ffdhe8192(0104)" \
10700 -s "Certificate verification was skipped" \
10701 -c "Protocol is TLSv1.3" \
10702 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10703 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10704 -c "NamedGroup: ffdhe8192 ( 104 )" \
10705 -c "Verifying peer X.509 certificate... ok" \
10706 -C "received HelloRetryRequest message"
10707
10708requires_config_enabled MBEDTLS_SSL_SRV_C
10709requires_config_enabled MBEDTLS_DEBUG_C
10710requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10711requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10712requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10713requires_config_enabled MBEDTLS_SSL_CLI_C
10714requires_config_enabled MBEDTLS_DEBUG_C
10715requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10716requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10717requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10718run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
10719 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10720 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
10721 0 \
10722 -s "Protocol is TLSv1.3" \
10723 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10724 -s "received signature algorithm: 0x804" \
10725 -s "got named group: ffdhe8192(0104)" \
10726 -s "Certificate verification was skipped" \
10727 -c "Protocol is TLSv1.3" \
10728 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10729 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10730 -c "NamedGroup: ffdhe8192 ( 104 )" \
10731 -c "Verifying peer X.509 certificate... ok" \
10732 -C "received HelloRetryRequest message"
10733
10734requires_config_enabled MBEDTLS_SSL_SRV_C
10735requires_config_enabled MBEDTLS_DEBUG_C
10736requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10737requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10738requires_config_enabled MBEDTLS_SSL_CLI_C
10739requires_config_enabled MBEDTLS_DEBUG_C
10740requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10741requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10742run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10743 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10744 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10745 0 \
10746 -s "Protocol is TLSv1.3" \
10747 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10748 -s "received signature algorithm: 0x403" \
10749 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10750 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10751 -c "Protocol is TLSv1.3" \
10752 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10753 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10754 -c "NamedGroup: secp256r1 ( 17 )" \
10755 -c "Verifying peer X.509 certificate... ok" \
10756 -C "received HelloRetryRequest message"
10757
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10758requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10759requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10760requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10761requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10762requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10763requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10764requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10765requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10766run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10767 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10768 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10769 0 \
10770 -s "Protocol is TLSv1.3" \
10771 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10772 -s "received signature algorithm: 0x503" \
10773 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10774 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10775 -c "Protocol is TLSv1.3" \
10776 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10777 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10778 -c "NamedGroup: secp256r1 ( 17 )" \
10779 -c "Verifying peer X.509 certificate... ok" \
10780 -C "received HelloRetryRequest message"
10781
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10782requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10783requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10784requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10785requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10786requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10787requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10788requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10789requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10790run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10791 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10792 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10793 0 \
10794 -s "Protocol is TLSv1.3" \
10795 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10796 -s "received signature algorithm: 0x603" \
10797 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10798 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10799 -c "Protocol is TLSv1.3" \
10800 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10801 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10802 -c "NamedGroup: secp256r1 ( 17 )" \
10803 -c "Verifying peer X.509 certificate... ok" \
10804 -C "received HelloRetryRequest message"
10805
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10806requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10807requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10808requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10809requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10810requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10811requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10812requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10813requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10814requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10815requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10816run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10817 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10818 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10819 0 \
10820 -s "Protocol is TLSv1.3" \
10821 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10822 -s "received signature algorithm: 0x804" \
10823 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10824 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10825 -c "Protocol is TLSv1.3" \
10826 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10827 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10828 -c "NamedGroup: secp256r1 ( 17 )" \
10829 -c "Verifying peer X.509 certificate... ok" \
10830 -C "received HelloRetryRequest message"
10831
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10832requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10833requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10834requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10835requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10836requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10837requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10838requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10839requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10840run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10841 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10842 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10843 0 \
10844 -s "Protocol is TLSv1.3" \
10845 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10846 -s "received signature algorithm: 0x403" \
10847 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10848 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10849 -c "Protocol is TLSv1.3" \
10850 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10851 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10852 -c "NamedGroup: secp384r1 ( 18 )" \
10853 -c "Verifying peer X.509 certificate... ok" \
10854 -C "received HelloRetryRequest message"
10855
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10856requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10857requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10858requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10859requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10860requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10861requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10862requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10863requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10864run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10865 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10866 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10867 0 \
10868 -s "Protocol is TLSv1.3" \
10869 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10870 -s "received signature algorithm: 0x503" \
10871 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10872 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10873 -c "Protocol is TLSv1.3" \
10874 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10875 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10876 -c "NamedGroup: secp384r1 ( 18 )" \
10877 -c "Verifying peer X.509 certificate... ok" \
10878 -C "received HelloRetryRequest message"
10879
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10880requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10881requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10882requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10883requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10884requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10885requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10886requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10887requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10888run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10889 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10890 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10891 0 \
10892 -s "Protocol is TLSv1.3" \
10893 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10894 -s "received signature algorithm: 0x603" \
10895 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10896 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10897 -c "Protocol is TLSv1.3" \
10898 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10899 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10900 -c "NamedGroup: secp384r1 ( 18 )" \
10901 -c "Verifying peer X.509 certificate... ok" \
10902 -C "received HelloRetryRequest message"
10903
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10904requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10905requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10906requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10907requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10908requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10909requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10910requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10911requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10912requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10913requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10914run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10915 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10916 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10917 0 \
10918 -s "Protocol is TLSv1.3" \
10919 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10920 -s "received signature algorithm: 0x804" \
10921 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10922 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10923 -c "Protocol is TLSv1.3" \
10924 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10925 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10926 -c "NamedGroup: secp384r1 ( 18 )" \
10927 -c "Verifying peer X.509 certificate... ok" \
10928 -C "received HelloRetryRequest message"
10929
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10930requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10931requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10932requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10933requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10934requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10935requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10936requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10937requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10938run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10939 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10940 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10941 0 \
10942 -s "Protocol is TLSv1.3" \
10943 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10944 -s "received signature algorithm: 0x403" \
10945 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10946 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10947 -c "Protocol is TLSv1.3" \
10948 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10949 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10950 -c "NamedGroup: secp521r1 ( 19 )" \
10951 -c "Verifying peer X.509 certificate... ok" \
10952 -C "received HelloRetryRequest message"
10953
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10954requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10955requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10956requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10957requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10958requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10959requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10960requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10961requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10962run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10963 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10964 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10965 0 \
10966 -s "Protocol is TLSv1.3" \
10967 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10968 -s "received signature algorithm: 0x503" \
10969 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10970 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10971 -c "Protocol is TLSv1.3" \
10972 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10973 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10974 -c "NamedGroup: secp521r1 ( 19 )" \
10975 -c "Verifying peer X.509 certificate... ok" \
10976 -C "received HelloRetryRequest message"
10977
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10978requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10979requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10980requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10981requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10982requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10983requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10984requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10985requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10986run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10987 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10988 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10989 0 \
10990 -s "Protocol is TLSv1.3" \
10991 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10992 -s "received signature algorithm: 0x603" \
10993 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10994 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10995 -c "Protocol is TLSv1.3" \
10996 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10997 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10998 -c "NamedGroup: secp521r1 ( 19 )" \
10999 -c "Verifying peer X.509 certificate... ok" \
11000 -C "received HelloRetryRequest message"
11001
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11002requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11003requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11004requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11005requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11006requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11007requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11008requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11009requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11010requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11011requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11012run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11013 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11014 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11015 0 \
11016 -s "Protocol is TLSv1.3" \
11017 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11018 -s "received signature algorithm: 0x804" \
11019 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11020 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11021 -c "Protocol is TLSv1.3" \
11022 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11023 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11024 -c "NamedGroup: secp521r1 ( 19 )" \
11025 -c "Verifying peer X.509 certificate... ok" \
11026 -C "received HelloRetryRequest message"
11027
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11028requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11029requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11030requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11031requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11032requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11033requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11034requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11035requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11036run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11037 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11038 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11039 0 \
11040 -s "Protocol is TLSv1.3" \
11041 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11042 -s "received signature algorithm: 0x403" \
11043 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11044 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11045 -c "Protocol is TLSv1.3" \
11046 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11047 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11048 -c "NamedGroup: x25519 ( 1d )" \
11049 -c "Verifying peer X.509 certificate... ok" \
11050 -C "received HelloRetryRequest message"
11051
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11052requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11053requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11054requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11055requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11056requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11057requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11058requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11059requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11060run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11061 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11062 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11063 0 \
11064 -s "Protocol is TLSv1.3" \
11065 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11066 -s "received signature algorithm: 0x503" \
11067 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11068 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11069 -c "Protocol is TLSv1.3" \
11070 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11071 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11072 -c "NamedGroup: x25519 ( 1d )" \
11073 -c "Verifying peer X.509 certificate... ok" \
11074 -C "received HelloRetryRequest message"
11075
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11076requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11077requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11078requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11079requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11080requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11081requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11082requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11083requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11084run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11085 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11086 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11087 0 \
11088 -s "Protocol is TLSv1.3" \
11089 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11090 -s "received signature algorithm: 0x603" \
11091 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11092 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11093 -c "Protocol is TLSv1.3" \
11094 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11095 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11096 -c "NamedGroup: x25519 ( 1d )" \
11097 -c "Verifying peer X.509 certificate... ok" \
11098 -C "received HelloRetryRequest message"
11099
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11100requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11101requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11102requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11103requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11104requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11105requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11106requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11107requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11108requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11109requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11110run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11111 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11112 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11113 0 \
11114 -s "Protocol is TLSv1.3" \
11115 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11116 -s "received signature algorithm: 0x804" \
11117 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11118 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11119 -c "Protocol is TLSv1.3" \
11120 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11121 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11122 -c "NamedGroup: x25519 ( 1d )" \
11123 -c "Verifying peer X.509 certificate... ok" \
11124 -C "received HelloRetryRequest message"
11125
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11126requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11127requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11128requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11129requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11130requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11131requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11132requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11133requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11134run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11135 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11136 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11137 0 \
11138 -s "Protocol is TLSv1.3" \
11139 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11140 -s "received signature algorithm: 0x403" \
11141 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11142 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11143 -c "Protocol is TLSv1.3" \
11144 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11145 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11146 -c "NamedGroup: x448 ( 1e )" \
11147 -c "Verifying peer X.509 certificate... ok" \
11148 -C "received HelloRetryRequest message"
11149
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11150requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11151requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11152requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11153requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11154requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11155requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11156requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11157requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11158run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11159 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11160 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11161 0 \
11162 -s "Protocol is TLSv1.3" \
11163 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11164 -s "received signature algorithm: 0x503" \
11165 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11166 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11167 -c "Protocol is TLSv1.3" \
11168 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11169 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11170 -c "NamedGroup: x448 ( 1e )" \
11171 -c "Verifying peer X.509 certificate... ok" \
11172 -C "received HelloRetryRequest message"
11173
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11174requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11175requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11176requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11177requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11178requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11179requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11180requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11181requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11182run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11183 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11184 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11185 0 \
11186 -s "Protocol is TLSv1.3" \
11187 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11188 -s "received signature algorithm: 0x603" \
11189 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11190 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11191 -c "Protocol is TLSv1.3" \
11192 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11193 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11194 -c "NamedGroup: x448 ( 1e )" \
11195 -c "Verifying peer X.509 certificate... ok" \
11196 -C "received HelloRetryRequest message"
11197
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11198requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11199requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11200requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11201requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11202requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11203requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11204requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11205requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11206requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11207requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11208run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11209 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11210 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11211 0 \
11212 -s "Protocol is TLSv1.3" \
11213 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11214 -s "received signature algorithm: 0x804" \
11215 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11216 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11217 -c "Protocol is TLSv1.3" \
11218 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11219 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11220 -c "NamedGroup: x448 ( 1e )" \
11221 -c "Verifying peer X.509 certificate... ok" \
11222 -C "received HelloRetryRequest message"
11223
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11224requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11225requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11226requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11227requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11228requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11229requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11230requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11231requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11232run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
11233 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11234 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
11235 0 \
11236 -s "Protocol is TLSv1.3" \
11237 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11238 -s "received signature algorithm: 0x403" \
11239 -s "got named group: ffdhe2048(0100)" \
11240 -s "Certificate verification was skipped" \
11241 -c "Protocol is TLSv1.3" \
11242 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11243 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11244 -c "NamedGroup: ffdhe2048 ( 100 )" \
11245 -c "Verifying peer X.509 certificate... ok" \
11246 -C "received HelloRetryRequest message"
11247
11248requires_config_enabled MBEDTLS_SSL_SRV_C
11249requires_config_enabled MBEDTLS_DEBUG_C
11250requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11251requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11252requires_config_enabled MBEDTLS_SSL_CLI_C
11253requires_config_enabled MBEDTLS_DEBUG_C
11254requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11255requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11256run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
11257 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11258 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
11259 0 \
11260 -s "Protocol is TLSv1.3" \
11261 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11262 -s "received signature algorithm: 0x503" \
11263 -s "got named group: ffdhe2048(0100)" \
11264 -s "Certificate verification was skipped" \
11265 -c "Protocol is TLSv1.3" \
11266 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11267 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11268 -c "NamedGroup: ffdhe2048 ( 100 )" \
11269 -c "Verifying peer X.509 certificate... ok" \
11270 -C "received HelloRetryRequest message"
11271
11272requires_config_enabled MBEDTLS_SSL_SRV_C
11273requires_config_enabled MBEDTLS_DEBUG_C
11274requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11275requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11276requires_config_enabled MBEDTLS_SSL_CLI_C
11277requires_config_enabled MBEDTLS_DEBUG_C
11278requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11279requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11280run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
11281 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11282 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
11283 0 \
11284 -s "Protocol is TLSv1.3" \
11285 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11286 -s "received signature algorithm: 0x603" \
11287 -s "got named group: ffdhe2048(0100)" \
11288 -s "Certificate verification was skipped" \
11289 -c "Protocol is TLSv1.3" \
11290 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11291 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11292 -c "NamedGroup: ffdhe2048 ( 100 )" \
11293 -c "Verifying peer X.509 certificate... ok" \
11294 -C "received HelloRetryRequest message"
11295
11296requires_config_enabled MBEDTLS_SSL_SRV_C
11297requires_config_enabled MBEDTLS_DEBUG_C
11298requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11299requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11300requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11301requires_config_enabled MBEDTLS_SSL_CLI_C
11302requires_config_enabled MBEDTLS_DEBUG_C
11303requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11304requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11305requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11306run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
11307 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11308 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
11309 0 \
11310 -s "Protocol is TLSv1.3" \
11311 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11312 -s "received signature algorithm: 0x804" \
11313 -s "got named group: ffdhe2048(0100)" \
11314 -s "Certificate verification was skipped" \
11315 -c "Protocol is TLSv1.3" \
11316 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11317 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11318 -c "NamedGroup: ffdhe2048 ( 100 )" \
11319 -c "Verifying peer X.509 certificate... ok" \
11320 -C "received HelloRetryRequest message"
11321
11322requires_config_enabled MBEDTLS_SSL_SRV_C
11323requires_config_enabled MBEDTLS_DEBUG_C
11324requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11325requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11326requires_config_enabled MBEDTLS_SSL_CLI_C
11327requires_config_enabled MBEDTLS_DEBUG_C
11328requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11329requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11330run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
11331 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11332 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
11333 0 \
11334 -s "Protocol is TLSv1.3" \
11335 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11336 -s "received signature algorithm: 0x403" \
11337 -s "got named group: ffdhe8192(0104)" \
11338 -s "Certificate verification was skipped" \
11339 -c "Protocol is TLSv1.3" \
11340 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11341 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11342 -c "NamedGroup: ffdhe8192 ( 104 )" \
11343 -c "Verifying peer X.509 certificate... ok" \
11344 -C "received HelloRetryRequest message"
11345
11346requires_config_enabled MBEDTLS_SSL_SRV_C
11347requires_config_enabled MBEDTLS_DEBUG_C
11348requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11349requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11350requires_config_enabled MBEDTLS_SSL_CLI_C
11351requires_config_enabled MBEDTLS_DEBUG_C
11352requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11353requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11354run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
11355 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11356 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
11357 0 \
11358 -s "Protocol is TLSv1.3" \
11359 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11360 -s "received signature algorithm: 0x503" \
11361 -s "got named group: ffdhe8192(0104)" \
11362 -s "Certificate verification was skipped" \
11363 -c "Protocol is TLSv1.3" \
11364 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11365 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11366 -c "NamedGroup: ffdhe8192 ( 104 )" \
11367 -c "Verifying peer X.509 certificate... ok" \
11368 -C "received HelloRetryRequest message"
11369
11370requires_config_enabled MBEDTLS_SSL_SRV_C
11371requires_config_enabled MBEDTLS_DEBUG_C
11372requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11373requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11374requires_config_enabled MBEDTLS_SSL_CLI_C
11375requires_config_enabled MBEDTLS_DEBUG_C
11376requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11377requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11378run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
11379 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11380 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
11381 0 \
11382 -s "Protocol is TLSv1.3" \
11383 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11384 -s "received signature algorithm: 0x603" \
11385 -s "got named group: ffdhe8192(0104)" \
11386 -s "Certificate verification was skipped" \
11387 -c "Protocol is TLSv1.3" \
11388 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11389 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11390 -c "NamedGroup: ffdhe8192 ( 104 )" \
11391 -c "Verifying peer X.509 certificate... ok" \
11392 -C "received HelloRetryRequest message"
11393
11394requires_config_enabled MBEDTLS_SSL_SRV_C
11395requires_config_enabled MBEDTLS_DEBUG_C
11396requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11397requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11398requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11399requires_config_enabled MBEDTLS_SSL_CLI_C
11400requires_config_enabled MBEDTLS_DEBUG_C
11401requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11402requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11403requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11404run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
11405 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11406 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
11407 0 \
11408 -s "Protocol is TLSv1.3" \
11409 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11410 -s "received signature algorithm: 0x804" \
11411 -s "got named group: ffdhe8192(0104)" \
11412 -s "Certificate verification was skipped" \
11413 -c "Protocol is TLSv1.3" \
11414 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11415 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11416 -c "NamedGroup: ffdhe8192 ( 104 )" \
11417 -c "Verifying peer X.509 certificate... ok" \
11418 -C "received HelloRetryRequest message"
11419
11420requires_config_enabled MBEDTLS_SSL_SRV_C
11421requires_config_enabled MBEDTLS_DEBUG_C
11422requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11423requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11424requires_config_enabled MBEDTLS_SSL_CLI_C
11425requires_config_enabled MBEDTLS_DEBUG_C
11426requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11427requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11428run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11429 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11430 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11431 0 \
11432 -s "Protocol is TLSv1.3" \
11433 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11434 -s "received signature algorithm: 0x403" \
11435 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11436 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11437 -c "Protocol is TLSv1.3" \
11438 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11439 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11440 -c "NamedGroup: secp256r1 ( 17 )" \
11441 -c "Verifying peer X.509 certificate... ok" \
11442 -C "received HelloRetryRequest message"
11443
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11444requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11445requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11446requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11447requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11448requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11449requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11450requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11451requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11452run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11453 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11454 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11455 0 \
11456 -s "Protocol is TLSv1.3" \
11457 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11458 -s "received signature algorithm: 0x503" \
11459 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11460 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11461 -c "Protocol is TLSv1.3" \
11462 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11463 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11464 -c "NamedGroup: secp256r1 ( 17 )" \
11465 -c "Verifying peer X.509 certificate... ok" \
11466 -C "received HelloRetryRequest message"
11467
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11468requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11469requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11470requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11471requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11472requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11473requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11474requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11475requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11476run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11477 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11478 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11479 0 \
11480 -s "Protocol is TLSv1.3" \
11481 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11482 -s "received signature algorithm: 0x603" \
11483 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11484 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11485 -c "Protocol is TLSv1.3" \
11486 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11487 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11488 -c "NamedGroup: secp256r1 ( 17 )" \
11489 -c "Verifying peer X.509 certificate... ok" \
11490 -C "received HelloRetryRequest message"
11491
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11492requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11493requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11494requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11495requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11496requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11497requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11498requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11499requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11500requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11501requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11502run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11503 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11504 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11505 0 \
11506 -s "Protocol is TLSv1.3" \
11507 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11508 -s "received signature algorithm: 0x804" \
11509 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11510 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11511 -c "Protocol is TLSv1.3" \
11512 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11513 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11514 -c "NamedGroup: secp256r1 ( 17 )" \
11515 -c "Verifying peer X.509 certificate... ok" \
11516 -C "received HelloRetryRequest message"
11517
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11518requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11519requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11520requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11521requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11522requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11523requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11524requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11525requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11526run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11527 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11528 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11529 0 \
11530 -s "Protocol is TLSv1.3" \
11531 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11532 -s "received signature algorithm: 0x403" \
11533 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11534 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11535 -c "Protocol is TLSv1.3" \
11536 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11537 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11538 -c "NamedGroup: secp384r1 ( 18 )" \
11539 -c "Verifying peer X.509 certificate... ok" \
11540 -C "received HelloRetryRequest message"
11541
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11542requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11543requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11544requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11545requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11546requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11547requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11548requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11549requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11550run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11551 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11552 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11553 0 \
11554 -s "Protocol is TLSv1.3" \
11555 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11556 -s "received signature algorithm: 0x503" \
11557 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11558 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11559 -c "Protocol is TLSv1.3" \
11560 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11561 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11562 -c "NamedGroup: secp384r1 ( 18 )" \
11563 -c "Verifying peer X.509 certificate... ok" \
11564 -C "received HelloRetryRequest message"
11565
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11566requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11567requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11568requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11569requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11570requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11571requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11572requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11573requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11574run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11575 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11576 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11577 0 \
11578 -s "Protocol is TLSv1.3" \
11579 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11580 -s "received signature algorithm: 0x603" \
11581 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11582 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11583 -c "Protocol is TLSv1.3" \
11584 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11585 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11586 -c "NamedGroup: secp384r1 ( 18 )" \
11587 -c "Verifying peer X.509 certificate... ok" \
11588 -C "received HelloRetryRequest message"
11589
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11590requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11591requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11592requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11593requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11594requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11595requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11596requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11597requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11598requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11599requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11600run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11601 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11602 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11603 0 \
11604 -s "Protocol is TLSv1.3" \
11605 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11606 -s "received signature algorithm: 0x804" \
11607 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11608 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11609 -c "Protocol is TLSv1.3" \
11610 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11611 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11612 -c "NamedGroup: secp384r1 ( 18 )" \
11613 -c "Verifying peer X.509 certificate... ok" \
11614 -C "received HelloRetryRequest message"
11615
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11616requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11617requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11618requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11619requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11620requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11621requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11622requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11623requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11624run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11625 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11626 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11627 0 \
11628 -s "Protocol is TLSv1.3" \
11629 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11630 -s "received signature algorithm: 0x403" \
11631 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11632 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11633 -c "Protocol is TLSv1.3" \
11634 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11635 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11636 -c "NamedGroup: secp521r1 ( 19 )" \
11637 -c "Verifying peer X.509 certificate... ok" \
11638 -C "received HelloRetryRequest message"
11639
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11640requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11641requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11642requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11643requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11644requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11645requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11646requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11647requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11648run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11649 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11650 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11651 0 \
11652 -s "Protocol is TLSv1.3" \
11653 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11654 -s "received signature algorithm: 0x503" \
11655 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11656 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11657 -c "Protocol is TLSv1.3" \
11658 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11659 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11660 -c "NamedGroup: secp521r1 ( 19 )" \
11661 -c "Verifying peer X.509 certificate... ok" \
11662 -C "received HelloRetryRequest message"
11663
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11664requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11665requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11666requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11667requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11668requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11669requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11670requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11671requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11672run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11673 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11674 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11675 0 \
11676 -s "Protocol is TLSv1.3" \
11677 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11678 -s "received signature algorithm: 0x603" \
11679 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11680 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11681 -c "Protocol is TLSv1.3" \
11682 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11683 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11684 -c "NamedGroup: secp521r1 ( 19 )" \
11685 -c "Verifying peer X.509 certificate... ok" \
11686 -C "received HelloRetryRequest message"
11687
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11688requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11689requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11690requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11691requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11692requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11693requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11694requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11695requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11696requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11697requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11698run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11699 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11700 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11701 0 \
11702 -s "Protocol is TLSv1.3" \
11703 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11704 -s "received signature algorithm: 0x804" \
11705 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11706 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11707 -c "Protocol is TLSv1.3" \
11708 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11709 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11710 -c "NamedGroup: secp521r1 ( 19 )" \
11711 -c "Verifying peer X.509 certificate... ok" \
11712 -C "received HelloRetryRequest message"
11713
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11714requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11715requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11716requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11717requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11718requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11719requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11720requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11721requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11722run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11723 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11724 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11725 0 \
11726 -s "Protocol is TLSv1.3" \
11727 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11728 -s "received signature algorithm: 0x403" \
11729 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11730 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11731 -c "Protocol is TLSv1.3" \
11732 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11733 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11734 -c "NamedGroup: x25519 ( 1d )" \
11735 -c "Verifying peer X.509 certificate... ok" \
11736 -C "received HelloRetryRequest message"
11737
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11738requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11739requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11740requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11741requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11742requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11743requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11744requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11745requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11746run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11747 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11748 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11749 0 \
11750 -s "Protocol is TLSv1.3" \
11751 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11752 -s "received signature algorithm: 0x503" \
11753 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11754 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11755 -c "Protocol is TLSv1.3" \
11756 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11757 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11758 -c "NamedGroup: x25519 ( 1d )" \
11759 -c "Verifying peer X.509 certificate... ok" \
11760 -C "received HelloRetryRequest message"
11761
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11762requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11763requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11764requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11765requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11766requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11767requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11768requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11769requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11770run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11771 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11772 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11773 0 \
11774 -s "Protocol is TLSv1.3" \
11775 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11776 -s "received signature algorithm: 0x603" \
11777 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11778 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11779 -c "Protocol is TLSv1.3" \
11780 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11781 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11782 -c "NamedGroup: x25519 ( 1d )" \
11783 -c "Verifying peer X.509 certificate... ok" \
11784 -C "received HelloRetryRequest message"
11785
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11786requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11787requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11788requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11789requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11790requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11791requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11792requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11793requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11794requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11795requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11796run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11797 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11798 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11799 0 \
11800 -s "Protocol is TLSv1.3" \
11801 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11802 -s "received signature algorithm: 0x804" \
11803 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11804 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11805 -c "Protocol is TLSv1.3" \
11806 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11807 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11808 -c "NamedGroup: x25519 ( 1d )" \
11809 -c "Verifying peer X.509 certificate... ok" \
11810 -C "received HelloRetryRequest message"
11811
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11812requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11813requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11814requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11815requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11816requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11817requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11818requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11819requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11820run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11821 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11822 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11823 0 \
11824 -s "Protocol is TLSv1.3" \
11825 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11826 -s "received signature algorithm: 0x403" \
11827 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11828 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11829 -c "Protocol is TLSv1.3" \
11830 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11831 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11832 -c "NamedGroup: x448 ( 1e )" \
11833 -c "Verifying peer X.509 certificate... ok" \
11834 -C "received HelloRetryRequest message"
11835
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11836requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11837requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11838requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11839requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11840requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11841requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11842requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11843requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11844run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11845 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11846 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11847 0 \
11848 -s "Protocol is TLSv1.3" \
11849 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11850 -s "received signature algorithm: 0x503" \
11851 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11852 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11853 -c "Protocol is TLSv1.3" \
11854 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11855 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11856 -c "NamedGroup: x448 ( 1e )" \
11857 -c "Verifying peer X.509 certificate... ok" \
11858 -C "received HelloRetryRequest message"
11859
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11860requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11861requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11862requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11863requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11864requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11865requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11866requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11867requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11868run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11869 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11870 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11871 0 \
11872 -s "Protocol is TLSv1.3" \
11873 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11874 -s "received signature algorithm: 0x603" \
11875 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11876 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11877 -c "Protocol is TLSv1.3" \
11878 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11879 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11880 -c "NamedGroup: x448 ( 1e )" \
11881 -c "Verifying peer X.509 certificate... ok" \
11882 -C "received HelloRetryRequest message"
11883
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11884requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11885requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11886requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11887requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11888requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11889requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11890requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11891requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11892requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11893requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11894run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11895 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11896 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11897 0 \
11898 -s "Protocol is TLSv1.3" \
11899 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11900 -s "received signature algorithm: 0x804" \
11901 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11902 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11903 -c "Protocol is TLSv1.3" \
11904 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11905 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11906 -c "NamedGroup: x448 ( 1e )" \
11907 -c "Verifying peer X.509 certificate... ok" \
11908 -C "received HelloRetryRequest message"
11909
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11910requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11911requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11912requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11913requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11914requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11915requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11916requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11917requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11918run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
11919 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11920 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
11921 0 \
11922 -s "Protocol is TLSv1.3" \
11923 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11924 -s "received signature algorithm: 0x403" \
11925 -s "got named group: ffdhe2048(0100)" \
11926 -s "Certificate verification was skipped" \
11927 -c "Protocol is TLSv1.3" \
11928 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11929 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11930 -c "NamedGroup: ffdhe2048 ( 100 )" \
11931 -c "Verifying peer X.509 certificate... ok" \
11932 -C "received HelloRetryRequest message"
11933
11934requires_config_enabled MBEDTLS_SSL_SRV_C
11935requires_config_enabled MBEDTLS_DEBUG_C
11936requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11937requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11938requires_config_enabled MBEDTLS_SSL_CLI_C
11939requires_config_enabled MBEDTLS_DEBUG_C
11940requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11941requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11942run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
11943 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11944 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
11945 0 \
11946 -s "Protocol is TLSv1.3" \
11947 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11948 -s "received signature algorithm: 0x503" \
11949 -s "got named group: ffdhe2048(0100)" \
11950 -s "Certificate verification was skipped" \
11951 -c "Protocol is TLSv1.3" \
11952 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11953 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11954 -c "NamedGroup: ffdhe2048 ( 100 )" \
11955 -c "Verifying peer X.509 certificate... ok" \
11956 -C "received HelloRetryRequest message"
11957
11958requires_config_enabled MBEDTLS_SSL_SRV_C
11959requires_config_enabled MBEDTLS_DEBUG_C
11960requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11961requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11962requires_config_enabled MBEDTLS_SSL_CLI_C
11963requires_config_enabled MBEDTLS_DEBUG_C
11964requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11965requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11966run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
11967 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11968 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
11969 0 \
11970 -s "Protocol is TLSv1.3" \
11971 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11972 -s "received signature algorithm: 0x603" \
11973 -s "got named group: ffdhe2048(0100)" \
11974 -s "Certificate verification was skipped" \
11975 -c "Protocol is TLSv1.3" \
11976 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11977 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11978 -c "NamedGroup: ffdhe2048 ( 100 )" \
11979 -c "Verifying peer X.509 certificate... ok" \
11980 -C "received HelloRetryRequest message"
11981
11982requires_config_enabled MBEDTLS_SSL_SRV_C
11983requires_config_enabled MBEDTLS_DEBUG_C
11984requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11985requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11986requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11987requires_config_enabled MBEDTLS_SSL_CLI_C
11988requires_config_enabled MBEDTLS_DEBUG_C
11989requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11990requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11991requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11992run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
11993 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11994 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
11995 0 \
11996 -s "Protocol is TLSv1.3" \
11997 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11998 -s "received signature algorithm: 0x804" \
11999 -s "got named group: ffdhe2048(0100)" \
12000 -s "Certificate verification was skipped" \
12001 -c "Protocol is TLSv1.3" \
12002 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12003 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12004 -c "NamedGroup: ffdhe2048 ( 100 )" \
12005 -c "Verifying peer X.509 certificate... ok" \
12006 -C "received HelloRetryRequest message"
12007
12008requires_config_enabled MBEDTLS_SSL_SRV_C
12009requires_config_enabled MBEDTLS_DEBUG_C
12010requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12011requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12012requires_config_enabled MBEDTLS_SSL_CLI_C
12013requires_config_enabled MBEDTLS_DEBUG_C
12014requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12015requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12016run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
12017 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12018 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
12019 0 \
12020 -s "Protocol is TLSv1.3" \
12021 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12022 -s "received signature algorithm: 0x403" \
12023 -s "got named group: ffdhe8192(0104)" \
12024 -s "Certificate verification was skipped" \
12025 -c "Protocol is TLSv1.3" \
12026 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12027 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12028 -c "NamedGroup: ffdhe8192 ( 104 )" \
12029 -c "Verifying peer X.509 certificate... ok" \
12030 -C "received HelloRetryRequest message"
12031
12032requires_config_enabled MBEDTLS_SSL_SRV_C
12033requires_config_enabled MBEDTLS_DEBUG_C
12034requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12035requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12036requires_config_enabled MBEDTLS_SSL_CLI_C
12037requires_config_enabled MBEDTLS_DEBUG_C
12038requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12039requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12040run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
12041 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12042 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
12043 0 \
12044 -s "Protocol is TLSv1.3" \
12045 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12046 -s "received signature algorithm: 0x503" \
12047 -s "got named group: ffdhe8192(0104)" \
12048 -s "Certificate verification was skipped" \
12049 -c "Protocol is TLSv1.3" \
12050 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12051 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12052 -c "NamedGroup: ffdhe8192 ( 104 )" \
12053 -c "Verifying peer X.509 certificate... ok" \
12054 -C "received HelloRetryRequest message"
12055
12056requires_config_enabled MBEDTLS_SSL_SRV_C
12057requires_config_enabled MBEDTLS_DEBUG_C
12058requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12059requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12060requires_config_enabled MBEDTLS_SSL_CLI_C
12061requires_config_enabled MBEDTLS_DEBUG_C
12062requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12063requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12064run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
12065 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12066 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
12067 0 \
12068 -s "Protocol is TLSv1.3" \
12069 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12070 -s "received signature algorithm: 0x603" \
12071 -s "got named group: ffdhe8192(0104)" \
12072 -s "Certificate verification was skipped" \
12073 -c "Protocol is TLSv1.3" \
12074 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12075 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12076 -c "NamedGroup: ffdhe8192 ( 104 )" \
12077 -c "Verifying peer X.509 certificate... ok" \
12078 -C "received HelloRetryRequest message"
12079
12080requires_config_enabled MBEDTLS_SSL_SRV_C
12081requires_config_enabled MBEDTLS_DEBUG_C
12082requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12083requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12084requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12085requires_config_enabled MBEDTLS_SSL_CLI_C
12086requires_config_enabled MBEDTLS_DEBUG_C
12087requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12088requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12089requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12090run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
12091 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12092 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
12093 0 \
12094 -s "Protocol is TLSv1.3" \
12095 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12096 -s "received signature algorithm: 0x804" \
12097 -s "got named group: ffdhe8192(0104)" \
12098 -s "Certificate verification was skipped" \
12099 -c "Protocol is TLSv1.3" \
12100 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12101 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12102 -c "NamedGroup: ffdhe8192 ( 104 )" \
12103 -c "Verifying peer X.509 certificate... ok" \
12104 -C "received HelloRetryRequest message"
12105
12106requires_config_enabled MBEDTLS_SSL_SRV_C
12107requires_config_enabled MBEDTLS_DEBUG_C
12108requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12109requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12110requires_config_enabled MBEDTLS_SSL_CLI_C
12111requires_config_enabled MBEDTLS_DEBUG_C
12112requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12113requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12114run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12115 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12116 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12117 0 \
12118 -s "Protocol is TLSv1.3" \
12119 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12120 -s "received signature algorithm: 0x403" \
12121 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12122 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12123 -c "Protocol is TLSv1.3" \
12124 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12125 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12126 -c "NamedGroup: secp256r1 ( 17 )" \
12127 -c "Verifying peer X.509 certificate... ok" \
12128 -C "received HelloRetryRequest message"
12129
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12130requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12131requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12132requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12133requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12134requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12135requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12136requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12137requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12138run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12139 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12140 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12141 0 \
12142 -s "Protocol is TLSv1.3" \
12143 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12144 -s "received signature algorithm: 0x503" \
12145 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12146 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12147 -c "Protocol is TLSv1.3" \
12148 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12149 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12150 -c "NamedGroup: secp256r1 ( 17 )" \
12151 -c "Verifying peer X.509 certificate... ok" \
12152 -C "received HelloRetryRequest message"
12153
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12154requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12155requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12156requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12157requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12158requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12159requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12160requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12161requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12162run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12163 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12164 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12165 0 \
12166 -s "Protocol is TLSv1.3" \
12167 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12168 -s "received signature algorithm: 0x603" \
12169 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12170 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12171 -c "Protocol is TLSv1.3" \
12172 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12173 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12174 -c "NamedGroup: secp256r1 ( 17 )" \
12175 -c "Verifying peer X.509 certificate... ok" \
12176 -C "received HelloRetryRequest message"
12177
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12178requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12179requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12180requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12181requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12182requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12183requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12184requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12185requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12186requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12187requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12188run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12189 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12190 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12191 0 \
12192 -s "Protocol is TLSv1.3" \
12193 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12194 -s "received signature algorithm: 0x804" \
12195 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12196 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12197 -c "Protocol is TLSv1.3" \
12198 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12199 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12200 -c "NamedGroup: secp256r1 ( 17 )" \
12201 -c "Verifying peer X.509 certificate... ok" \
12202 -C "received HelloRetryRequest message"
12203
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12204requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12205requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12206requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12207requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12208requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12209requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12210requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12211requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12212run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12213 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12214 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12215 0 \
12216 -s "Protocol is TLSv1.3" \
12217 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12218 -s "received signature algorithm: 0x403" \
12219 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12220 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12221 -c "Protocol is TLSv1.3" \
12222 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12223 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12224 -c "NamedGroup: secp384r1 ( 18 )" \
12225 -c "Verifying peer X.509 certificate... ok" \
12226 -C "received HelloRetryRequest message"
12227
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12228requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12229requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12230requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12231requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12232requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12233requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12234requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12235requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12236run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12237 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12238 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12239 0 \
12240 -s "Protocol is TLSv1.3" \
12241 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12242 -s "received signature algorithm: 0x503" \
12243 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12244 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12245 -c "Protocol is TLSv1.3" \
12246 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12247 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12248 -c "NamedGroup: secp384r1 ( 18 )" \
12249 -c "Verifying peer X.509 certificate... ok" \
12250 -C "received HelloRetryRequest message"
12251
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12252requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12253requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12254requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12255requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12256requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12257requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12258requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12259requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12260run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12261 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12262 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12263 0 \
12264 -s "Protocol is TLSv1.3" \
12265 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12266 -s "received signature algorithm: 0x603" \
12267 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12268 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12269 -c "Protocol is TLSv1.3" \
12270 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12271 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12272 -c "NamedGroup: secp384r1 ( 18 )" \
12273 -c "Verifying peer X.509 certificate... ok" \
12274 -C "received HelloRetryRequest message"
12275
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12276requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12277requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12278requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12279requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12280requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12281requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12282requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12283requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12284requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12285requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12286run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12287 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12288 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12289 0 \
12290 -s "Protocol is TLSv1.3" \
12291 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12292 -s "received signature algorithm: 0x804" \
12293 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12294 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12295 -c "Protocol is TLSv1.3" \
12296 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12297 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12298 -c "NamedGroup: secp384r1 ( 18 )" \
12299 -c "Verifying peer X.509 certificate... ok" \
12300 -C "received HelloRetryRequest message"
12301
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12302requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12303requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12304requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12305requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12306requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12307requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12308requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12309requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12310run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12311 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12312 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12313 0 \
12314 -s "Protocol is TLSv1.3" \
12315 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12316 -s "received signature algorithm: 0x403" \
12317 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12318 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12319 -c "Protocol is TLSv1.3" \
12320 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12321 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12322 -c "NamedGroup: secp521r1 ( 19 )" \
12323 -c "Verifying peer X.509 certificate... ok" \
12324 -C "received HelloRetryRequest message"
12325
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12326requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12327requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12328requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12329requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12330requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12331requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12332requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12333requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12334run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12335 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12336 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12337 0 \
12338 -s "Protocol is TLSv1.3" \
12339 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12340 -s "received signature algorithm: 0x503" \
12341 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12342 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12343 -c "Protocol is TLSv1.3" \
12344 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12345 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12346 -c "NamedGroup: secp521r1 ( 19 )" \
12347 -c "Verifying peer X.509 certificate... ok" \
12348 -C "received HelloRetryRequest message"
12349
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12350requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12351requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12352requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12353requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12354requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12355requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12356requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12357requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12358run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12359 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12360 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12361 0 \
12362 -s "Protocol is TLSv1.3" \
12363 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12364 -s "received signature algorithm: 0x603" \
12365 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12366 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12367 -c "Protocol is TLSv1.3" \
12368 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12369 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12370 -c "NamedGroup: secp521r1 ( 19 )" \
12371 -c "Verifying peer X.509 certificate... ok" \
12372 -C "received HelloRetryRequest message"
12373
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12374requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12375requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12376requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12377requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12378requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12379requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12380requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12381requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12382requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12383requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12384run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12385 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12386 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12387 0 \
12388 -s "Protocol is TLSv1.3" \
12389 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12390 -s "received signature algorithm: 0x804" \
12391 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12392 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12393 -c "Protocol is TLSv1.3" \
12394 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12395 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12396 -c "NamedGroup: secp521r1 ( 19 )" \
12397 -c "Verifying peer X.509 certificate... ok" \
12398 -C "received HelloRetryRequest message"
12399
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12400requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12401requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12402requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12403requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12404requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12405requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12406requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12407requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12408run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12409 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12410 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12411 0 \
12412 -s "Protocol is TLSv1.3" \
12413 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12414 -s "received signature algorithm: 0x403" \
12415 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12416 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12417 -c "Protocol is TLSv1.3" \
12418 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12419 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12420 -c "NamedGroup: x25519 ( 1d )" \
12421 -c "Verifying peer X.509 certificate... ok" \
12422 -C "received HelloRetryRequest message"
12423
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12424requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12425requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12426requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12427requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12428requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12429requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12430requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12431requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12432run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12433 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12434 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12435 0 \
12436 -s "Protocol is TLSv1.3" \
12437 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12438 -s "received signature algorithm: 0x503" \
12439 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12440 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12441 -c "Protocol is TLSv1.3" \
12442 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12443 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12444 -c "NamedGroup: x25519 ( 1d )" \
12445 -c "Verifying peer X.509 certificate... ok" \
12446 -C "received HelloRetryRequest message"
12447
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12448requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12449requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12450requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12451requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12452requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12453requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12454requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12455requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12456run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12457 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12458 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12459 0 \
12460 -s "Protocol is TLSv1.3" \
12461 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12462 -s "received signature algorithm: 0x603" \
12463 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12464 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12465 -c "Protocol is TLSv1.3" \
12466 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12467 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12468 -c "NamedGroup: x25519 ( 1d )" \
12469 -c "Verifying peer X.509 certificate... ok" \
12470 -C "received HelloRetryRequest message"
12471
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12472requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12473requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12474requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12475requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12476requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12477requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12478requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12479requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12480requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12481requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12482run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12483 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12484 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12485 0 \
12486 -s "Protocol is TLSv1.3" \
12487 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12488 -s "received signature algorithm: 0x804" \
12489 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12490 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12491 -c "Protocol is TLSv1.3" \
12492 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12493 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12494 -c "NamedGroup: x25519 ( 1d )" \
12495 -c "Verifying peer X.509 certificate... ok" \
12496 -C "received HelloRetryRequest message"
12497
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12498requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12499requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12500requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12501requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12502requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12503requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12504requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12505requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12506run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12507 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12508 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12509 0 \
12510 -s "Protocol is TLSv1.3" \
12511 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12512 -s "received signature algorithm: 0x403" \
12513 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12514 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12515 -c "Protocol is TLSv1.3" \
12516 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12517 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12518 -c "NamedGroup: x448 ( 1e )" \
12519 -c "Verifying peer X.509 certificate... ok" \
12520 -C "received HelloRetryRequest message"
12521
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12522requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12523requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12524requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12525requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12526requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12527requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12528requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12529requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12530run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12531 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12532 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12533 0 \
12534 -s "Protocol is TLSv1.3" \
12535 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12536 -s "received signature algorithm: 0x503" \
12537 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12538 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12539 -c "Protocol is TLSv1.3" \
12540 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12541 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12542 -c "NamedGroup: x448 ( 1e )" \
12543 -c "Verifying peer X.509 certificate... ok" \
12544 -C "received HelloRetryRequest message"
12545
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12546requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12547requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12548requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12549requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12550requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12551requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12552requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12553requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12554run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12555 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12556 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12557 0 \
12558 -s "Protocol is TLSv1.3" \
12559 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12560 -s "received signature algorithm: 0x603" \
12561 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12562 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12563 -c "Protocol is TLSv1.3" \
12564 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12565 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12566 -c "NamedGroup: x448 ( 1e )" \
12567 -c "Verifying peer X.509 certificate... ok" \
12568 -C "received HelloRetryRequest message"
12569
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12570requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12571requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12572requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12573requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12574requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12575requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12576requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12577requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12578requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12579requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12580run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12581 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12582 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12583 0 \
12584 -s "Protocol is TLSv1.3" \
12585 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12586 -s "received signature algorithm: 0x804" \
12587 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12588 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12589 -c "Protocol is TLSv1.3" \
12590 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12591 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12592 -c "NamedGroup: x448 ( 1e )" \
12593 -c "Verifying peer X.509 certificate... ok" \
12594 -C "received HelloRetryRequest message"
12595
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12596requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12597requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12598requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12599requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12600requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12601requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12602requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12603requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12604run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
12605 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12606 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
12607 0 \
12608 -s "Protocol is TLSv1.3" \
12609 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12610 -s "received signature algorithm: 0x403" \
12611 -s "got named group: ffdhe2048(0100)" \
12612 -s "Certificate verification was skipped" \
12613 -c "Protocol is TLSv1.3" \
12614 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12615 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12616 -c "NamedGroup: ffdhe2048 ( 100 )" \
12617 -c "Verifying peer X.509 certificate... ok" \
12618 -C "received HelloRetryRequest message"
12619
12620requires_config_enabled MBEDTLS_SSL_SRV_C
12621requires_config_enabled MBEDTLS_DEBUG_C
12622requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12623requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12624requires_config_enabled MBEDTLS_SSL_CLI_C
12625requires_config_enabled MBEDTLS_DEBUG_C
12626requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12627requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12628run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
12629 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12630 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
12631 0 \
12632 -s "Protocol is TLSv1.3" \
12633 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12634 -s "received signature algorithm: 0x503" \
12635 -s "got named group: ffdhe2048(0100)" \
12636 -s "Certificate verification was skipped" \
12637 -c "Protocol is TLSv1.3" \
12638 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12639 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12640 -c "NamedGroup: ffdhe2048 ( 100 )" \
12641 -c "Verifying peer X.509 certificate... ok" \
12642 -C "received HelloRetryRequest message"
12643
12644requires_config_enabled MBEDTLS_SSL_SRV_C
12645requires_config_enabled MBEDTLS_DEBUG_C
12646requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12647requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12648requires_config_enabled MBEDTLS_SSL_CLI_C
12649requires_config_enabled MBEDTLS_DEBUG_C
12650requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12651requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12652run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
12653 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12654 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
12655 0 \
12656 -s "Protocol is TLSv1.3" \
12657 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12658 -s "received signature algorithm: 0x603" \
12659 -s "got named group: ffdhe2048(0100)" \
12660 -s "Certificate verification was skipped" \
12661 -c "Protocol is TLSv1.3" \
12662 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12663 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12664 -c "NamedGroup: ffdhe2048 ( 100 )" \
12665 -c "Verifying peer X.509 certificate... ok" \
12666 -C "received HelloRetryRequest message"
12667
12668requires_config_enabled MBEDTLS_SSL_SRV_C
12669requires_config_enabled MBEDTLS_DEBUG_C
12670requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12671requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12672requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12673requires_config_enabled MBEDTLS_SSL_CLI_C
12674requires_config_enabled MBEDTLS_DEBUG_C
12675requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12676requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12677requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12678run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
12679 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12680 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
12681 0 \
12682 -s "Protocol is TLSv1.3" \
12683 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12684 -s "received signature algorithm: 0x804" \
12685 -s "got named group: ffdhe2048(0100)" \
12686 -s "Certificate verification was skipped" \
12687 -c "Protocol is TLSv1.3" \
12688 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12689 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12690 -c "NamedGroup: ffdhe2048 ( 100 )" \
12691 -c "Verifying peer X.509 certificate... ok" \
12692 -C "received HelloRetryRequest message"
12693
12694requires_config_enabled MBEDTLS_SSL_SRV_C
12695requires_config_enabled MBEDTLS_DEBUG_C
12696requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12697requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12698requires_config_enabled MBEDTLS_SSL_CLI_C
12699requires_config_enabled MBEDTLS_DEBUG_C
12700requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12701requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12702run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
12703 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12704 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
12705 0 \
12706 -s "Protocol is TLSv1.3" \
12707 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12708 -s "received signature algorithm: 0x403" \
12709 -s "got named group: ffdhe8192(0104)" \
12710 -s "Certificate verification was skipped" \
12711 -c "Protocol is TLSv1.3" \
12712 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12713 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12714 -c "NamedGroup: ffdhe8192 ( 104 )" \
12715 -c "Verifying peer X.509 certificate... ok" \
12716 -C "received HelloRetryRequest message"
12717
12718requires_config_enabled MBEDTLS_SSL_SRV_C
12719requires_config_enabled MBEDTLS_DEBUG_C
12720requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12721requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12722requires_config_enabled MBEDTLS_SSL_CLI_C
12723requires_config_enabled MBEDTLS_DEBUG_C
12724requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12725requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12726run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
12727 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12728 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
12729 0 \
12730 -s "Protocol is TLSv1.3" \
12731 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12732 -s "received signature algorithm: 0x503" \
12733 -s "got named group: ffdhe8192(0104)" \
12734 -s "Certificate verification was skipped" \
12735 -c "Protocol is TLSv1.3" \
12736 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12737 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12738 -c "NamedGroup: ffdhe8192 ( 104 )" \
12739 -c "Verifying peer X.509 certificate... ok" \
12740 -C "received HelloRetryRequest message"
12741
12742requires_config_enabled MBEDTLS_SSL_SRV_C
12743requires_config_enabled MBEDTLS_DEBUG_C
12744requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12745requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12746requires_config_enabled MBEDTLS_SSL_CLI_C
12747requires_config_enabled MBEDTLS_DEBUG_C
12748requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12749requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12750run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
12751 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12752 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
12753 0 \
12754 -s "Protocol is TLSv1.3" \
12755 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12756 -s "received signature algorithm: 0x603" \
12757 -s "got named group: ffdhe8192(0104)" \
12758 -s "Certificate verification was skipped" \
12759 -c "Protocol is TLSv1.3" \
12760 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12761 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12762 -c "NamedGroup: ffdhe8192 ( 104 )" \
12763 -c "Verifying peer X.509 certificate... ok" \
12764 -C "received HelloRetryRequest message"
12765
12766requires_config_enabled MBEDTLS_SSL_SRV_C
12767requires_config_enabled MBEDTLS_DEBUG_C
12768requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12769requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12770requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12771requires_config_enabled MBEDTLS_SSL_CLI_C
12772requires_config_enabled MBEDTLS_DEBUG_C
12773requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12774requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12775requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12776run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
12777 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12778 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
12779 0 \
12780 -s "Protocol is TLSv1.3" \
12781 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12782 -s "received signature algorithm: 0x804" \
12783 -s "got named group: ffdhe8192(0104)" \
12784 -s "Certificate verification was skipped" \
12785 -c "Protocol is TLSv1.3" \
12786 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12787 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12788 -c "NamedGroup: ffdhe8192 ( 104 )" \
12789 -c "Verifying peer X.509 certificate... ok" \
12790 -C "received HelloRetryRequest message"
12791
12792requires_config_enabled MBEDTLS_SSL_SRV_C
12793requires_config_enabled MBEDTLS_DEBUG_C
12794requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12795requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12796requires_config_enabled MBEDTLS_SSL_CLI_C
12797requires_config_enabled MBEDTLS_DEBUG_C
12798requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12799requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12800run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12801 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12802 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12803 0 \
12804 -s "Protocol is TLSv1.3" \
12805 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12806 -s "received signature algorithm: 0x403" \
12807 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12808 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12809 -c "Protocol is TLSv1.3" \
12810 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12811 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12812 -c "NamedGroup: secp256r1 ( 17 )" \
12813 -c "Verifying peer X.509 certificate... ok" \
12814 -C "received HelloRetryRequest message"
12815
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12816requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12817requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12818requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12819requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12820requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12821requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12822requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12823requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12824run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12825 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12826 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12827 0 \
12828 -s "Protocol is TLSv1.3" \
12829 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12830 -s "received signature algorithm: 0x503" \
12831 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12832 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12833 -c "Protocol is TLSv1.3" \
12834 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12835 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12836 -c "NamedGroup: secp256r1 ( 17 )" \
12837 -c "Verifying peer X.509 certificate... ok" \
12838 -C "received HelloRetryRequest message"
12839
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12840requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12841requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12842requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12843requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12844requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12845requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12846requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12847requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12848run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12849 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12850 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12851 0 \
12852 -s "Protocol is TLSv1.3" \
12853 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12854 -s "received signature algorithm: 0x603" \
12855 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12856 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12857 -c "Protocol is TLSv1.3" \
12858 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12859 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12860 -c "NamedGroup: secp256r1 ( 17 )" \
12861 -c "Verifying peer X.509 certificate... ok" \
12862 -C "received HelloRetryRequest message"
12863
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12864requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12865requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12866requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12867requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12868requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12869requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12870requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12871requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12872requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12873requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12874run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12875 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12876 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12877 0 \
12878 -s "Protocol is TLSv1.3" \
12879 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12880 -s "received signature algorithm: 0x804" \
12881 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12882 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12883 -c "Protocol is TLSv1.3" \
12884 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12885 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12886 -c "NamedGroup: secp256r1 ( 17 )" \
12887 -c "Verifying peer X.509 certificate... ok" \
12888 -C "received HelloRetryRequest message"
12889
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12890requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12891requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12892requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12893requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12894requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12895requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12896requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12897requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12898run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12899 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12900 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12901 0 \
12902 -s "Protocol is TLSv1.3" \
12903 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12904 -s "received signature algorithm: 0x403" \
12905 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12906 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12907 -c "Protocol is TLSv1.3" \
12908 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12909 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12910 -c "NamedGroup: secp384r1 ( 18 )" \
12911 -c "Verifying peer X.509 certificate... ok" \
12912 -C "received HelloRetryRequest message"
12913
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12914requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12915requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12916requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12917requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12918requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12919requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12920requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12921requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12922run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12923 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12924 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12925 0 \
12926 -s "Protocol is TLSv1.3" \
12927 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12928 -s "received signature algorithm: 0x503" \
12929 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12930 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12931 -c "Protocol is TLSv1.3" \
12932 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12933 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12934 -c "NamedGroup: secp384r1 ( 18 )" \
12935 -c "Verifying peer X.509 certificate... ok" \
12936 -C "received HelloRetryRequest message"
12937
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12938requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12939requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12940requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12941requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12942requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12943requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12944requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12945requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12946run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12947 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12948 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12949 0 \
12950 -s "Protocol is TLSv1.3" \
12951 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12952 -s "received signature algorithm: 0x603" \
12953 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12954 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12955 -c "Protocol is TLSv1.3" \
12956 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12957 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12958 -c "NamedGroup: secp384r1 ( 18 )" \
12959 -c "Verifying peer X.509 certificate... ok" \
12960 -C "received HelloRetryRequest message"
12961
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12962requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12963requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12964requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12965requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12966requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12967requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12968requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12969requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12970requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12971requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12972run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12973 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12974 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12975 0 \
12976 -s "Protocol is TLSv1.3" \
12977 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12978 -s "received signature algorithm: 0x804" \
12979 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12980 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12981 -c "Protocol is TLSv1.3" \
12982 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12983 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12984 -c "NamedGroup: secp384r1 ( 18 )" \
12985 -c "Verifying peer X.509 certificate... ok" \
12986 -C "received HelloRetryRequest message"
12987
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12988requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12989requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12990requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12991requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12992requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12993requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12994requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12995requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12996run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12997 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12998 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12999 0 \
13000 -s "Protocol is TLSv1.3" \
13001 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13002 -s "received signature algorithm: 0x403" \
13003 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13004 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13005 -c "Protocol is TLSv1.3" \
13006 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13007 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13008 -c "NamedGroup: secp521r1 ( 19 )" \
13009 -c "Verifying peer X.509 certificate... ok" \
13010 -C "received HelloRetryRequest message"
13011
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13012requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13013requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13014requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13015requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13016requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13017requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13018requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13019requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13020run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13021 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13022 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13023 0 \
13024 -s "Protocol is TLSv1.3" \
13025 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13026 -s "received signature algorithm: 0x503" \
13027 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13028 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13029 -c "Protocol is TLSv1.3" \
13030 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13031 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13032 -c "NamedGroup: secp521r1 ( 19 )" \
13033 -c "Verifying peer X.509 certificate... ok" \
13034 -C "received HelloRetryRequest message"
13035
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13036requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13037requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13038requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13039requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13040requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13041requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13042requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13043requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13044run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13045 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13046 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13047 0 \
13048 -s "Protocol is TLSv1.3" \
13049 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13050 -s "received signature algorithm: 0x603" \
13051 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13052 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13053 -c "Protocol is TLSv1.3" \
13054 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13055 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13056 -c "NamedGroup: secp521r1 ( 19 )" \
13057 -c "Verifying peer X.509 certificate... ok" \
13058 -C "received HelloRetryRequest message"
13059
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13060requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13061requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13062requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13063requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13064requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13065requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13066requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13067requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13068requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13069requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13070run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13071 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13072 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13073 0 \
13074 -s "Protocol is TLSv1.3" \
13075 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13076 -s "received signature algorithm: 0x804" \
13077 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13078 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13079 -c "Protocol is TLSv1.3" \
13080 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13081 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13082 -c "NamedGroup: secp521r1 ( 19 )" \
13083 -c "Verifying peer X.509 certificate... ok" \
13084 -C "received HelloRetryRequest message"
13085
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13086requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13087requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13088requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13089requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13090requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13091requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13092requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13093requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13094run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13095 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13096 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13097 0 \
13098 -s "Protocol is TLSv1.3" \
13099 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13100 -s "received signature algorithm: 0x403" \
13101 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13102 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13103 -c "Protocol is TLSv1.3" \
13104 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13105 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13106 -c "NamedGroup: x25519 ( 1d )" \
13107 -c "Verifying peer X.509 certificate... ok" \
13108 -C "received HelloRetryRequest message"
13109
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13110requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13111requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13112requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13113requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13114requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13115requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13116requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13117requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13118run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13119 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13120 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13121 0 \
13122 -s "Protocol is TLSv1.3" \
13123 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13124 -s "received signature algorithm: 0x503" \
13125 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13126 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13127 -c "Protocol is TLSv1.3" \
13128 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13129 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13130 -c "NamedGroup: x25519 ( 1d )" \
13131 -c "Verifying peer X.509 certificate... ok" \
13132 -C "received HelloRetryRequest message"
13133
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13134requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13135requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13136requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13137requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13138requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13139requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13140requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13141requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13142run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13143 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13144 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13145 0 \
13146 -s "Protocol is TLSv1.3" \
13147 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13148 -s "received signature algorithm: 0x603" \
13149 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13150 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13151 -c "Protocol is TLSv1.3" \
13152 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13153 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13154 -c "NamedGroup: x25519 ( 1d )" \
13155 -c "Verifying peer X.509 certificate... ok" \
13156 -C "received HelloRetryRequest message"
13157
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13158requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13159requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13160requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13161requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13162requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13163requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13164requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13165requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13166requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13167requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13168run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13169 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13170 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13171 0 \
13172 -s "Protocol is TLSv1.3" \
13173 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13174 -s "received signature algorithm: 0x804" \
13175 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13176 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13177 -c "Protocol is TLSv1.3" \
13178 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13179 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13180 -c "NamedGroup: x25519 ( 1d )" \
13181 -c "Verifying peer X.509 certificate... ok" \
13182 -C "received HelloRetryRequest message"
13183
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13184requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13185requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13186requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13187requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13188requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13189requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13190requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13191requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13192run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13193 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13194 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13195 0 \
13196 -s "Protocol is TLSv1.3" \
13197 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13198 -s "received signature algorithm: 0x403" \
13199 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13200 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13201 -c "Protocol is TLSv1.3" \
13202 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13203 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13204 -c "NamedGroup: x448 ( 1e )" \
13205 -c "Verifying peer X.509 certificate... ok" \
13206 -C "received HelloRetryRequest message"
13207
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13208requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13209requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13210requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13211requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13212requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13213requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13214requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13215requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13216run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13217 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13218 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13219 0 \
13220 -s "Protocol is TLSv1.3" \
13221 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13222 -s "received signature algorithm: 0x503" \
13223 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13224 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13225 -c "Protocol is TLSv1.3" \
13226 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13227 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13228 -c "NamedGroup: x448 ( 1e )" \
13229 -c "Verifying peer X.509 certificate... ok" \
13230 -C "received HelloRetryRequest message"
13231
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13232requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13233requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13234requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13235requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13236requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13237requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13238requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13239requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13240run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13241 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13242 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13243 0 \
13244 -s "Protocol is TLSv1.3" \
13245 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13246 -s "received signature algorithm: 0x603" \
13247 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13248 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13249 -c "Protocol is TLSv1.3" \
13250 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13251 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13252 -c "NamedGroup: x448 ( 1e )" \
13253 -c "Verifying peer X.509 certificate... ok" \
13254 -C "received HelloRetryRequest message"
13255
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13256requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13257requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13258requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13259requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13260requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13261requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13262requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13263requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13264requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13265requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13266run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13267 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13268 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13269 0 \
13270 -s "Protocol is TLSv1.3" \
13271 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13272 -s "received signature algorithm: 0x804" \
13273 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13274 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13275 -c "Protocol is TLSv1.3" \
13276 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13277 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13278 -c "NamedGroup: x448 ( 1e )" \
13279 -c "Verifying peer X.509 certificate... ok" \
13280 -C "received HelloRetryRequest message"
13281
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13282requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13283requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13284requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13285requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13286requires_config_enabled MBEDTLS_SSL_CLI_C
13287requires_config_enabled MBEDTLS_DEBUG_C
13288requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13289requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13290run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
13291 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13292 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
13293 0 \
13294 -s "Protocol is TLSv1.3" \
13295 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13296 -s "received signature algorithm: 0x403" \
13297 -s "got named group: ffdhe2048(0100)" \
13298 -s "Certificate verification was skipped" \
13299 -c "Protocol is TLSv1.3" \
13300 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13301 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13302 -c "NamedGroup: ffdhe2048 ( 100 )" \
13303 -c "Verifying peer X.509 certificate... ok" \
13304 -C "received HelloRetryRequest message"
13305
13306requires_config_enabled MBEDTLS_SSL_SRV_C
13307requires_config_enabled MBEDTLS_DEBUG_C
13308requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13309requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13310requires_config_enabled MBEDTLS_SSL_CLI_C
13311requires_config_enabled MBEDTLS_DEBUG_C
13312requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13313requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13314run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
13315 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13316 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
13317 0 \
13318 -s "Protocol is TLSv1.3" \
13319 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13320 -s "received signature algorithm: 0x503" \
13321 -s "got named group: ffdhe2048(0100)" \
13322 -s "Certificate verification was skipped" \
13323 -c "Protocol is TLSv1.3" \
13324 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13325 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13326 -c "NamedGroup: ffdhe2048 ( 100 )" \
13327 -c "Verifying peer X.509 certificate... ok" \
13328 -C "received HelloRetryRequest message"
13329
13330requires_config_enabled MBEDTLS_SSL_SRV_C
13331requires_config_enabled MBEDTLS_DEBUG_C
13332requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13333requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13334requires_config_enabled MBEDTLS_SSL_CLI_C
13335requires_config_enabled MBEDTLS_DEBUG_C
13336requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13337requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13338run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
13339 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13340 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
13341 0 \
13342 -s "Protocol is TLSv1.3" \
13343 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13344 -s "received signature algorithm: 0x603" \
13345 -s "got named group: ffdhe2048(0100)" \
13346 -s "Certificate verification was skipped" \
13347 -c "Protocol is TLSv1.3" \
13348 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13349 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13350 -c "NamedGroup: ffdhe2048 ( 100 )" \
13351 -c "Verifying peer X.509 certificate... ok" \
13352 -C "received HelloRetryRequest message"
13353
13354requires_config_enabled MBEDTLS_SSL_SRV_C
13355requires_config_enabled MBEDTLS_DEBUG_C
13356requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13357requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13358requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13359requires_config_enabled MBEDTLS_SSL_CLI_C
13360requires_config_enabled MBEDTLS_DEBUG_C
13361requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13362requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13363requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13364run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
13365 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13366 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
13367 0 \
13368 -s "Protocol is TLSv1.3" \
13369 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13370 -s "received signature algorithm: 0x804" \
13371 -s "got named group: ffdhe2048(0100)" \
13372 -s "Certificate verification was skipped" \
13373 -c "Protocol is TLSv1.3" \
13374 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13375 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13376 -c "NamedGroup: ffdhe2048 ( 100 )" \
13377 -c "Verifying peer X.509 certificate... ok" \
13378 -C "received HelloRetryRequest message"
13379
13380requires_config_enabled MBEDTLS_SSL_SRV_C
13381requires_config_enabled MBEDTLS_DEBUG_C
13382requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13383requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13384requires_config_enabled MBEDTLS_SSL_CLI_C
13385requires_config_enabled MBEDTLS_DEBUG_C
13386requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13387requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13388run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
13389 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13390 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
13391 0 \
13392 -s "Protocol is TLSv1.3" \
13393 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13394 -s "received signature algorithm: 0x403" \
13395 -s "got named group: ffdhe8192(0104)" \
13396 -s "Certificate verification was skipped" \
13397 -c "Protocol is TLSv1.3" \
13398 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13399 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13400 -c "NamedGroup: ffdhe8192 ( 104 )" \
13401 -c "Verifying peer X.509 certificate... ok" \
13402 -C "received HelloRetryRequest message"
13403
13404requires_config_enabled MBEDTLS_SSL_SRV_C
13405requires_config_enabled MBEDTLS_DEBUG_C
13406requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13407requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13408requires_config_enabled MBEDTLS_SSL_CLI_C
13409requires_config_enabled MBEDTLS_DEBUG_C
13410requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13411requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13412run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
13413 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13414 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
13415 0 \
13416 -s "Protocol is TLSv1.3" \
13417 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13418 -s "received signature algorithm: 0x503" \
13419 -s "got named group: ffdhe8192(0104)" \
13420 -s "Certificate verification was skipped" \
13421 -c "Protocol is TLSv1.3" \
13422 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13423 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13424 -c "NamedGroup: ffdhe8192 ( 104 )" \
13425 -c "Verifying peer X.509 certificate... ok" \
13426 -C "received HelloRetryRequest message"
13427
13428requires_config_enabled MBEDTLS_SSL_SRV_C
13429requires_config_enabled MBEDTLS_DEBUG_C
13430requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13431requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13432requires_config_enabled MBEDTLS_SSL_CLI_C
13433requires_config_enabled MBEDTLS_DEBUG_C
13434requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13435requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13436run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
13437 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13438 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
13439 0 \
13440 -s "Protocol is TLSv1.3" \
13441 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13442 -s "received signature algorithm: 0x603" \
13443 -s "got named group: ffdhe8192(0104)" \
13444 -s "Certificate verification was skipped" \
13445 -c "Protocol is TLSv1.3" \
13446 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13447 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13448 -c "NamedGroup: ffdhe8192 ( 104 )" \
13449 -c "Verifying peer X.509 certificate... ok" \
13450 -C "received HelloRetryRequest message"
13451
13452requires_config_enabled MBEDTLS_SSL_SRV_C
13453requires_config_enabled MBEDTLS_DEBUG_C
13454requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13455requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13456requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13457requires_config_enabled MBEDTLS_SSL_CLI_C
13458requires_config_enabled MBEDTLS_DEBUG_C
13459requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13460requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13461requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13462run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
13463 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13464 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
13465 0 \
13466 -s "Protocol is TLSv1.3" \
13467 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13468 -s "received signature algorithm: 0x804" \
13469 -s "got named group: ffdhe8192(0104)" \
13470 -s "Certificate verification was skipped" \
13471 -c "Protocol is TLSv1.3" \
13472 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13473 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13474 -c "NamedGroup: ffdhe8192 ( 104 )" \
13475 -c "Verifying peer X.509 certificate... ok" \
13476 -C "received HelloRetryRequest message"
13477
13478requires_config_enabled MBEDTLS_SSL_SRV_C
13479requires_config_enabled MBEDTLS_DEBUG_C
13480requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13481requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13482requires_openssl_tls1_3
13483run_test "TLS 1.3 O->m: HRR secp256r1 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13484 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13485 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13486 0 \
13487 -s "Protocol is TLSv1.3" \
13488 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13489 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13490 -s "HRR selected_group: secp384r1"
13491
13492requires_config_enabled MBEDTLS_SSL_SRV_C
13493requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13494requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13495requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13496requires_openssl_tls1_3
13497run_test "TLS 1.3 O->m: HRR secp256r1 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13498 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13499 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13500 0 \
13501 -s "Protocol is TLSv1.3" \
13502 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13503 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13504 -s "HRR selected_group: secp521r1"
13505
13506requires_config_enabled MBEDTLS_SSL_SRV_C
13507requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13508requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13509requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13510requires_openssl_tls1_3
13511run_test "TLS 1.3 O->m: HRR secp256r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13512 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13513 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13514 0 \
13515 -s "Protocol is TLSv1.3" \
13516 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13517 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13518 -s "HRR selected_group: x25519"
13519
13520requires_config_enabled MBEDTLS_SSL_SRV_C
13521requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13522requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13523requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13524requires_openssl_tls1_3
13525run_test "TLS 1.3 O->m: HRR secp256r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13526 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13527 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13528 0 \
13529 -s "Protocol is TLSv1.3" \
13530 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13531 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13532 -s "HRR selected_group: x448"
13533
13534requires_config_enabled MBEDTLS_SSL_SRV_C
13535requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13536requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13537requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13538requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13539requires_openssl_3_x
13540run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe2048" \
13541 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13542 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:ffdhe2048 -msg -tls1_3" \
13543 0 \
13544 -s "Protocol is TLSv1.3" \
13545 -s "got named group: ffdhe2048(0100)" \
13546 -s "Certificate verification was skipped" \
13547 -s "HRR selected_group: ffdhe2048"
13548
13549requires_config_enabled MBEDTLS_SSL_SRV_C
13550requires_config_enabled MBEDTLS_DEBUG_C
13551requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13552requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13553requires_openssl_tls1_3
13554requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13555run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe8192" \
13556 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13557 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:ffdhe8192 -msg -tls1_3" \
13558 0 \
13559 -s "Protocol is TLSv1.3" \
13560 -s "got named group: ffdhe8192(0104)" \
13561 -s "Certificate verification was skipped" \
13562 -s "HRR selected_group: ffdhe8192"
13563
13564requires_config_enabled MBEDTLS_SSL_SRV_C
13565requires_config_enabled MBEDTLS_DEBUG_C
13566requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13567requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13568requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13569run_test "TLS 1.3 O->m: HRR secp384r1 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13570 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13571 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13572 0 \
13573 -s "Protocol is TLSv1.3" \
13574 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13575 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13576 -s "HRR selected_group: secp256r1"
13577
13578requires_config_enabled MBEDTLS_SSL_SRV_C
13579requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13580requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13581requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13582requires_openssl_tls1_3
13583run_test "TLS 1.3 O->m: HRR secp384r1 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13584 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13585 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13586 0 \
13587 -s "Protocol is TLSv1.3" \
13588 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13589 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13590 -s "HRR selected_group: secp521r1"
13591
13592requires_config_enabled MBEDTLS_SSL_SRV_C
13593requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13594requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13595requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13596requires_openssl_tls1_3
13597run_test "TLS 1.3 O->m: HRR secp384r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13598 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13599 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13600 0 \
13601 -s "Protocol is TLSv1.3" \
13602 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13603 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13604 -s "HRR selected_group: x25519"
13605
13606requires_config_enabled MBEDTLS_SSL_SRV_C
13607requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13608requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13609requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13610requires_openssl_tls1_3
13611run_test "TLS 1.3 O->m: HRR secp384r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13612 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13613 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13614 0 \
13615 -s "Protocol is TLSv1.3" \
13616 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13617 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13618 -s "HRR selected_group: x448"
13619
13620requires_config_enabled MBEDTLS_SSL_SRV_C
13621requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13622requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13623requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13624requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13625requires_openssl_3_x
13626run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe2048" \
13627 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13628 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:ffdhe2048 -msg -tls1_3" \
13629 0 \
13630 -s "Protocol is TLSv1.3" \
13631 -s "got named group: ffdhe2048(0100)" \
13632 -s "Certificate verification was skipped" \
13633 -s "HRR selected_group: ffdhe2048"
13634
13635requires_config_enabled MBEDTLS_SSL_SRV_C
13636requires_config_enabled MBEDTLS_DEBUG_C
13637requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13638requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13639requires_openssl_tls1_3
13640requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13641run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe8192" \
13642 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13643 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:ffdhe8192 -msg -tls1_3" \
13644 0 \
13645 -s "Protocol is TLSv1.3" \
13646 -s "got named group: ffdhe8192(0104)" \
13647 -s "Certificate verification was skipped" \
13648 -s "HRR selected_group: ffdhe8192"
13649
13650requires_config_enabled MBEDTLS_SSL_SRV_C
13651requires_config_enabled MBEDTLS_DEBUG_C
13652requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13653requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13654requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13655run_test "TLS 1.3 O->m: HRR secp521r1 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13656 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13657 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13658 0 \
13659 -s "Protocol is TLSv1.3" \
13660 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13661 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13662 -s "HRR selected_group: secp256r1"
13663
13664requires_config_enabled MBEDTLS_SSL_SRV_C
13665requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13666requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13667requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13668requires_openssl_tls1_3
13669run_test "TLS 1.3 O->m: HRR secp521r1 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13670 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13671 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13672 0 \
13673 -s "Protocol is TLSv1.3" \
13674 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13675 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13676 -s "HRR selected_group: secp384r1"
13677
13678requires_config_enabled MBEDTLS_SSL_SRV_C
13679requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13680requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13681requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13682requires_openssl_tls1_3
13683run_test "TLS 1.3 O->m: HRR secp521r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13684 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13685 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13686 0 \
13687 -s "Protocol is TLSv1.3" \
13688 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13689 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13690 -s "HRR selected_group: x25519"
13691
13692requires_config_enabled MBEDTLS_SSL_SRV_C
13693requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13694requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13695requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13696requires_openssl_tls1_3
13697run_test "TLS 1.3 O->m: HRR secp521r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13698 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13699 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13700 0 \
13701 -s "Protocol is TLSv1.3" \
13702 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13703 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13704 -s "HRR selected_group: x448"
13705
13706requires_config_enabled MBEDTLS_SSL_SRV_C
13707requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13708requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13709requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13710requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13711requires_openssl_3_x
13712run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe2048" \
13713 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13714 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:ffdhe2048 -msg -tls1_3" \
13715 0 \
13716 -s "Protocol is TLSv1.3" \
13717 -s "got named group: ffdhe2048(0100)" \
13718 -s "Certificate verification was skipped" \
13719 -s "HRR selected_group: ffdhe2048"
13720
13721requires_config_enabled MBEDTLS_SSL_SRV_C
13722requires_config_enabled MBEDTLS_DEBUG_C
13723requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13724requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13725requires_openssl_tls1_3
13726requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13727run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe8192" \
13728 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13729 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:ffdhe8192 -msg -tls1_3" \
13730 0 \
13731 -s "Protocol is TLSv1.3" \
13732 -s "got named group: ffdhe8192(0104)" \
13733 -s "Certificate verification was skipped" \
13734 -s "HRR selected_group: ffdhe8192"
13735
13736requires_config_enabled MBEDTLS_SSL_SRV_C
13737requires_config_enabled MBEDTLS_DEBUG_C
13738requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13739requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13740requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13741run_test "TLS 1.3 O->m: HRR x25519 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13742 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13743 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13744 0 \
13745 -s "Protocol is TLSv1.3" \
13746 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13747 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13748 -s "HRR selected_group: secp256r1"
13749
13750requires_config_enabled MBEDTLS_SSL_SRV_C
13751requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13752requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13753requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13754requires_openssl_tls1_3
13755run_test "TLS 1.3 O->m: HRR x25519 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13756 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13757 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13758 0 \
13759 -s "Protocol is TLSv1.3" \
13760 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13761 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13762 -s "HRR selected_group: secp384r1"
13763
13764requires_config_enabled MBEDTLS_SSL_SRV_C
13765requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13766requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13767requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13768requires_openssl_tls1_3
13769run_test "TLS 1.3 O->m: HRR x25519 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13770 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13771 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13772 0 \
13773 -s "Protocol is TLSv1.3" \
13774 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13775 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13776 -s "HRR selected_group: secp521r1"
13777
13778requires_config_enabled MBEDTLS_SSL_SRV_C
13779requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13780requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13781requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13782requires_openssl_tls1_3
13783run_test "TLS 1.3 O->m: HRR x25519 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13784 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13785 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13786 0 \
13787 -s "Protocol is TLSv1.3" \
13788 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13789 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13790 -s "HRR selected_group: x448"
13791
13792requires_config_enabled MBEDTLS_SSL_SRV_C
13793requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13794requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13795requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13796requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13797requires_openssl_3_x
13798run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe2048" \
13799 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13800 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:ffdhe2048 -msg -tls1_3" \
13801 0 \
13802 -s "Protocol is TLSv1.3" \
13803 -s "got named group: ffdhe2048(0100)" \
13804 -s "Certificate verification was skipped" \
13805 -s "HRR selected_group: ffdhe2048"
13806
13807requires_config_enabled MBEDTLS_SSL_SRV_C
13808requires_config_enabled MBEDTLS_DEBUG_C
13809requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13810requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13811requires_openssl_tls1_3
13812requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13813run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe8192" \
13814 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13815 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:ffdhe8192 -msg -tls1_3" \
13816 0 \
13817 -s "Protocol is TLSv1.3" \
13818 -s "got named group: ffdhe8192(0104)" \
13819 -s "Certificate verification was skipped" \
13820 -s "HRR selected_group: ffdhe8192"
13821
13822requires_config_enabled MBEDTLS_SSL_SRV_C
13823requires_config_enabled MBEDTLS_DEBUG_C
13824requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13825requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13826requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13827run_test "TLS 1.3 O->m: HRR x448 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13828 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13829 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13830 0 \
13831 -s "Protocol is TLSv1.3" \
13832 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13833 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13834 -s "HRR selected_group: secp256r1"
13835
13836requires_config_enabled MBEDTLS_SSL_SRV_C
13837requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13838requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13839requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13840requires_openssl_tls1_3
13841run_test "TLS 1.3 O->m: HRR x448 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13842 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13843 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13844 0 \
13845 -s "Protocol is TLSv1.3" \
13846 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13847 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13848 -s "HRR selected_group: secp384r1"
13849
13850requires_config_enabled MBEDTLS_SSL_SRV_C
13851requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13852requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13853requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13854requires_openssl_tls1_3
13855run_test "TLS 1.3 O->m: HRR x448 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13856 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13857 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13858 0 \
13859 -s "Protocol is TLSv1.3" \
13860 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13861 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13862 -s "HRR selected_group: secp521r1"
13863
13864requires_config_enabled MBEDTLS_SSL_SRV_C
13865requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13866requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13867requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13868requires_openssl_tls1_3
13869run_test "TLS 1.3 O->m: HRR x448 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13870 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]13871 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13872 0 \
13873 -s "Protocol is TLSv1.3" \
13874 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13875 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13876 -s "HRR selected_group: x25519"
13877
13878requires_config_enabled MBEDTLS_SSL_SRV_C
13879requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13880requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13881requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13882requires_openssl_tls1_3
13883requires_openssl_3_x
13884run_test "TLS 1.3 O->m: HRR x448 -> ffdhe2048" \
13885 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13886 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:ffdhe2048 -msg -tls1_3" \
13887 0 \
13888 -s "Protocol is TLSv1.3" \
13889 -s "got named group: ffdhe2048(0100)" \
13890 -s "Certificate verification was skipped" \
13891 -s "HRR selected_group: ffdhe2048"
13892
13893requires_config_enabled MBEDTLS_SSL_SRV_C
13894requires_config_enabled MBEDTLS_DEBUG_C
13895requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13896requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13897requires_openssl_tls1_3
13898requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13899run_test "TLS 1.3 O->m: HRR x448 -> ffdhe8192" \
13900 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13901 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:ffdhe8192 -msg -tls1_3" \
13902 0 \
13903 -s "Protocol is TLSv1.3" \
13904 -s "got named group: ffdhe8192(0104)" \
13905 -s "Certificate verification was skipped" \
13906 -s "HRR selected_group: ffdhe8192"
13907
13908requires_config_enabled MBEDTLS_SSL_SRV_C
13909requires_config_enabled MBEDTLS_DEBUG_C
13910requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13911requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13912requires_openssl_tls1_3
13913requires_openssl_3_x
13914run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp256r1" \
13915 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13916 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:P-256 -msg -tls1_3" \
13917 0 \
13918 -s "Protocol is TLSv1.3" \
13919 -s "got named group: secp256r1(0017)" \
13920 -s "Certificate verification was skipped" \
13921 -s "HRR selected_group: secp256r1"
13922
13923requires_config_enabled MBEDTLS_SSL_SRV_C
13924requires_config_enabled MBEDTLS_DEBUG_C
13925requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13926requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13927requires_openssl_tls1_3
13928requires_openssl_3_x
13929run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp384r1" \
13930 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13931 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:P-384 -msg -tls1_3" \
13932 0 \
13933 -s "Protocol is TLSv1.3" \
13934 -s "got named group: secp384r1(0018)" \
13935 -s "Certificate verification was skipped" \
13936 -s "HRR selected_group: secp384r1"
13937
13938requires_config_enabled MBEDTLS_SSL_SRV_C
13939requires_config_enabled MBEDTLS_DEBUG_C
13940requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13941requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13942requires_openssl_tls1_3
13943requires_openssl_3_x
13944run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp521r1" \
13945 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13946 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:P-521 -msg -tls1_3" \
13947 0 \
13948 -s "Protocol is TLSv1.3" \
13949 -s "got named group: secp521r1(0019)" \
13950 -s "Certificate verification was skipped" \
13951 -s "HRR selected_group: secp521r1"
13952
13953requires_config_enabled MBEDTLS_SSL_SRV_C
13954requires_config_enabled MBEDTLS_DEBUG_C
13955requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13956requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13957requires_openssl_tls1_3
13958requires_openssl_3_x
13959run_test "TLS 1.3 O->m: HRR ffdhe2048 -> x25519" \
13960 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13961 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:X25519 -msg -tls1_3" \
13962 0 \
13963 -s "Protocol is TLSv1.3" \
13964 -s "got named group: x25519(001d)" \
13965 -s "Certificate verification was skipped" \
13966 -s "HRR selected_group: x25519"
13967
13968requires_config_enabled MBEDTLS_SSL_SRV_C
13969requires_config_enabled MBEDTLS_DEBUG_C
13970requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13971requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13972requires_openssl_tls1_3
13973requires_openssl_3_x
13974run_test "TLS 1.3 O->m: HRR ffdhe2048 -> x448" \
13975 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13976 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:X448 -msg -tls1_3" \
13977 0 \
13978 -s "Protocol is TLSv1.3" \
13979 -s "got named group: x448(001e)" \
13980 -s "Certificate verification was skipped" \
13981 -s "HRR selected_group: x448"
13982
13983requires_config_enabled MBEDTLS_SSL_SRV_C
13984requires_config_enabled MBEDTLS_DEBUG_C
13985requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13986requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13987requires_openssl_tls1_3
13988requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13989run_test "TLS 1.3 O->m: HRR ffdhe2048 -> ffdhe8192" \
13990 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13991 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:ffdhe8192 -msg -tls1_3" \
13992 0 \
13993 -s "Protocol is TLSv1.3" \
13994 -s "got named group: ffdhe8192(0104)" \
13995 -s "Certificate verification was skipped" \
13996 -s "HRR selected_group: ffdhe8192"
13997
13998requires_config_enabled MBEDTLS_SSL_SRV_C
13999requires_config_enabled MBEDTLS_DEBUG_C
14000requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14001requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14002requires_openssl_tls1_3
14003requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14004run_test "TLS 1.3 O->m: HRR ffdhe8192 -> secp256r1" \
14005 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14006 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:P-256 -msg -tls1_3" \
14007 0 \
14008 -s "Protocol is TLSv1.3" \
14009 -s "got named group: secp256r1(0017)" \
14010 -s "Certificate verification was skipped" \
14011 -s "HRR selected_group: secp256r1"
14012
14013requires_config_enabled MBEDTLS_SSL_SRV_C
14014requires_config_enabled MBEDTLS_DEBUG_C
14015requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14016requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14017requires_openssl_tls1_3
14018requires_openssl_3_x
14019run_test "TLS 1.3 O->m: HRR ffdhe8192 -> secp384r1" \
14020 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14021 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:P-384 -msg -tls1_3" \
14022 0 \
14023 -s "Protocol is TLSv1.3" \
14024 -s "got named group: secp384r1(0018)" \
14025 -s "Certificate verification was skipped" \
14026 -s "HRR selected_group: secp384r1"
14027
14028requires_config_enabled MBEDTLS_SSL_SRV_C
14029requires_config_enabled MBEDTLS_DEBUG_C
14030requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14031requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14032requires_openssl_tls1_3
14033requires_openssl_3_x
14034run_test "TLS 1.3 O->m: HRR ffdhe8192 -> secp521r1" \
14035 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14036 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:P-521 -msg -tls1_3" \
14037 0 \
14038 -s "Protocol is TLSv1.3" \
14039 -s "got named group: secp521r1(0019)" \
14040 -s "Certificate verification was skipped" \
14041 -s "HRR selected_group: secp521r1"
14042
14043requires_config_enabled MBEDTLS_SSL_SRV_C
14044requires_config_enabled MBEDTLS_DEBUG_C
14045requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14046requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14047requires_openssl_tls1_3
14048requires_openssl_3_x
14049run_test "TLS 1.3 O->m: HRR ffdhe8192 -> x25519" \
14050 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14051 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:X25519 -msg -tls1_3" \
14052 0 \
14053 -s "Protocol is TLSv1.3" \
14054 -s "got named group: x25519(001d)" \
14055 -s "Certificate verification was skipped" \
14056 -s "HRR selected_group: x25519"
14057
14058requires_config_enabled MBEDTLS_SSL_SRV_C
14059requires_config_enabled MBEDTLS_DEBUG_C
14060requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14061requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14062requires_openssl_tls1_3
14063requires_openssl_3_x
14064run_test "TLS 1.3 O->m: HRR ffdhe8192 -> x448" \
14065 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14066 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:X448 -msg -tls1_3" \
14067 0 \
14068 -s "Protocol is TLSv1.3" \
14069 -s "got named group: x448(001e)" \
14070 -s "Certificate verification was skipped" \
14071 -s "HRR selected_group: x448"
14072
14073requires_config_enabled MBEDTLS_SSL_SRV_C
14074requires_config_enabled MBEDTLS_DEBUG_C
14075requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14076requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14077requires_openssl_tls1_3
14078requires_openssl_3_x
14079run_test "TLS 1.3 O->m: HRR ffdhe8192 -> ffdhe2048" \
14080 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14081 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:ffdhe2048 -msg -tls1_3" \
14082 0 \
14083 -s "Protocol is TLSv1.3" \
14084 -s "got named group: ffdhe2048(0100)" \
14085 -s "Certificate verification was skipped" \
14086 -s "HRR selected_group: ffdhe2048"
14087
14088requires_config_enabled MBEDTLS_SSL_SRV_C
14089requires_config_enabled MBEDTLS_DEBUG_C
14090requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14091requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14092requires_gnutls_tls1_3
14093requires_gnutls_next_no_ticket
14094requires_gnutls_next_disable_tls13_compat
14095run_test "TLS 1.3 G->m: HRR secp256r1 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14096 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14097 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14098 0 \
14099 -s "Protocol is TLSv1.3" \
14100 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14101 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14102 -s "HRR selected_group: secp384r1"
14103
14104requires_config_enabled MBEDTLS_SSL_SRV_C
14105requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14106requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14107requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14108requires_gnutls_tls1_3
14109requires_gnutls_next_no_ticket
14110requires_gnutls_next_disable_tls13_compat
14111run_test "TLS 1.3 G->m: HRR secp256r1 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14112 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14113 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14114 0 \
14115 -s "Protocol is TLSv1.3" \
14116 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14117 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14118 -s "HRR selected_group: secp521r1"
14119
14120requires_config_enabled MBEDTLS_SSL_SRV_C
14121requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14122requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14123requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14124requires_gnutls_tls1_3
14125requires_gnutls_next_no_ticket
14126requires_gnutls_next_disable_tls13_compat
14127run_test "TLS 1.3 G->m: HRR secp256r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14128 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14129 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14130 0 \
14131 -s "Protocol is TLSv1.3" \
14132 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14133 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14134 -s "HRR selected_group: x25519"
14135
14136requires_config_enabled MBEDTLS_SSL_SRV_C
14137requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14138requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14139requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14140requires_gnutls_tls1_3
14141requires_gnutls_next_no_ticket
14142requires_gnutls_next_disable_tls13_compat
14143run_test "TLS 1.3 G->m: HRR secp256r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14144 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14145 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14146 0 \
14147 -s "Protocol is TLSv1.3" \
14148 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14149 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14150 -s "HRR selected_group: x448"
14151
14152requires_config_enabled MBEDTLS_SSL_SRV_C
14153requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14154requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14155requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14156requires_gnutls_tls1_3
14157requires_gnutls_next_no_ticket
14158requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14159run_test "TLS 1.3 G->m: HRR secp256r1 -> ffdhe2048" \
14160 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14161 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14162 0 \
14163 -s "Protocol is TLSv1.3" \
14164 -s "got named group: ffdhe2048(0100)" \
14165 -s "Certificate verification was skipped" \
14166 -s "HRR selected_group: ffdhe2048"
14167
14168requires_config_enabled MBEDTLS_SSL_SRV_C
14169requires_config_enabled MBEDTLS_DEBUG_C
14170requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14171requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14172requires_gnutls_tls1_3
14173requires_gnutls_next_no_ticket
14174requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14175run_test "TLS 1.3 G->m: HRR secp256r1 -> ffdhe8192" \
14176 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14177 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
14178 0 \
14179 -s "Protocol is TLSv1.3" \
14180 -s "got named group: ffdhe8192(0104)" \
14181 -s "Certificate verification was skipped" \
14182 -s "HRR selected_group: ffdhe8192"
14183
14184requires_config_enabled MBEDTLS_SSL_SRV_C
14185requires_config_enabled MBEDTLS_DEBUG_C
14186requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14187requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14188requires_gnutls_tls1_3
14189requires_gnutls_next_no_ticket
14190requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14191run_test "TLS 1.3 G->m: HRR secp384r1 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14192 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14193 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14194 0 \
14195 -s "Protocol is TLSv1.3" \
14196 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14197 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14198 -s "HRR selected_group: secp256r1"
14199
14200requires_config_enabled MBEDTLS_SSL_SRV_C
14201requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14202requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14203requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14204requires_gnutls_tls1_3
14205requires_gnutls_next_no_ticket
14206requires_gnutls_next_disable_tls13_compat
14207run_test "TLS 1.3 G->m: HRR secp384r1 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14208 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14209 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14210 0 \
14211 -s "Protocol is TLSv1.3" \
14212 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14213 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14214 -s "HRR selected_group: secp521r1"
14215
14216requires_config_enabled MBEDTLS_SSL_SRV_C
14217requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14218requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14219requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14220requires_gnutls_tls1_3
14221requires_gnutls_next_no_ticket
14222requires_gnutls_next_disable_tls13_compat
14223run_test "TLS 1.3 G->m: HRR secp384r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14224 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14225 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14226 0 \
14227 -s "Protocol is TLSv1.3" \
14228 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14229 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14230 -s "HRR selected_group: x25519"
14231
14232requires_config_enabled MBEDTLS_SSL_SRV_C
14233requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14234requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14235requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14236requires_gnutls_tls1_3
14237requires_gnutls_next_no_ticket
14238requires_gnutls_next_disable_tls13_compat
14239run_test "TLS 1.3 G->m: HRR secp384r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14240 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14241 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14242 0 \
14243 -s "Protocol is TLSv1.3" \
14244 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14245 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14246 -s "HRR selected_group: x448"
14247
14248requires_config_enabled MBEDTLS_SSL_SRV_C
14249requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14250requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14251requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14252requires_gnutls_tls1_3
14253requires_gnutls_next_no_ticket
14254requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14255run_test "TLS 1.3 G->m: HRR secp384r1 -> ffdhe2048" \
14256 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14257 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14258 0 \
14259 -s "Protocol is TLSv1.3" \
14260 -s "got named group: ffdhe2048(0100)" \
14261 -s "Certificate verification was skipped" \
14262 -s "HRR selected_group: ffdhe2048"
14263
14264requires_config_enabled MBEDTLS_SSL_SRV_C
14265requires_config_enabled MBEDTLS_DEBUG_C
14266requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14267requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14268requires_gnutls_tls1_3
14269requires_gnutls_next_no_ticket
14270requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14271run_test "TLS 1.3 G->m: HRR secp384r1 -> ffdhe8192" \
14272 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14273 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
14274 0 \
14275 -s "Protocol is TLSv1.3" \
14276 -s "got named group: ffdhe8192(0104)" \
14277 -s "Certificate verification was skipped" \
14278 -s "HRR selected_group: ffdhe8192"
14279
14280requires_config_enabled MBEDTLS_SSL_SRV_C
14281requires_config_enabled MBEDTLS_DEBUG_C
14282requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14283requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14284requires_gnutls_tls1_3
14285requires_gnutls_next_no_ticket
14286requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14287run_test "TLS 1.3 G->m: HRR secp521r1 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14288 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14289 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14290 0 \
14291 -s "Protocol is TLSv1.3" \
14292 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14293 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14294 -s "HRR selected_group: secp256r1"
14295
14296requires_config_enabled MBEDTLS_SSL_SRV_C
14297requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14298requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14299requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14300requires_gnutls_tls1_3
14301requires_gnutls_next_no_ticket
14302requires_gnutls_next_disable_tls13_compat
14303run_test "TLS 1.3 G->m: HRR secp521r1 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14304 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14305 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14306 0 \
14307 -s "Protocol is TLSv1.3" \
14308 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14309 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14310 -s "HRR selected_group: secp384r1"
14311
14312requires_config_enabled MBEDTLS_SSL_SRV_C
14313requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14314requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14315requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14316requires_gnutls_tls1_3
14317requires_gnutls_next_no_ticket
14318requires_gnutls_next_disable_tls13_compat
14319run_test "TLS 1.3 G->m: HRR secp521r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14320 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14321 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14322 0 \
14323 -s "Protocol is TLSv1.3" \
14324 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14325 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14326 -s "HRR selected_group: x25519"
14327
14328requires_config_enabled MBEDTLS_SSL_SRV_C
14329requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14331requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14332requires_gnutls_tls1_3
14333requires_gnutls_next_no_ticket
14334requires_gnutls_next_disable_tls13_compat
14335run_test "TLS 1.3 G->m: HRR secp521r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14336 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14337 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14338 0 \
14339 -s "Protocol is TLSv1.3" \
14340 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14341 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14342 -s "HRR selected_group: x448"
14343
14344requires_config_enabled MBEDTLS_SSL_SRV_C
14345requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14346requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14347requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14348requires_gnutls_tls1_3
14349requires_gnutls_next_no_ticket
14350requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14351run_test "TLS 1.3 G->m: HRR secp521r1 -> ffdhe2048" \
14352 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14353 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14354 0 \
14355 -s "Protocol is TLSv1.3" \
14356 -s "got named group: ffdhe2048(0100)" \
14357 -s "Certificate verification was skipped" \
14358 -s "HRR selected_group: ffdhe2048"
14359
14360requires_config_enabled MBEDTLS_SSL_SRV_C
14361requires_config_enabled MBEDTLS_DEBUG_C
14362requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14363requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14364requires_gnutls_tls1_3
14365requires_gnutls_next_no_ticket
14366requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14367run_test "TLS 1.3 G->m: HRR secp521r1 -> ffdhe8192" \
14368 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14369 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
14370 0 \
14371 -s "Protocol is TLSv1.3" \
14372 -s "got named group: ffdhe8192(0104)" \
14373 -s "Certificate verification was skipped" \
14374 -s "HRR selected_group: ffdhe8192"
14375
14376requires_config_enabled MBEDTLS_SSL_SRV_C
14377requires_config_enabled MBEDTLS_DEBUG_C
14378requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14379requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14380requires_gnutls_tls1_3
14381requires_gnutls_next_no_ticket
14382requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14383run_test "TLS 1.3 G->m: HRR x25519 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14384 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14385 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14386 0 \
14387 -s "Protocol is TLSv1.3" \
14388 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14389 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14390 -s "HRR selected_group: secp256r1"
14391
14392requires_config_enabled MBEDTLS_SSL_SRV_C
14393requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14394requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14395requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14396requires_gnutls_tls1_3
14397requires_gnutls_next_no_ticket
14398requires_gnutls_next_disable_tls13_compat
14399run_test "TLS 1.3 G->m: HRR x25519 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14400 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14401 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14402 0 \
14403 -s "Protocol is TLSv1.3" \
14404 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14405 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14406 -s "HRR selected_group: secp384r1"
14407
14408requires_config_enabled MBEDTLS_SSL_SRV_C
14409requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14410requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14411requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14412requires_gnutls_tls1_3
14413requires_gnutls_next_no_ticket
14414requires_gnutls_next_disable_tls13_compat
14415run_test "TLS 1.3 G->m: HRR x25519 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14416 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14417 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14418 0 \
14419 -s "Protocol is TLSv1.3" \
14420 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14421 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14422 -s "HRR selected_group: secp521r1"
14423
14424requires_config_enabled MBEDTLS_SSL_SRV_C
14425requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14426requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14427requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14428requires_gnutls_tls1_3
14429requires_gnutls_next_no_ticket
14430requires_gnutls_next_disable_tls13_compat
14431run_test "TLS 1.3 G->m: HRR x25519 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14432 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14433 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14434 0 \
14435 -s "Protocol is TLSv1.3" \
14436 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14437 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14438 -s "HRR selected_group: x448"
14439
14440requires_config_enabled MBEDTLS_SSL_SRV_C
14441requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14442requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14443requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14444requires_gnutls_tls1_3
14445requires_gnutls_next_no_ticket
14446requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14447run_test "TLS 1.3 G->m: HRR x25519 -> ffdhe2048" \
14448 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14449 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14450 0 \
14451 -s "Protocol is TLSv1.3" \
14452 -s "got named group: ffdhe2048(0100)" \
14453 -s "Certificate verification was skipped" \
14454 -s "HRR selected_group: ffdhe2048"
14455
14456requires_config_enabled MBEDTLS_SSL_SRV_C
14457requires_config_enabled MBEDTLS_DEBUG_C
14458requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14459requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14460requires_gnutls_tls1_3
14461requires_gnutls_next_no_ticket
14462requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14463run_test "TLS 1.3 G->m: HRR x25519 -> ffdhe8192" \
14464 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14465 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
14466 0 \
14467 -s "Protocol is TLSv1.3" \
14468 -s "got named group: ffdhe8192(0104)" \
14469 -s "Certificate verification was skipped" \
14470 -s "HRR selected_group: ffdhe8192"
14471
14472requires_config_enabled MBEDTLS_SSL_SRV_C
14473requires_config_enabled MBEDTLS_DEBUG_C
14474requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14475requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14476requires_gnutls_tls1_3
14477requires_gnutls_next_no_ticket
14478requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14479run_test "TLS 1.3 G->m: HRR x448 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14480 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14481 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14482 0 \
14483 -s "Protocol is TLSv1.3" \
14484 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14485 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14486 -s "HRR selected_group: secp256r1"
14487
14488requires_config_enabled MBEDTLS_SSL_SRV_C
14489requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14490requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14491requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14492requires_gnutls_tls1_3
14493requires_gnutls_next_no_ticket
14494requires_gnutls_next_disable_tls13_compat
14495run_test "TLS 1.3 G->m: HRR x448 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14496 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14497 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14498 0 \
14499 -s "Protocol is TLSv1.3" \
14500 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14501 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14502 -s "HRR selected_group: secp384r1"
14503
14504requires_config_enabled MBEDTLS_SSL_SRV_C
14505requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14506requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14507requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14508requires_gnutls_tls1_3
14509requires_gnutls_next_no_ticket
14510requires_gnutls_next_disable_tls13_compat
14511run_test "TLS 1.3 G->m: HRR x448 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14512 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14513 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14514 0 \
14515 -s "Protocol is TLSv1.3" \
14516 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14517 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14518 -s "HRR selected_group: secp521r1"
14519
14520requires_config_enabled MBEDTLS_SSL_SRV_C
14521requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14522requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14523requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14524requires_gnutls_tls1_3
14525requires_gnutls_next_no_ticket
14526requires_gnutls_next_disable_tls13_compat
14527run_test "TLS 1.3 G->m: HRR x448 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14528 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14529 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14530 0 \
14531 -s "Protocol is TLSv1.3" \
14532 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14533 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14534 -s "HRR selected_group: x25519"
14535
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14536requires_config_enabled MBEDTLS_SSL_SRV_C
14537requires_config_enabled MBEDTLS_DEBUG_C
14538requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14539requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14540requires_gnutls_tls1_3
14541requires_gnutls_next_no_ticket
14542requires_gnutls_next_disable_tls13_compat
14543run_test "TLS 1.3 G->m: HRR x448 -> ffdhe2048" \
14544 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14545 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14546 0 \
14547 -s "Protocol is TLSv1.3" \
14548 -s "got named group: ffdhe2048(0100)" \
14549 -s "Certificate verification was skipped" \
14550 -s "HRR selected_group: ffdhe2048"
14551
14552requires_config_enabled MBEDTLS_SSL_SRV_C
14553requires_config_enabled MBEDTLS_DEBUG_C
14554requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14555requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14556requires_gnutls_tls1_3
14557requires_gnutls_next_no_ticket
14558requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14559run_test "TLS 1.3 G->m: HRR x448 -> ffdhe8192" \
14560 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14561 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
14562 0 \
14563 -s "Protocol is TLSv1.3" \
14564 -s "got named group: ffdhe8192(0104)" \
14565 -s "Certificate verification was skipped" \
14566 -s "HRR selected_group: ffdhe8192"
14567
14568requires_config_enabled MBEDTLS_SSL_SRV_C
14569requires_config_enabled MBEDTLS_DEBUG_C
14570requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14571requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14572requires_gnutls_tls1_3
14573requires_gnutls_next_no_ticket
14574requires_gnutls_next_disable_tls13_compat
14575run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp256r1" \
14576 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14577 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
14578 0 \
14579 -s "Protocol is TLSv1.3" \
14580 -s "got named group: secp256r1(0017)" \
14581 -s "Certificate verification was skipped" \
14582 -s "HRR selected_group: secp256r1"
14583
14584requires_config_enabled MBEDTLS_SSL_SRV_C
14585requires_config_enabled MBEDTLS_DEBUG_C
14586requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14587requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14588requires_gnutls_tls1_3
14589requires_gnutls_next_no_ticket
14590requires_gnutls_next_disable_tls13_compat
14591run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp384r1" \
14592 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14593 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
14594 0 \
14595 -s "Protocol is TLSv1.3" \
14596 -s "got named group: secp384r1(0018)" \
14597 -s "Certificate verification was skipped" \
14598 -s "HRR selected_group: secp384r1"
14599
14600requires_config_enabled MBEDTLS_SSL_SRV_C
14601requires_config_enabled MBEDTLS_DEBUG_C
14602requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14603requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14604requires_gnutls_tls1_3
14605requires_gnutls_next_no_ticket
14606requires_gnutls_next_disable_tls13_compat
14607run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp521r1" \
14608 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14609 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
14610 0 \
14611 -s "Protocol is TLSv1.3" \
14612 -s "got named group: secp521r1(0019)" \
14613 -s "Certificate verification was skipped" \
14614 -s "HRR selected_group: secp521r1"
14615
14616requires_config_enabled MBEDTLS_SSL_SRV_C
14617requires_config_enabled MBEDTLS_DEBUG_C
14618requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14619requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14620requires_gnutls_tls1_3
14621requires_gnutls_next_no_ticket
14622requires_gnutls_next_disable_tls13_compat
14623run_test "TLS 1.3 G->m: HRR ffdhe2048 -> x25519" \
14624 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14625 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
14626 0 \
14627 -s "Protocol is TLSv1.3" \
14628 -s "got named group: x25519(001d)" \
14629 -s "Certificate verification was skipped" \
14630 -s "HRR selected_group: x25519"
14631
14632requires_config_enabled MBEDTLS_SSL_SRV_C
14633requires_config_enabled MBEDTLS_DEBUG_C
14634requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14635requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14636requires_gnutls_tls1_3
14637requires_gnutls_next_no_ticket
14638requires_gnutls_next_disable_tls13_compat
14639run_test "TLS 1.3 G->m: HRR ffdhe2048 -> x448" \
14640 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14641 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
14642 0 \
14643 -s "Protocol is TLSv1.3" \
14644 -s "got named group: x448(001e)" \
14645 -s "Certificate verification was skipped" \
14646 -s "HRR selected_group: x448"
14647
14648requires_config_enabled MBEDTLS_SSL_SRV_C
14649requires_config_enabled MBEDTLS_DEBUG_C
14650requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14651requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14652requires_gnutls_tls1_3
14653requires_gnutls_next_no_ticket
14654requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14655run_test "TLS 1.3 G->m: HRR ffdhe2048 -> ffdhe8192" \
14656 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14657 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
14658 0 \
14659 -s "Protocol is TLSv1.3" \
14660 -s "got named group: ffdhe8192(0104)" \
14661 -s "Certificate verification was skipped" \
14662 -s "HRR selected_group: ffdhe8192"
14663
14664requires_config_enabled MBEDTLS_SSL_SRV_C
14665requires_config_enabled MBEDTLS_DEBUG_C
14666requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14667requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14668requires_gnutls_tls1_3
14669requires_gnutls_next_no_ticket
14670requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14671run_test "TLS 1.3 G->m: HRR ffdhe8192 -> secp256r1" \
14672 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14673 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
14674 0 \
14675 -s "Protocol is TLSv1.3" \
14676 -s "got named group: secp256r1(0017)" \
14677 -s "Certificate verification was skipped" \
14678 -s "HRR selected_group: secp256r1"
14679
14680requires_config_enabled MBEDTLS_SSL_SRV_C
14681requires_config_enabled MBEDTLS_DEBUG_C
14682requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14683requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14684requires_gnutls_tls1_3
14685requires_gnutls_next_no_ticket
14686requires_gnutls_next_disable_tls13_compat
14687run_test "TLS 1.3 G->m: HRR ffdhe8192 -> secp384r1" \
14688 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14689 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
14690 0 \
14691 -s "Protocol is TLSv1.3" \
14692 -s "got named group: secp384r1(0018)" \
14693 -s "Certificate verification was skipped" \
14694 -s "HRR selected_group: secp384r1"
14695
14696requires_config_enabled MBEDTLS_SSL_SRV_C
14697requires_config_enabled MBEDTLS_DEBUG_C
14698requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14699requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14700requires_gnutls_tls1_3
14701requires_gnutls_next_no_ticket
14702requires_gnutls_next_disable_tls13_compat
14703run_test "TLS 1.3 G->m: HRR ffdhe8192 -> secp521r1" \
14704 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14705 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
14706 0 \
14707 -s "Protocol is TLSv1.3" \
14708 -s "got named group: secp521r1(0019)" \
14709 -s "Certificate verification was skipped" \
14710 -s "HRR selected_group: secp521r1"
14711
14712requires_config_enabled MBEDTLS_SSL_SRV_C
14713requires_config_enabled MBEDTLS_DEBUG_C
14714requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14715requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14716requires_gnutls_tls1_3
14717requires_gnutls_next_no_ticket
14718requires_gnutls_next_disable_tls13_compat
14719run_test "TLS 1.3 G->m: HRR ffdhe8192 -> x25519" \
14720 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14721 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
14722 0 \
14723 -s "Protocol is TLSv1.3" \
14724 -s "got named group: x25519(001d)" \
14725 -s "Certificate verification was skipped" \
14726 -s "HRR selected_group: x25519"
14727
14728requires_config_enabled MBEDTLS_SSL_SRV_C
14729requires_config_enabled MBEDTLS_DEBUG_C
14730requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14731requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14732requires_gnutls_tls1_3
14733requires_gnutls_next_no_ticket
14734requires_gnutls_next_disable_tls13_compat
14735run_test "TLS 1.3 G->m: HRR ffdhe8192 -> x448" \
14736 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14737 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
14738 0 \
14739 -s "Protocol is TLSv1.3" \
14740 -s "got named group: x448(001e)" \
14741 -s "Certificate verification was skipped" \
14742 -s "HRR selected_group: x448"
14743
14744requires_config_enabled MBEDTLS_SSL_SRV_C
14745requires_config_enabled MBEDTLS_DEBUG_C
14746requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14747requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14748requires_gnutls_tls1_3
14749requires_gnutls_next_no_ticket
14750requires_gnutls_next_disable_tls13_compat
14751run_test "TLS 1.3 G->m: HRR ffdhe8192 -> ffdhe2048" \
14752 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14753 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14754 0 \
14755 -s "Protocol is TLSv1.3" \
14756 -s "got named group: ffdhe2048(0100)" \
14757 -s "Certificate verification was skipped" \
14758 -s "HRR selected_group: ffdhe2048"
14759
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14760requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]14761requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14762requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14763requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]14764requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]14765run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14766 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14767 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]14768 0 \
14769 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14770 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]14771 -c "NamedGroup: secp256r1 ( 17 )" \
14772 -c "NamedGroup: secp384r1 ( 18 )" \
14773 -c "Verifying peer X.509 certificate... ok" \
14774 -c "received HelloRetryRequest message" \
14775 -c "selected_group ( 24 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]14776
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]14777requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]14778requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14779requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14780requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]14781requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]14782run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14783 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14784 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]14785 0 \
14786 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14787 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]14788 -c "NamedGroup: secp256r1 ( 17 )" \
14789 -c "NamedGroup: secp521r1 ( 19 )" \
14790 -c "Verifying peer X.509 certificate... ok" \
14791 -c "received HelloRetryRequest message" \
14792 -c "selected_group ( 25 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]14793
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]14794requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]14795requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14796requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14797requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]14798requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]14799run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14800 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14801 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]14802 0 \
14803 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14804 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]14805 -c "NamedGroup: secp256r1 ( 17 )" \
14806 -c "NamedGroup: x25519 ( 1d )" \
14807 -c "Verifying peer X.509 certificate... ok" \
14808 -c "received HelloRetryRequest message" \
14809 -c "selected_group ( 29 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]14810
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]14811requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]14812requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14813requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14814requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]14815requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]14816run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14817 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14818 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]14819 0 \
14820 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14821 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]14822 -c "NamedGroup: secp256r1 ( 17 )" \
14823 -c "NamedGroup: x448 ( 1e )" \
14824 -c "Verifying peer X.509 certificate... ok" \
14825 -c "received HelloRetryRequest message" \
14826 -c "selected_group ( 30 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]14827
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14828requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14829requires_openssl_3_x
14830requires_config_enabled MBEDTLS_SSL_CLI_C
14831requires_config_enabled MBEDTLS_DEBUG_C
14832requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14833requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14834run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe2048" \
14835 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
14836 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe2048" \
14837 0 \
14838 -c "HTTP/1.0 200 ok" \
14839 -c "Protocol is TLSv1.3" \
14840 -c "NamedGroup: secp256r1 ( 17 )" \
14841 -c "NamedGroup: ffdhe2048 ( 100 )" \
14842 -c "Verifying peer X.509 certificate... ok" \
14843 -c "received HelloRetryRequest message" \
14844 -c "selected_group ( 256 )"
14845
14846requires_openssl_tls1_3
14847requires_openssl_3_x
14848requires_config_enabled MBEDTLS_SSL_CLI_C
14849requires_config_enabled MBEDTLS_DEBUG_C
14850requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14851requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14852run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe8192" \
14853 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
14854 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe8192" \
14855 0 \
14856 -c "HTTP/1.0 200 ok" \
14857 -c "Protocol is TLSv1.3" \
14858 -c "NamedGroup: secp256r1 ( 17 )" \
14859 -c "NamedGroup: ffdhe8192 ( 104 )" \
14860 -c "Verifying peer X.509 certificate... ok" \
14861 -c "received HelloRetryRequest message" \
14862 -c "selected_group ( 260 )"
14863
14864requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14865requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14866requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14867requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14868requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14869run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14870 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14871 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14872 0 \
14873 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14874 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14875 -c "NamedGroup: secp384r1 ( 18 )" \
14876 -c "NamedGroup: secp256r1 ( 17 )" \
14877 -c "Verifying peer X.509 certificate... ok" \
14878 -c "received HelloRetryRequest message" \
14879 -c "selected_group ( 23 )"
14880
14881requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14882requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14883requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14885requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14886run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14887 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14888 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14889 0 \
14890 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14891 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14892 -c "NamedGroup: secp384r1 ( 18 )" \
14893 -c "NamedGroup: secp521r1 ( 19 )" \
14894 -c "Verifying peer X.509 certificate... ok" \
14895 -c "received HelloRetryRequest message" \
14896 -c "selected_group ( 25 )"
14897
14898requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14899requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14900requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14901requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14902requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14903run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14904 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14905 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14906 0 \
14907 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14908 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14909 -c "NamedGroup: secp384r1 ( 18 )" \
14910 -c "NamedGroup: x25519 ( 1d )" \
14911 -c "Verifying peer X.509 certificate... ok" \
14912 -c "received HelloRetryRequest message" \
14913 -c "selected_group ( 29 )"
14914
14915requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14916requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14917requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14918requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14919requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14920run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14921 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14922 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14923 0 \
14924 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14925 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14926 -c "NamedGroup: secp384r1 ( 18 )" \
14927 -c "NamedGroup: x448 ( 1e )" \
14928 -c "Verifying peer X.509 certificate... ok" \
14929 -c "received HelloRetryRequest message" \
14930 -c "selected_group ( 30 )"
14931
14932requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14933requires_openssl_3_x
14934requires_config_enabled MBEDTLS_SSL_CLI_C
14935requires_config_enabled MBEDTLS_DEBUG_C
14936requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14937requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14938run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe2048" \
14939 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
14940 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe2048" \
14941 0 \
14942 -c "HTTP/1.0 200 ok" \
14943 -c "Protocol is TLSv1.3" \
14944 -c "NamedGroup: secp384r1 ( 18 )" \
14945 -c "NamedGroup: ffdhe2048 ( 100 )" \
14946 -c "Verifying peer X.509 certificate... ok" \
14947 -c "received HelloRetryRequest message" \
14948 -c "selected_group ( 256 )"
14949
14950requires_openssl_tls1_3
14951requires_openssl_3_x
14952requires_config_enabled MBEDTLS_SSL_CLI_C
14953requires_config_enabled MBEDTLS_DEBUG_C
14954requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14955requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14956run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe8192" \
14957 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
14958 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe8192" \
14959 0 \
14960 -c "HTTP/1.0 200 ok" \
14961 -c "Protocol is TLSv1.3" \
14962 -c "NamedGroup: secp384r1 ( 18 )" \
14963 -c "NamedGroup: ffdhe8192 ( 104 )" \
14964 -c "Verifying peer X.509 certificate... ok" \
14965 -c "received HelloRetryRequest message" \
14966 -c "selected_group ( 260 )"
14967
14968requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14969requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14970requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14971requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14972requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14973run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14974 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14975 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14976 0 \
14977 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14978 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14979 -c "NamedGroup: secp521r1 ( 19 )" \
14980 -c "NamedGroup: secp256r1 ( 17 )" \
14981 -c "Verifying peer X.509 certificate... ok" \
14982 -c "received HelloRetryRequest message" \
14983 -c "selected_group ( 23 )"
14984
14985requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14986requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14987requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14988requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14989requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14990run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14991 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14992 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14993 0 \
14994 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14995 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14996 -c "NamedGroup: secp521r1 ( 19 )" \
14997 -c "NamedGroup: secp384r1 ( 18 )" \
14998 -c "Verifying peer X.509 certificate... ok" \
14999 -c "received HelloRetryRequest message" \
15000 -c "selected_group ( 24 )"
15001
15002requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15003requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15004requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15005requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15006requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15007run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15008 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15009 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15010 0 \
15011 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15012 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15013 -c "NamedGroup: secp521r1 ( 19 )" \
15014 -c "NamedGroup: x25519 ( 1d )" \
15015 -c "Verifying peer X.509 certificate... ok" \
15016 -c "received HelloRetryRequest message" \
15017 -c "selected_group ( 29 )"
15018
15019requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15020requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15021requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15022requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15023requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15024run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15025 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15026 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15027 0 \
15028 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15029 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15030 -c "NamedGroup: secp521r1 ( 19 )" \
15031 -c "NamedGroup: x448 ( 1e )" \
15032 -c "Verifying peer X.509 certificate... ok" \
15033 -c "received HelloRetryRequest message" \
15034 -c "selected_group ( 30 )"
15035
15036requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15037requires_openssl_3_x
15038requires_config_enabled MBEDTLS_SSL_CLI_C
15039requires_config_enabled MBEDTLS_DEBUG_C
15040requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15041requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15042run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe2048" \
15043 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15044 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe2048" \
15045 0 \
15046 -c "HTTP/1.0 200 ok" \
15047 -c "Protocol is TLSv1.3" \
15048 -c "NamedGroup: secp521r1 ( 19 )" \
15049 -c "NamedGroup: ffdhe2048 ( 100 )" \
15050 -c "Verifying peer X.509 certificate... ok" \
15051 -c "received HelloRetryRequest message" \
15052 -c "selected_group ( 256 )"
15053
15054requires_openssl_tls1_3
15055requires_openssl_3_x
15056requires_config_enabled MBEDTLS_SSL_CLI_C
15057requires_config_enabled MBEDTLS_DEBUG_C
15058requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15059requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15060run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe8192" \
15061 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15062 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe8192" \
15063 0 \
15064 -c "HTTP/1.0 200 ok" \
15065 -c "Protocol is TLSv1.3" \
15066 -c "NamedGroup: secp521r1 ( 19 )" \
15067 -c "NamedGroup: ffdhe8192 ( 104 )" \
15068 -c "Verifying peer X.509 certificate... ok" \
15069 -c "received HelloRetryRequest message" \
15070 -c "selected_group ( 260 )"
15071
15072requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15073requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15074requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15075requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15076requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15077run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15078 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15079 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15080 0 \
15081 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15082 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15083 -c "NamedGroup: x25519 ( 1d )" \
15084 -c "NamedGroup: secp256r1 ( 17 )" \
15085 -c "Verifying peer X.509 certificate... ok" \
15086 -c "received HelloRetryRequest message" \
15087 -c "selected_group ( 23 )"
15088
15089requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15090requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15091requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15092requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15093requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15094run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15095 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15096 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15097 0 \
15098 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15099 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15100 -c "NamedGroup: x25519 ( 1d )" \
15101 -c "NamedGroup: secp384r1 ( 18 )" \
15102 -c "Verifying peer X.509 certificate... ok" \
15103 -c "received HelloRetryRequest message" \
15104 -c "selected_group ( 24 )"
15105
15106requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15107requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15108requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15109requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15110requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15111run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15112 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15113 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15114 0 \
15115 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15116 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15117 -c "NamedGroup: x25519 ( 1d )" \
15118 -c "NamedGroup: secp521r1 ( 19 )" \
15119 -c "Verifying peer X.509 certificate... ok" \
15120 -c "received HelloRetryRequest message" \
15121 -c "selected_group ( 25 )"
15122
15123requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15124requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15125requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15126requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15127requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15128run_test "TLS 1.3 m->O: HRR x25519 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15129 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15130 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15131 0 \
15132 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15133 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15134 -c "NamedGroup: x25519 ( 1d )" \
15135 -c "NamedGroup: x448 ( 1e )" \
15136 -c "Verifying peer X.509 certificate... ok" \
15137 -c "received HelloRetryRequest message" \
15138 -c "selected_group ( 30 )"
15139
15140requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15141requires_openssl_3_x
15142requires_config_enabled MBEDTLS_SSL_CLI_C
15143requires_config_enabled MBEDTLS_DEBUG_C
15144requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15145requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15146run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe2048" \
15147 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15148 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe2048" \
15149 0 \
15150 -c "HTTP/1.0 200 ok" \
15151 -c "Protocol is TLSv1.3" \
15152 -c "NamedGroup: x25519 ( 1d )" \
15153 -c "NamedGroup: ffdhe2048 ( 100 )" \
15154 -c "Verifying peer X.509 certificate... ok" \
15155 -c "received HelloRetryRequest message" \
15156 -c "selected_group ( 256 )"
15157
15158requires_openssl_tls1_3
15159requires_openssl_3_x
15160requires_config_enabled MBEDTLS_SSL_CLI_C
15161requires_config_enabled MBEDTLS_DEBUG_C
15162requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15163requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15164run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe8192" \
15165 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15166 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe8192" \
15167 0 \
15168 -c "HTTP/1.0 200 ok" \
15169 -c "Protocol is TLSv1.3" \
15170 -c "NamedGroup: x25519 ( 1d )" \
15171 -c "NamedGroup: ffdhe8192 ( 104 )" \
15172 -c "Verifying peer X.509 certificate... ok" \
15173 -c "received HelloRetryRequest message" \
15174 -c "selected_group ( 260 )"
15175
15176requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15177requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15178requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15179requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15180requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15181run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15182 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15183 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15184 0 \
15185 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15186 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15187 -c "NamedGroup: x448 ( 1e )" \
15188 -c "NamedGroup: secp256r1 ( 17 )" \
15189 -c "Verifying peer X.509 certificate... ok" \
15190 -c "received HelloRetryRequest message" \
15191 -c "selected_group ( 23 )"
15192
15193requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15194requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15195requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15196requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15197requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15198run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15199 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15200 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15201 0 \
15202 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15203 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15204 -c "NamedGroup: x448 ( 1e )" \
15205 -c "NamedGroup: secp384r1 ( 18 )" \
15206 -c "Verifying peer X.509 certificate... ok" \
15207 -c "received HelloRetryRequest message" \
15208 -c "selected_group ( 24 )"
15209
15210requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15211requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15212requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15213requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15214requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15215run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15216 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15217 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15218 0 \
15219 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15220 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15221 -c "NamedGroup: x448 ( 1e )" \
15222 -c "NamedGroup: secp521r1 ( 19 )" \
15223 -c "Verifying peer X.509 certificate... ok" \
15224 -c "received HelloRetryRequest message" \
15225 -c "selected_group ( 25 )"
15226
15227requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15228requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15229requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15230requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15231requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15232run_test "TLS 1.3 m->O: HRR x448 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15233 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15234 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15235 0 \
15236 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15237 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15238 -c "NamedGroup: x448 ( 1e )" \
15239 -c "NamedGroup: x25519 ( 1d )" \
15240 -c "Verifying peer X.509 certificate... ok" \
15241 -c "received HelloRetryRequest message" \
15242 -c "selected_group ( 29 )"
15243
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15244requires_openssl_tls1_3
15245requires_openssl_3_x
15246requires_config_enabled MBEDTLS_SSL_CLI_C
15247requires_config_enabled MBEDTLS_DEBUG_C
15248requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15249requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15250run_test "TLS 1.3 m->O: HRR x448 -> ffdhe2048" \
15251 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15252 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe2048" \
15253 0 \
15254 -c "HTTP/1.0 200 ok" \
15255 -c "Protocol is TLSv1.3" \
15256 -c "NamedGroup: x448 ( 1e )" \
15257 -c "NamedGroup: ffdhe2048 ( 100 )" \
15258 -c "Verifying peer X.509 certificate... ok" \
15259 -c "received HelloRetryRequest message" \
15260 -c "selected_group ( 256 )"
15261
15262requires_openssl_tls1_3
15263requires_openssl_3_x
15264requires_config_enabled MBEDTLS_SSL_CLI_C
15265requires_config_enabled MBEDTLS_DEBUG_C
15266requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15267requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15268run_test "TLS 1.3 m->O: HRR x448 -> ffdhe8192" \
15269 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15270 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe8192" \
15271 0 \
15272 -c "HTTP/1.0 200 ok" \
15273 -c "Protocol is TLSv1.3" \
15274 -c "NamedGroup: x448 ( 1e )" \
15275 -c "NamedGroup: ffdhe8192 ( 104 )" \
15276 -c "Verifying peer X.509 certificate... ok" \
15277 -c "received HelloRetryRequest message" \
15278 -c "selected_group ( 260 )"
15279
15280requires_openssl_tls1_3
15281requires_config_enabled MBEDTLS_SSL_CLI_C
15282requires_config_enabled MBEDTLS_DEBUG_C
15283requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15284requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15285run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp256r1" \
15286 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15287 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp256r1" \
15288 0 \
15289 -c "HTTP/1.0 200 ok" \
15290 -c "Protocol is TLSv1.3" \
15291 -c "NamedGroup: ffdhe2048 ( 100 )" \
15292 -c "NamedGroup: secp256r1 ( 17 )" \
15293 -c "Verifying peer X.509 certificate... ok" \
15294 -c "received HelloRetryRequest message" \
15295 -c "selected_group ( 23 )"
15296
15297requires_openssl_tls1_3
15298requires_config_enabled MBEDTLS_SSL_CLI_C
15299requires_config_enabled MBEDTLS_DEBUG_C
15300requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15301requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15302run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp384r1" \
15303 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15304 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp384r1" \
15305 0 \
15306 -c "HTTP/1.0 200 ok" \
15307 -c "Protocol is TLSv1.3" \
15308 -c "NamedGroup: ffdhe2048 ( 100 )" \
15309 -c "NamedGroup: secp384r1 ( 18 )" \
15310 -c "Verifying peer X.509 certificate... ok" \
15311 -c "received HelloRetryRequest message" \
15312 -c "selected_group ( 24 )"
15313
15314requires_openssl_tls1_3
15315requires_config_enabled MBEDTLS_SSL_CLI_C
15316requires_config_enabled MBEDTLS_DEBUG_C
15317requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15318requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15319run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp521r1" \
15320 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15321 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp521r1" \
15322 0 \
15323 -c "HTTP/1.0 200 ok" \
15324 -c "Protocol is TLSv1.3" \
15325 -c "NamedGroup: ffdhe2048 ( 100 )" \
15326 -c "NamedGroup: secp521r1 ( 19 )" \
15327 -c "Verifying peer X.509 certificate... ok" \
15328 -c "received HelloRetryRequest message" \
15329 -c "selected_group ( 25 )"
15330
15331requires_openssl_tls1_3
15332requires_config_enabled MBEDTLS_SSL_CLI_C
15333requires_config_enabled MBEDTLS_DEBUG_C
15334requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15335requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15336run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x25519" \
15337 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15338 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x25519" \
15339 0 \
15340 -c "HTTP/1.0 200 ok" \
15341 -c "Protocol is TLSv1.3" \
15342 -c "NamedGroup: ffdhe2048 ( 100 )" \
15343 -c "NamedGroup: x25519 ( 1d )" \
15344 -c "Verifying peer X.509 certificate... ok" \
15345 -c "received HelloRetryRequest message" \
15346 -c "selected_group ( 29 )"
15347
15348requires_openssl_tls1_3
15349requires_config_enabled MBEDTLS_SSL_CLI_C
15350requires_config_enabled MBEDTLS_DEBUG_C
15351requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15352requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15353run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x448" \
15354 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15355 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x448" \
15356 0 \
15357 -c "HTTP/1.0 200 ok" \
15358 -c "Protocol is TLSv1.3" \
15359 -c "NamedGroup: ffdhe2048 ( 100 )" \
15360 -c "NamedGroup: x448 ( 1e )" \
15361 -c "Verifying peer X.509 certificate... ok" \
15362 -c "received HelloRetryRequest message" \
15363 -c "selected_group ( 30 )"
15364
15365requires_openssl_tls1_3
15366requires_openssl_3_x
15367requires_config_enabled MBEDTLS_SSL_CLI_C
15368requires_config_enabled MBEDTLS_DEBUG_C
15369requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15370requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15371run_test "TLS 1.3 m->O: HRR ffdhe2048 -> ffdhe8192" \
15372 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15373 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe8192" \
15374 0 \
15375 -c "HTTP/1.0 200 ok" \
15376 -c "Protocol is TLSv1.3" \
15377 -c "NamedGroup: ffdhe2048 ( 100 )" \
15378 -c "NamedGroup: ffdhe8192 ( 104 )" \
15379 -c "Verifying peer X.509 certificate... ok" \
15380 -c "received HelloRetryRequest message" \
15381 -c "selected_group ( 260 )"
15382
15383requires_openssl_tls1_3
15384requires_config_enabled MBEDTLS_SSL_CLI_C
15385requires_config_enabled MBEDTLS_DEBUG_C
15386requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15387requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15388run_test "TLS 1.3 m->O: HRR ffdhe8192 -> secp256r1" \
15389 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15390 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp256r1" \
15391 0 \
15392 -c "HTTP/1.0 200 ok" \
15393 -c "Protocol is TLSv1.3" \
15394 -c "NamedGroup: ffdhe8192 ( 104 )" \
15395 -c "NamedGroup: secp256r1 ( 17 )" \
15396 -c "Verifying peer X.509 certificate... ok" \
15397 -c "received HelloRetryRequest message" \
15398 -c "selected_group ( 23 )"
15399
15400requires_openssl_tls1_3
15401requires_config_enabled MBEDTLS_SSL_CLI_C
15402requires_config_enabled MBEDTLS_DEBUG_C
15403requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15404requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15405run_test "TLS 1.3 m->O: HRR ffdhe8192 -> secp384r1" \
15406 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15407 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp384r1" \
15408 0 \
15409 -c "HTTP/1.0 200 ok" \
15410 -c "Protocol is TLSv1.3" \
15411 -c "NamedGroup: ffdhe8192 ( 104 )" \
15412 -c "NamedGroup: secp384r1 ( 18 )" \
15413 -c "Verifying peer X.509 certificate... ok" \
15414 -c "received HelloRetryRequest message" \
15415 -c "selected_group ( 24 )"
15416
15417requires_openssl_tls1_3
15418requires_config_enabled MBEDTLS_SSL_CLI_C
15419requires_config_enabled MBEDTLS_DEBUG_C
15420requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15421requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15422run_test "TLS 1.3 m->O: HRR ffdhe8192 -> secp521r1" \
15423 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15424 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp521r1" \
15425 0 \
15426 -c "HTTP/1.0 200 ok" \
15427 -c "Protocol is TLSv1.3" \
15428 -c "NamedGroup: ffdhe8192 ( 104 )" \
15429 -c "NamedGroup: secp521r1 ( 19 )" \
15430 -c "Verifying peer X.509 certificate... ok" \
15431 -c "received HelloRetryRequest message" \
15432 -c "selected_group ( 25 )"
15433
15434requires_openssl_tls1_3
15435requires_config_enabled MBEDTLS_SSL_CLI_C
15436requires_config_enabled MBEDTLS_DEBUG_C
15437requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15438requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15439run_test "TLS 1.3 m->O: HRR ffdhe8192 -> x25519" \
15440 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15441 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x25519" \
15442 0 \
15443 -c "HTTP/1.0 200 ok" \
15444 -c "Protocol is TLSv1.3" \
15445 -c "NamedGroup: ffdhe8192 ( 104 )" \
15446 -c "NamedGroup: x25519 ( 1d )" \
15447 -c "Verifying peer X.509 certificate... ok" \
15448 -c "received HelloRetryRequest message" \
15449 -c "selected_group ( 29 )"
15450
15451requires_openssl_tls1_3
15452requires_config_enabled MBEDTLS_SSL_CLI_C
15453requires_config_enabled MBEDTLS_DEBUG_C
15454requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15455requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15456run_test "TLS 1.3 m->O: HRR ffdhe8192 -> x448" \
15457 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15458 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x448" \
15459 0 \
15460 -c "HTTP/1.0 200 ok" \
15461 -c "Protocol is TLSv1.3" \
15462 -c "NamedGroup: ffdhe8192 ( 104 )" \
15463 -c "NamedGroup: x448 ( 1e )" \
15464 -c "Verifying peer X.509 certificate... ok" \
15465 -c "received HelloRetryRequest message" \
15466 -c "selected_group ( 30 )"
15467
15468requires_openssl_tls1_3
15469requires_openssl_3_x
15470requires_config_enabled MBEDTLS_SSL_CLI_C
15471requires_config_enabled MBEDTLS_DEBUG_C
15472requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15473requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15474run_test "TLS 1.3 m->O: HRR ffdhe8192 -> ffdhe2048" \
15475 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15476 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe2048" \
15477 0 \
15478 -c "HTTP/1.0 200 ok" \
15479 -c "Protocol is TLSv1.3" \
15480 -c "NamedGroup: ffdhe8192 ( 104 )" \
15481 -c "NamedGroup: ffdhe2048 ( 100 )" \
15482 -c "Verifying peer X.509 certificate... ok" \
15483 -c "received HelloRetryRequest message" \
15484 -c "selected_group ( 256 )"
15485
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15486requires_gnutls_tls1_3
15487requires_gnutls_next_no_ticket
15488requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15489requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15490requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15491requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15492requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15493run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15494 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15495 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15496 0 \
15497 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15498 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15499 -c "NamedGroup: secp256r1 ( 17 )" \
15500 -c "NamedGroup: secp384r1 ( 18 )" \
15501 -c "Verifying peer X.509 certificate... ok" \
15502 -c "received HelloRetryRequest message" \
15503 -c "selected_group ( 24 )"
15504
15505requires_gnutls_tls1_3
15506requires_gnutls_next_no_ticket
15507requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15508requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15509requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15510requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15511requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15512run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15513 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15514 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15515 0 \
15516 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15517 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15518 -c "NamedGroup: secp256r1 ( 17 )" \
15519 -c "NamedGroup: secp521r1 ( 19 )" \
15520 -c "Verifying peer X.509 certificate... ok" \
15521 -c "received HelloRetryRequest message" \
15522 -c "selected_group ( 25 )"
15523
15524requires_gnutls_tls1_3
15525requires_gnutls_next_no_ticket
15526requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15527requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15528requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15529requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15530requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15531run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15532 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15533 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15534 0 \
15535 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15536 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15537 -c "NamedGroup: secp256r1 ( 17 )" \
15538 -c "NamedGroup: x25519 ( 1d )" \
15539 -c "Verifying peer X.509 certificate... ok" \
15540 -c "received HelloRetryRequest message" \
15541 -c "selected_group ( 29 )"
15542
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15543requires_gnutls_tls1_3
15544requires_gnutls_next_no_ticket
15545requires_gnutls_next_disable_tls13_compat
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15546requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15547requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15548requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15549requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]15550run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15551 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15552 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15553 0 \
15554 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15555 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]15556 -c "NamedGroup: secp256r1 ( 17 )" \
15557 -c "NamedGroup: x448 ( 1e )" \
15558 -c "Verifying peer X.509 certificate... ok" \
15559 -c "received HelloRetryRequest message" \
15560 -c "selected_group ( 30 )"
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15561
15562requires_gnutls_tls1_3
15563requires_gnutls_next_no_ticket
15564requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15565requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15566requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15567requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15568requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15569run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe2048" \
15570 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
15571 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe2048" \
15572 0 \
15573 -c "HTTP/1.0 200 OK" \
15574 -c "Protocol is TLSv1.3" \
15575 -c "NamedGroup: secp256r1 ( 17 )" \
15576 -c "NamedGroup: ffdhe2048 ( 100 )" \
15577 -c "Verifying peer X.509 certificate... ok" \
15578 -c "received HelloRetryRequest message" \
15579 -c "selected_group ( 256 )"
15580
15581requires_gnutls_tls1_3
15582requires_gnutls_next_no_ticket
15583requires_gnutls_next_disable_tls13_compat
15584requires_config_enabled MBEDTLS_SSL_CLI_C
15585requires_config_enabled MBEDTLS_DEBUG_C
15586requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15587requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15588run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe8192" \
15589 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
15590 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe8192" \
15591 0 \
15592 -c "HTTP/1.0 200 OK" \
15593 -c "Protocol is TLSv1.3" \
15594 -c "NamedGroup: secp256r1 ( 17 )" \
15595 -c "NamedGroup: ffdhe8192 ( 104 )" \
15596 -c "Verifying peer X.509 certificate... ok" \
15597 -c "received HelloRetryRequest message" \
15598 -c "selected_group ( 260 )"
15599
15600requires_gnutls_tls1_3
15601requires_gnutls_next_no_ticket
15602requires_gnutls_next_disable_tls13_compat
15603requires_config_enabled MBEDTLS_SSL_CLI_C
15604requires_config_enabled MBEDTLS_DEBUG_C
15605requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15606requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15607run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15608 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15609 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15610 0 \
15611 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15612 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15613 -c "NamedGroup: secp384r1 ( 18 )" \
15614 -c "NamedGroup: secp256r1 ( 17 )" \
15615 -c "Verifying peer X.509 certificate... ok" \
15616 -c "received HelloRetryRequest message" \
15617 -c "selected_group ( 23 )"
15618
15619requires_gnutls_tls1_3
15620requires_gnutls_next_no_ticket
15621requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15622requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15623requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15624requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15625requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15626run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15627 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15628 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15629 0 \
15630 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15631 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15632 -c "NamedGroup: secp384r1 ( 18 )" \
15633 -c "NamedGroup: secp521r1 ( 19 )" \
15634 -c "Verifying peer X.509 certificate... ok" \
15635 -c "received HelloRetryRequest message" \
15636 -c "selected_group ( 25 )"
15637
15638requires_gnutls_tls1_3
15639requires_gnutls_next_no_ticket
15640requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15641requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15642requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15643requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15644requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15645run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15646 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15647 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15648 0 \
15649 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15650 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15651 -c "NamedGroup: secp384r1 ( 18 )" \
15652 -c "NamedGroup: x25519 ( 1d )" \
15653 -c "Verifying peer X.509 certificate... ok" \
15654 -c "received HelloRetryRequest message" \
15655 -c "selected_group ( 29 )"
15656
15657requires_gnutls_tls1_3
15658requires_gnutls_next_no_ticket
15659requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15660requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15661requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15662requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15663requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15664run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15665 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15666 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15667 0 \
15668 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15669 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15670 -c "NamedGroup: secp384r1 ( 18 )" \
15671 -c "NamedGroup: x448 ( 1e )" \
15672 -c "Verifying peer X.509 certificate... ok" \
15673 -c "received HelloRetryRequest message" \
15674 -c "selected_group ( 30 )"
15675
15676requires_gnutls_tls1_3
15677requires_gnutls_next_no_ticket
15678requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15679requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15680requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15681requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15682requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15683run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe2048" \
15684 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
15685 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe2048" \
15686 0 \
15687 -c "HTTP/1.0 200 OK" \
15688 -c "Protocol is TLSv1.3" \
15689 -c "NamedGroup: secp384r1 ( 18 )" \
15690 -c "NamedGroup: ffdhe2048 ( 100 )" \
15691 -c "Verifying peer X.509 certificate... ok" \
15692 -c "received HelloRetryRequest message" \
15693 -c "selected_group ( 256 )"
15694
15695requires_gnutls_tls1_3
15696requires_gnutls_next_no_ticket
15697requires_gnutls_next_disable_tls13_compat
15698requires_config_enabled MBEDTLS_SSL_CLI_C
15699requires_config_enabled MBEDTLS_DEBUG_C
15700requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15701requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15702run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe8192" \
15703 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
15704 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe8192" \
15705 0 \
15706 -c "HTTP/1.0 200 OK" \
15707 -c "Protocol is TLSv1.3" \
15708 -c "NamedGroup: secp384r1 ( 18 )" \
15709 -c "NamedGroup: ffdhe8192 ( 104 )" \
15710 -c "Verifying peer X.509 certificate... ok" \
15711 -c "received HelloRetryRequest message" \
15712 -c "selected_group ( 260 )"
15713
15714requires_gnutls_tls1_3
15715requires_gnutls_next_no_ticket
15716requires_gnutls_next_disable_tls13_compat
15717requires_config_enabled MBEDTLS_SSL_CLI_C
15718requires_config_enabled MBEDTLS_DEBUG_C
15719requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15720requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15721run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15722 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15723 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15724 0 \
15725 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15726 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15727 -c "NamedGroup: secp521r1 ( 19 )" \
15728 -c "NamedGroup: secp256r1 ( 17 )" \
15729 -c "Verifying peer X.509 certificate... ok" \
15730 -c "received HelloRetryRequest message" \
15731 -c "selected_group ( 23 )"
15732
15733requires_gnutls_tls1_3
15734requires_gnutls_next_no_ticket
15735requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15736requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15737requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15738requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15739requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15740run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15741 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15742 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15743 0 \
15744 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15745 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15746 -c "NamedGroup: secp521r1 ( 19 )" \
15747 -c "NamedGroup: secp384r1 ( 18 )" \
15748 -c "Verifying peer X.509 certificate... ok" \
15749 -c "received HelloRetryRequest message" \
15750 -c "selected_group ( 24 )"
15751
15752requires_gnutls_tls1_3
15753requires_gnutls_next_no_ticket
15754requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15755requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15756requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15757requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15758requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15759run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15760 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15761 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15762 0 \
15763 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15764 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15765 -c "NamedGroup: secp521r1 ( 19 )" \
15766 -c "NamedGroup: x25519 ( 1d )" \
15767 -c "Verifying peer X.509 certificate... ok" \
15768 -c "received HelloRetryRequest message" \
15769 -c "selected_group ( 29 )"
15770
15771requires_gnutls_tls1_3
15772requires_gnutls_next_no_ticket
15773requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15774requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15775requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15776requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15777requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15778run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15779 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15780 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15781 0 \
15782 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15783 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15784 -c "NamedGroup: secp521r1 ( 19 )" \
15785 -c "NamedGroup: x448 ( 1e )" \
15786 -c "Verifying peer X.509 certificate... ok" \
15787 -c "received HelloRetryRequest message" \
15788 -c "selected_group ( 30 )"
15789
15790requires_gnutls_tls1_3
15791requires_gnutls_next_no_ticket
15792requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15793requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15794requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15795requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15796requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15797run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe2048" \
15798 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
15799 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe2048" \
15800 0 \
15801 -c "HTTP/1.0 200 OK" \
15802 -c "Protocol is TLSv1.3" \
15803 -c "NamedGroup: secp521r1 ( 19 )" \
15804 -c "NamedGroup: ffdhe2048 ( 100 )" \
15805 -c "Verifying peer X.509 certificate... ok" \
15806 -c "received HelloRetryRequest message" \
15807 -c "selected_group ( 256 )"
15808
15809requires_gnutls_tls1_3
15810requires_gnutls_next_no_ticket
15811requires_gnutls_next_disable_tls13_compat
15812requires_config_enabled MBEDTLS_SSL_CLI_C
15813requires_config_enabled MBEDTLS_DEBUG_C
15814requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15815requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15816run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe8192" \
15817 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
15818 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe8192" \
15819 0 \
15820 -c "HTTP/1.0 200 OK" \
15821 -c "Protocol is TLSv1.3" \
15822 -c "NamedGroup: secp521r1 ( 19 )" \
15823 -c "NamedGroup: ffdhe8192 ( 104 )" \
15824 -c "Verifying peer X.509 certificate... ok" \
15825 -c "received HelloRetryRequest message" \
15826 -c "selected_group ( 260 )"
15827
15828requires_gnutls_tls1_3
15829requires_gnutls_next_no_ticket
15830requires_gnutls_next_disable_tls13_compat
15831requires_config_enabled MBEDTLS_SSL_CLI_C
15832requires_config_enabled MBEDTLS_DEBUG_C
15833requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15834requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15835run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15836 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15837 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15838 0 \
15839 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15840 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15841 -c "NamedGroup: x25519 ( 1d )" \
15842 -c "NamedGroup: secp256r1 ( 17 )" \
15843 -c "Verifying peer X.509 certificate... ok" \
15844 -c "received HelloRetryRequest message" \
15845 -c "selected_group ( 23 )"
15846
15847requires_gnutls_tls1_3
15848requires_gnutls_next_no_ticket
15849requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15850requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15851requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15852requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15853requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15854run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15855 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15856 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15857 0 \
15858 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15859 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15860 -c "NamedGroup: x25519 ( 1d )" \
15861 -c "NamedGroup: secp384r1 ( 18 )" \
15862 -c "Verifying peer X.509 certificate... ok" \
15863 -c "received HelloRetryRequest message" \
15864 -c "selected_group ( 24 )"
15865
15866requires_gnutls_tls1_3
15867requires_gnutls_next_no_ticket
15868requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15869requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15870requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15871requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15872requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15873run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15874 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15875 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15876 0 \
15877 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15878 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15879 -c "NamedGroup: x25519 ( 1d )" \
15880 -c "NamedGroup: secp521r1 ( 19 )" \
15881 -c "Verifying peer X.509 certificate... ok" \
15882 -c "received HelloRetryRequest message" \
15883 -c "selected_group ( 25 )"
15884
15885requires_gnutls_tls1_3
15886requires_gnutls_next_no_ticket
15887requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15888requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15889requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15890requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15891requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15892run_test "TLS 1.3 m->G: HRR x25519 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15893 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15894 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15895 0 \
15896 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15897 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15898 -c "NamedGroup: x25519 ( 1d )" \
15899 -c "NamedGroup: x448 ( 1e )" \
15900 -c "Verifying peer X.509 certificate... ok" \
15901 -c "received HelloRetryRequest message" \
15902 -c "selected_group ( 30 )"
15903
15904requires_gnutls_tls1_3
15905requires_gnutls_next_no_ticket
15906requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15907requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15908requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15909requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15910requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15911run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe2048" \
15912 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
15913 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe2048" \
15914 0 \
15915 -c "HTTP/1.0 200 OK" \
15916 -c "Protocol is TLSv1.3" \
15917 -c "NamedGroup: x25519 ( 1d )" \
15918 -c "NamedGroup: ffdhe2048 ( 100 )" \
15919 -c "Verifying peer X.509 certificate... ok" \
15920 -c "received HelloRetryRequest message" \
15921 -c "selected_group ( 256 )"
15922
15923requires_gnutls_tls1_3
15924requires_gnutls_next_no_ticket
15925requires_gnutls_next_disable_tls13_compat
15926requires_config_enabled MBEDTLS_SSL_CLI_C
15927requires_config_enabled MBEDTLS_DEBUG_C
15928requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15929requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15930run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe8192" \
15931 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
15932 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe8192" \
15933 0 \
15934 -c "HTTP/1.0 200 OK" \
15935 -c "Protocol is TLSv1.3" \
15936 -c "NamedGroup: x25519 ( 1d )" \
15937 -c "NamedGroup: ffdhe8192 ( 104 )" \
15938 -c "Verifying peer X.509 certificate... ok" \
15939 -c "received HelloRetryRequest message" \
15940 -c "selected_group ( 260 )"
15941
15942requires_gnutls_tls1_3
15943requires_gnutls_next_no_ticket
15944requires_gnutls_next_disable_tls13_compat
15945requires_config_enabled MBEDTLS_SSL_CLI_C
15946requires_config_enabled MBEDTLS_DEBUG_C
15947requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15948requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15949run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15950 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15951 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15952 0 \
15953 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15954 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15955 -c "NamedGroup: x448 ( 1e )" \
15956 -c "NamedGroup: secp256r1 ( 17 )" \
15957 -c "Verifying peer X.509 certificate... ok" \
15958 -c "received HelloRetryRequest message" \
15959 -c "selected_group ( 23 )"
15960
15961requires_gnutls_tls1_3
15962requires_gnutls_next_no_ticket
15963requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15964requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15965requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15966requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15967requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15968run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15969 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15970 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15971 0 \
15972 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15973 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15974 -c "NamedGroup: x448 ( 1e )" \
15975 -c "NamedGroup: secp384r1 ( 18 )" \
15976 -c "Verifying peer X.509 certificate... ok" \
15977 -c "received HelloRetryRequest message" \
15978 -c "selected_group ( 24 )"
15979
15980requires_gnutls_tls1_3
15981requires_gnutls_next_no_ticket
15982requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15983requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15984requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15985requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15986requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15987run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15988 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15989 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15990 0 \
15991 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15992 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15993 -c "NamedGroup: x448 ( 1e )" \
15994 -c "NamedGroup: secp521r1 ( 19 )" \
15995 -c "Verifying peer X.509 certificate... ok" \
15996 -c "received HelloRetryRequest message" \
15997 -c "selected_group ( 25 )"
15998
15999requires_gnutls_tls1_3
16000requires_gnutls_next_no_ticket
16001requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16002requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16003requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16004requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16005requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16006run_test "TLS 1.3 m->G: HRR x448 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16007 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16008 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16009 0 \
16010 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16011 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16012 -c "NamedGroup: x448 ( 1e )" \
16013 -c "NamedGroup: x25519 ( 1d )" \
16014 -c "Verifying peer X.509 certificate... ok" \
16015 -c "received HelloRetryRequest message" \
16016 -c "selected_group ( 29 )"
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16017
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16018requires_gnutls_tls1_3
16019requires_gnutls_next_no_ticket
16020requires_gnutls_next_disable_tls13_compat
16021requires_config_enabled MBEDTLS_SSL_CLI_C
16022requires_config_enabled MBEDTLS_DEBUG_C
16023requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16024requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16025run_test "TLS 1.3 m->G: HRR x448 -> ffdhe2048" \
16026 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
16027 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe2048" \
16028 0 \
16029 -c "HTTP/1.0 200 OK" \
16030 -c "Protocol is TLSv1.3" \
16031 -c "NamedGroup: x448 ( 1e )" \
16032 -c "NamedGroup: ffdhe2048 ( 100 )" \
16033 -c "Verifying peer X.509 certificate... ok" \
16034 -c "received HelloRetryRequest message" \
16035 -c "selected_group ( 256 )"
16036
16037requires_gnutls_tls1_3
16038requires_gnutls_next_no_ticket
16039requires_gnutls_next_disable_tls13_compat
16040requires_config_enabled MBEDTLS_SSL_CLI_C
16041requires_config_enabled MBEDTLS_DEBUG_C
16042requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16043requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16044run_test "TLS 1.3 m->G: HRR x448 -> ffdhe8192" \
16045 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
16046 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe8192" \
16047 0 \
16048 -c "HTTP/1.0 200 OK" \
16049 -c "Protocol is TLSv1.3" \
16050 -c "NamedGroup: x448 ( 1e )" \
16051 -c "NamedGroup: ffdhe8192 ( 104 )" \
16052 -c "Verifying peer X.509 certificate... ok" \
16053 -c "received HelloRetryRequest message" \
16054 -c "selected_group ( 260 )"
16055
16056requires_gnutls_tls1_3
16057requires_gnutls_next_no_ticket
16058requires_gnutls_next_disable_tls13_compat
16059requires_config_enabled MBEDTLS_SSL_CLI_C
16060requires_config_enabled MBEDTLS_DEBUG_C
16061requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16062requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16063run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp256r1" \
16064 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
16065 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp256r1" \
16066 0 \
16067 -c "HTTP/1.0 200 OK" \
16068 -c "Protocol is TLSv1.3" \
16069 -c "NamedGroup: ffdhe2048 ( 100 )" \
16070 -c "NamedGroup: secp256r1 ( 17 )" \
16071 -c "Verifying peer X.509 certificate... ok" \
16072 -c "received HelloRetryRequest message" \
16073 -c "selected_group ( 23 )"
16074
16075requires_gnutls_tls1_3
16076requires_gnutls_next_no_ticket
16077requires_gnutls_next_disable_tls13_compat
16078requires_config_enabled MBEDTLS_SSL_CLI_C
16079requires_config_enabled MBEDTLS_DEBUG_C
16080requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16081requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16082run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp384r1" \
16083 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
16084 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp384r1" \
16085 0 \
16086 -c "HTTP/1.0 200 OK" \
16087 -c "Protocol is TLSv1.3" \
16088 -c "NamedGroup: ffdhe2048 ( 100 )" \
16089 -c "NamedGroup: secp384r1 ( 18 )" \
16090 -c "Verifying peer X.509 certificate... ok" \
16091 -c "received HelloRetryRequest message" \
16092 -c "selected_group ( 24 )"
16093
16094requires_gnutls_tls1_3
16095requires_gnutls_next_no_ticket
16096requires_gnutls_next_disable_tls13_compat
16097requires_config_enabled MBEDTLS_SSL_CLI_C
16098requires_config_enabled MBEDTLS_DEBUG_C
16099requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16100requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16101run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp521r1" \
16102 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
16103 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp521r1" \
16104 0 \
16105 -c "HTTP/1.0 200 OK" \
16106 -c "Protocol is TLSv1.3" \
16107 -c "NamedGroup: ffdhe2048 ( 100 )" \
16108 -c "NamedGroup: secp521r1 ( 19 )" \
16109 -c "Verifying peer X.509 certificate... ok" \
16110 -c "received HelloRetryRequest message" \
16111 -c "selected_group ( 25 )"
16112
16113requires_gnutls_tls1_3
16114requires_gnutls_next_no_ticket
16115requires_gnutls_next_disable_tls13_compat
16116requires_config_enabled MBEDTLS_SSL_CLI_C
16117requires_config_enabled MBEDTLS_DEBUG_C
16118requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16119requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16120run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x25519" \
16121 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
16122 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x25519" \
16123 0 \
16124 -c "HTTP/1.0 200 OK" \
16125 -c "Protocol is TLSv1.3" \
16126 -c "NamedGroup: ffdhe2048 ( 100 )" \
16127 -c "NamedGroup: x25519 ( 1d )" \
16128 -c "Verifying peer X.509 certificate... ok" \
16129 -c "received HelloRetryRequest message" \
16130 -c "selected_group ( 29 )"
16131
16132requires_gnutls_tls1_3
16133requires_gnutls_next_no_ticket
16134requires_gnutls_next_disable_tls13_compat
16135requires_config_enabled MBEDTLS_SSL_CLI_C
16136requires_config_enabled MBEDTLS_DEBUG_C
16137requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16138requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16139run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x448" \
16140 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
16141 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x448" \
16142 0 \
16143 -c "HTTP/1.0 200 OK" \
16144 -c "Protocol is TLSv1.3" \
16145 -c "NamedGroup: ffdhe2048 ( 100 )" \
16146 -c "NamedGroup: x448 ( 1e )" \
16147 -c "Verifying peer X.509 certificate... ok" \
16148 -c "received HelloRetryRequest message" \
16149 -c "selected_group ( 30 )"
16150
16151requires_gnutls_tls1_3
16152requires_gnutls_next_no_ticket
16153requires_gnutls_next_disable_tls13_compat
16154requires_config_enabled MBEDTLS_SSL_CLI_C
16155requires_config_enabled MBEDTLS_DEBUG_C
16156requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16157requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16158run_test "TLS 1.3 m->G: HRR ffdhe2048 -> ffdhe8192" \
16159 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
16160 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe8192" \
16161 0 \
16162 -c "HTTP/1.0 200 OK" \
16163 -c "Protocol is TLSv1.3" \
16164 -c "NamedGroup: ffdhe2048 ( 100 )" \
16165 -c "NamedGroup: ffdhe8192 ( 104 )" \
16166 -c "Verifying peer X.509 certificate... ok" \
16167 -c "received HelloRetryRequest message" \
16168 -c "selected_group ( 260 )"
16169
16170requires_gnutls_tls1_3
16171requires_gnutls_next_no_ticket
16172requires_gnutls_next_disable_tls13_compat
16173requires_config_enabled MBEDTLS_SSL_CLI_C
16174requires_config_enabled MBEDTLS_DEBUG_C
16175requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16176requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16177run_test "TLS 1.3 m->G: HRR ffdhe8192 -> secp256r1" \
16178 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
16179 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp256r1" \
16180 0 \
16181 -c "HTTP/1.0 200 OK" \
16182 -c "Protocol is TLSv1.3" \
16183 -c "NamedGroup: ffdhe8192 ( 104 )" \
16184 -c "NamedGroup: secp256r1 ( 17 )" \
16185 -c "Verifying peer X.509 certificate... ok" \
16186 -c "received HelloRetryRequest message" \
16187 -c "selected_group ( 23 )"
16188
16189requires_gnutls_tls1_3
16190requires_gnutls_next_no_ticket
16191requires_gnutls_next_disable_tls13_compat
16192requires_config_enabled MBEDTLS_SSL_CLI_C
16193requires_config_enabled MBEDTLS_DEBUG_C
16194requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16195requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16196run_test "TLS 1.3 m->G: HRR ffdhe8192 -> secp384r1" \
16197 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
16198 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp384r1" \
16199 0 \
16200 -c "HTTP/1.0 200 OK" \
16201 -c "Protocol is TLSv1.3" \
16202 -c "NamedGroup: ffdhe8192 ( 104 )" \
16203 -c "NamedGroup: secp384r1 ( 18 )" \
16204 -c "Verifying peer X.509 certificate... ok" \
16205 -c "received HelloRetryRequest message" \
16206 -c "selected_group ( 24 )"
16207
16208requires_gnutls_tls1_3
16209requires_gnutls_next_no_ticket
16210requires_gnutls_next_disable_tls13_compat
16211requires_config_enabled MBEDTLS_SSL_CLI_C
16212requires_config_enabled MBEDTLS_DEBUG_C
16213requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16214requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16215run_test "TLS 1.3 m->G: HRR ffdhe8192 -> secp521r1" \
16216 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
16217 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp521r1" \
16218 0 \
16219 -c "HTTP/1.0 200 OK" \
16220 -c "Protocol is TLSv1.3" \
16221 -c "NamedGroup: ffdhe8192 ( 104 )" \
16222 -c "NamedGroup: secp521r1 ( 19 )" \
16223 -c "Verifying peer X.509 certificate... ok" \
16224 -c "received HelloRetryRequest message" \
16225 -c "selected_group ( 25 )"
16226
16227requires_gnutls_tls1_3
16228requires_gnutls_next_no_ticket
16229requires_gnutls_next_disable_tls13_compat
16230requires_config_enabled MBEDTLS_SSL_CLI_C
16231requires_config_enabled MBEDTLS_DEBUG_C
16232requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16233requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16234run_test "TLS 1.3 m->G: HRR ffdhe8192 -> x25519" \
16235 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
16236 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x25519" \
16237 0 \
16238 -c "HTTP/1.0 200 OK" \
16239 -c "Protocol is TLSv1.3" \
16240 -c "NamedGroup: ffdhe8192 ( 104 )" \
16241 -c "NamedGroup: x25519 ( 1d )" \
16242 -c "Verifying peer X.509 certificate... ok" \
16243 -c "received HelloRetryRequest message" \
16244 -c "selected_group ( 29 )"
16245
16246requires_gnutls_tls1_3
16247requires_gnutls_next_no_ticket
16248requires_gnutls_next_disable_tls13_compat
16249requires_config_enabled MBEDTLS_SSL_CLI_C
16250requires_config_enabled MBEDTLS_DEBUG_C
16251requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16252requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16253run_test "TLS 1.3 m->G: HRR ffdhe8192 -> x448" \
16254 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
16255 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x448" \
16256 0 \
16257 -c "HTTP/1.0 200 OK" \
16258 -c "Protocol is TLSv1.3" \
16259 -c "NamedGroup: ffdhe8192 ( 104 )" \
16260 -c "NamedGroup: x448 ( 1e )" \
16261 -c "Verifying peer X.509 certificate... ok" \
16262 -c "received HelloRetryRequest message" \
16263 -c "selected_group ( 30 )"
16264
16265requires_gnutls_tls1_3
16266requires_gnutls_next_no_ticket
16267requires_gnutls_next_disable_tls13_compat
16268requires_config_enabled MBEDTLS_SSL_CLI_C
16269requires_config_enabled MBEDTLS_DEBUG_C
16270requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16271requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16272run_test "TLS 1.3 m->G: HRR ffdhe8192 -> ffdhe2048" \
16273 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
16274 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe2048" \
16275 0 \
16276 -c "HTTP/1.0 200 OK" \
16277 -c "Protocol is TLSv1.3" \
16278 -c "NamedGroup: ffdhe8192 ( 104 )" \
16279 -c "NamedGroup: ffdhe2048 ( 100 )" \
16280 -c "Verifying peer X.509 certificate... ok" \
16281 -c "received HelloRetryRequest message" \
16282 -c "selected_group ( 256 )"
16283
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16284requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16285requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16286requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16287requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16288requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16289requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16290requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16291requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16292run_test "TLS 1.3 m->m: HRR secp256r1 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16293 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16294 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16295 0 \
16296 -s "Protocol is TLSv1.3" \
16297 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16298 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16299 -c "Protocol is TLSv1.3" \
16300 -c "NamedGroup: secp256r1 ( 17 )" \
16301 -c "NamedGroup: secp384r1 ( 18 )" \
16302 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16303 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16304 -c "received HelloRetryRequest message" \
16305 -c "selected_group ( 24 )"
16306
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16307requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16308requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16309requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16310requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16311requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16312requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16313requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16314requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16315run_test "TLS 1.3 m->m: HRR secp256r1 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16316 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16317 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16318 0 \
16319 -s "Protocol is TLSv1.3" \
16320 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16321 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16322 -c "Protocol is TLSv1.3" \
16323 -c "NamedGroup: secp256r1 ( 17 )" \
16324 -c "NamedGroup: secp521r1 ( 19 )" \
16325 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16326 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16327 -c "received HelloRetryRequest message" \
16328 -c "selected_group ( 25 )"
16329
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16330requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16331requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16332requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16333requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16334requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16335requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16336requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16337requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16338run_test "TLS 1.3 m->m: HRR secp256r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16339 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16340 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16341 0 \
16342 -s "Protocol is TLSv1.3" \
16343 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16344 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16345 -c "Protocol is TLSv1.3" \
16346 -c "NamedGroup: secp256r1 ( 17 )" \
16347 -c "NamedGroup: x25519 ( 1d )" \
16348 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16349 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16350 -c "received HelloRetryRequest message" \
16351 -c "selected_group ( 29 )"
16352
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16353requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16354requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16355requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16356requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16357requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16358requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16359requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16360requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16361run_test "TLS 1.3 m->m: HRR secp256r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16362 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16363 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16364 0 \
16365 -s "Protocol is TLSv1.3" \
16366 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16367 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16368 -c "Protocol is TLSv1.3" \
16369 -c "NamedGroup: secp256r1 ( 17 )" \
16370 -c "NamedGroup: x448 ( 1e )" \
16371 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16372 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16373 -c "received HelloRetryRequest message" \
16374 -c "selected_group ( 30 )"
16375
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16376requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16377requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16378requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16379requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16380requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16381requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16382requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16383requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16384run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe2048" \
16385 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16386 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe2048" \
16387 0 \
16388 -s "Protocol is TLSv1.3" \
16389 -s "got named group: ffdhe2048(0100)" \
16390 -s "Certificate verification was skipped" \
16391 -c "Protocol is TLSv1.3" \
16392 -c "NamedGroup: secp256r1 ( 17 )" \
16393 -c "NamedGroup: ffdhe2048 ( 100 )" \
16394 -c "Verifying peer X.509 certificate... ok" \
16395 -s "HRR selected_group: ffdhe2048" \
16396 -c "received HelloRetryRequest message" \
16397 -c "selected_group ( 256 )"
16398
16399requires_config_enabled MBEDTLS_SSL_SRV_C
16400requires_config_enabled MBEDTLS_DEBUG_C
16401requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16402requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16403requires_config_enabled MBEDTLS_SSL_CLI_C
16404requires_config_enabled MBEDTLS_DEBUG_C
16405requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16406requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16407run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe8192" \
16408 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16409 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe8192" \
16410 0 \
16411 -s "Protocol is TLSv1.3" \
16412 -s "got named group: ffdhe8192(0104)" \
16413 -s "Certificate verification was skipped" \
16414 -c "Protocol is TLSv1.3" \
16415 -c "NamedGroup: secp256r1 ( 17 )" \
16416 -c "NamedGroup: ffdhe8192 ( 104 )" \
16417 -c "Verifying peer X.509 certificate... ok" \
16418 -s "HRR selected_group: ffdhe8192" \
16419 -c "received HelloRetryRequest message" \
16420 -c "selected_group ( 260 )"
16421
16422requires_config_enabled MBEDTLS_SSL_SRV_C
16423requires_config_enabled MBEDTLS_DEBUG_C
16424requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16425requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16426requires_config_enabled MBEDTLS_SSL_CLI_C
16427requires_config_enabled MBEDTLS_DEBUG_C
16428requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16429requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16430run_test "TLS 1.3 m->m: HRR secp384r1 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16431 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16432 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16433 0 \
16434 -s "Protocol is TLSv1.3" \
16435 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16436 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16437 -c "Protocol is TLSv1.3" \
16438 -c "NamedGroup: secp384r1 ( 18 )" \
16439 -c "NamedGroup: secp256r1 ( 17 )" \
16440 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16441 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16442 -c "received HelloRetryRequest message" \
16443 -c "selected_group ( 23 )"
16444
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16445requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16446requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16447requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16448requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16449requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16450requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16451requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16452requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16453run_test "TLS 1.3 m->m: HRR secp384r1 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16454 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16455 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16456 0 \
16457 -s "Protocol is TLSv1.3" \
16458 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16459 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16460 -c "Protocol is TLSv1.3" \
16461 -c "NamedGroup: secp384r1 ( 18 )" \
16462 -c "NamedGroup: secp521r1 ( 19 )" \
16463 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16464 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16465 -c "received HelloRetryRequest message" \
16466 -c "selected_group ( 25 )"
16467
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16468requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16469requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16470requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16471requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16472requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16473requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16474requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16475requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16476run_test "TLS 1.3 m->m: HRR secp384r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16477 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16478 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16479 0 \
16480 -s "Protocol is TLSv1.3" \
16481 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16482 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16483 -c "Protocol is TLSv1.3" \
16484 -c "NamedGroup: secp384r1 ( 18 )" \
16485 -c "NamedGroup: x25519 ( 1d )" \
16486 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16487 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16488 -c "received HelloRetryRequest message" \
16489 -c "selected_group ( 29 )"
16490
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16491requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16492requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16493requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16494requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16495requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16496requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16497requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16498requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16499run_test "TLS 1.3 m->m: HRR secp384r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16500 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16501 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16502 0 \
16503 -s "Protocol is TLSv1.3" \
16504 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16505 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16506 -c "Protocol is TLSv1.3" \
16507 -c "NamedGroup: secp384r1 ( 18 )" \
16508 -c "NamedGroup: x448 ( 1e )" \
16509 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16510 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16511 -c "received HelloRetryRequest message" \
16512 -c "selected_group ( 30 )"
16513
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16514requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16515requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16516requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16517requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16518requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16519requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16520requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16521requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16522run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe2048" \
16523 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16524 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe2048" \
16525 0 \
16526 -s "Protocol is TLSv1.3" \
16527 -s "got named group: ffdhe2048(0100)" \
16528 -s "Certificate verification was skipped" \
16529 -c "Protocol is TLSv1.3" \
16530 -c "NamedGroup: secp384r1 ( 18 )" \
16531 -c "NamedGroup: ffdhe2048 ( 100 )" \
16532 -c "Verifying peer X.509 certificate... ok" \
16533 -s "HRR selected_group: ffdhe2048" \
16534 -c "received HelloRetryRequest message" \
16535 -c "selected_group ( 256 )"
16536
16537requires_config_enabled MBEDTLS_SSL_SRV_C
16538requires_config_enabled MBEDTLS_DEBUG_C
16539requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16540requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16541requires_config_enabled MBEDTLS_SSL_CLI_C
16542requires_config_enabled MBEDTLS_DEBUG_C
16543requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16544requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16545run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe8192" \
16546 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16547 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe8192" \
16548 0 \
16549 -s "Protocol is TLSv1.3" \
16550 -s "got named group: ffdhe8192(0104)" \
16551 -s "Certificate verification was skipped" \
16552 -c "Protocol is TLSv1.3" \
16553 -c "NamedGroup: secp384r1 ( 18 )" \
16554 -c "NamedGroup: ffdhe8192 ( 104 )" \
16555 -c "Verifying peer X.509 certificate... ok" \
16556 -s "HRR selected_group: ffdhe8192" \
16557 -c "received HelloRetryRequest message" \
16558 -c "selected_group ( 260 )"
16559
16560requires_config_enabled MBEDTLS_SSL_SRV_C
16561requires_config_enabled MBEDTLS_DEBUG_C
16562requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16563requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16564requires_config_enabled MBEDTLS_SSL_CLI_C
16565requires_config_enabled MBEDTLS_DEBUG_C
16566requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16567requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16568run_test "TLS 1.3 m->m: HRR secp521r1 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16569 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16570 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16571 0 \
16572 -s "Protocol is TLSv1.3" \
16573 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16574 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16575 -c "Protocol is TLSv1.3" \
16576 -c "NamedGroup: secp521r1 ( 19 )" \
16577 -c "NamedGroup: secp256r1 ( 17 )" \
16578 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16579 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16580 -c "received HelloRetryRequest message" \
16581 -c "selected_group ( 23 )"
16582
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16583requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16584requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16585requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16586requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16587requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16588requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16589requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16590requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16591run_test "TLS 1.3 m->m: HRR secp521r1 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16592 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16593 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16594 0 \
16595 -s "Protocol is TLSv1.3" \
16596 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16597 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16598 -c "Protocol is TLSv1.3" \
16599 -c "NamedGroup: secp521r1 ( 19 )" \
16600 -c "NamedGroup: secp384r1 ( 18 )" \
16601 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16602 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16603 -c "received HelloRetryRequest message" \
16604 -c "selected_group ( 24 )"
16605
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16606requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16607requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16608requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16609requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16610requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16611requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16612requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16613requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16614run_test "TLS 1.3 m->m: HRR secp521r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16615 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16616 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16617 0 \
16618 -s "Protocol is TLSv1.3" \
16619 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16620 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16621 -c "Protocol is TLSv1.3" \
16622 -c "NamedGroup: secp521r1 ( 19 )" \
16623 -c "NamedGroup: x25519 ( 1d )" \
16624 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16625 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16626 -c "received HelloRetryRequest message" \
16627 -c "selected_group ( 29 )"
16628
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16629requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16630requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16631requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16632requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16633requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16634requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16635requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16636requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16637run_test "TLS 1.3 m->m: HRR secp521r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16638 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16639 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16640 0 \
16641 -s "Protocol is TLSv1.3" \
16642 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16643 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16644 -c "Protocol is TLSv1.3" \
16645 -c "NamedGroup: secp521r1 ( 19 )" \
16646 -c "NamedGroup: x448 ( 1e )" \
16647 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16648 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16649 -c "received HelloRetryRequest message" \
16650 -c "selected_group ( 30 )"
16651
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16652requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16653requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16654requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16655requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16656requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16657requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16658requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16659requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16660run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe2048" \
16661 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16662 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe2048" \
16663 0 \
16664 -s "Protocol is TLSv1.3" \
16665 -s "got named group: ffdhe2048(0100)" \
16666 -s "Certificate verification was skipped" \
16667 -c "Protocol is TLSv1.3" \
16668 -c "NamedGroup: secp521r1 ( 19 )" \
16669 -c "NamedGroup: ffdhe2048 ( 100 )" \
16670 -c "Verifying peer X.509 certificate... ok" \
16671 -s "HRR selected_group: ffdhe2048" \
16672 -c "received HelloRetryRequest message" \
16673 -c "selected_group ( 256 )"
16674
16675requires_config_enabled MBEDTLS_SSL_SRV_C
16676requires_config_enabled MBEDTLS_DEBUG_C
16677requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16678requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16679requires_config_enabled MBEDTLS_SSL_CLI_C
16680requires_config_enabled MBEDTLS_DEBUG_C
16681requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16682requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16683run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe8192" \
16684 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16685 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe8192" \
16686 0 \
16687 -s "Protocol is TLSv1.3" \
16688 -s "got named group: ffdhe8192(0104)" \
16689 -s "Certificate verification was skipped" \
16690 -c "Protocol is TLSv1.3" \
16691 -c "NamedGroup: secp521r1 ( 19 )" \
16692 -c "NamedGroup: ffdhe8192 ( 104 )" \
16693 -c "Verifying peer X.509 certificate... ok" \
16694 -s "HRR selected_group: ffdhe8192" \
16695 -c "received HelloRetryRequest message" \
16696 -c "selected_group ( 260 )"
16697
16698requires_config_enabled MBEDTLS_SSL_SRV_C
16699requires_config_enabled MBEDTLS_DEBUG_C
16700requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16701requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16702requires_config_enabled MBEDTLS_SSL_CLI_C
16703requires_config_enabled MBEDTLS_DEBUG_C
16704requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16705requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16706run_test "TLS 1.3 m->m: HRR x25519 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16707 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16708 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16709 0 \
16710 -s "Protocol is TLSv1.3" \
16711 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16712 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16713 -c "Protocol is TLSv1.3" \
16714 -c "NamedGroup: x25519 ( 1d )" \
16715 -c "NamedGroup: secp256r1 ( 17 )" \
16716 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16717 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16718 -c "received HelloRetryRequest message" \
16719 -c "selected_group ( 23 )"
16720
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16721requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16722requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16723requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16724requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16725requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16726requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16727requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16728requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16729run_test "TLS 1.3 m->m: HRR x25519 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16730 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16731 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16732 0 \
16733 -s "Protocol is TLSv1.3" \
16734 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16735 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16736 -c "Protocol is TLSv1.3" \
16737 -c "NamedGroup: x25519 ( 1d )" \
16738 -c "NamedGroup: secp384r1 ( 18 )" \
16739 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16740 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16741 -c "received HelloRetryRequest message" \
16742 -c "selected_group ( 24 )"
16743
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16744requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16745requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16746requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16747requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16748requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16749requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16750requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16751requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16752run_test "TLS 1.3 m->m: HRR x25519 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16753 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16754 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16755 0 \
16756 -s "Protocol is TLSv1.3" \
16757 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16758 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16759 -c "Protocol is TLSv1.3" \
16760 -c "NamedGroup: x25519 ( 1d )" \
16761 -c "NamedGroup: secp521r1 ( 19 )" \
16762 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16763 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16764 -c "received HelloRetryRequest message" \
16765 -c "selected_group ( 25 )"
16766
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16767requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16768requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16769requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16770requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16771requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16772requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16773requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16774requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16775run_test "TLS 1.3 m->m: HRR x25519 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16776 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16777 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16778 0 \
16779 -s "Protocol is TLSv1.3" \
16780 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16781 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16782 -c "Protocol is TLSv1.3" \
16783 -c "NamedGroup: x25519 ( 1d )" \
16784 -c "NamedGroup: x448 ( 1e )" \
16785 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16786 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16787 -c "received HelloRetryRequest message" \
16788 -c "selected_group ( 30 )"
16789
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16790requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16791requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16792requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16793requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16794requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16795requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16796requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16797requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16798run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe2048" \
16799 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16800 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe2048" \
16801 0 \
16802 -s "Protocol is TLSv1.3" \
16803 -s "got named group: ffdhe2048(0100)" \
16804 -s "Certificate verification was skipped" \
16805 -c "Protocol is TLSv1.3" \
16806 -c "NamedGroup: x25519 ( 1d )" \
16807 -c "NamedGroup: ffdhe2048 ( 100 )" \
16808 -c "Verifying peer X.509 certificate... ok" \
16809 -s "HRR selected_group: ffdhe2048" \
16810 -c "received HelloRetryRequest message" \
16811 -c "selected_group ( 256 )"
16812
16813requires_config_enabled MBEDTLS_SSL_SRV_C
16814requires_config_enabled MBEDTLS_DEBUG_C
16815requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16816requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16817requires_config_enabled MBEDTLS_SSL_CLI_C
16818requires_config_enabled MBEDTLS_DEBUG_C
16819requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16820requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16821run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe8192" \
16822 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16823 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe8192" \
16824 0 \
16825 -s "Protocol is TLSv1.3" \
16826 -s "got named group: ffdhe8192(0104)" \
16827 -s "Certificate verification was skipped" \
16828 -c "Protocol is TLSv1.3" \
16829 -c "NamedGroup: x25519 ( 1d )" \
16830 -c "NamedGroup: ffdhe8192 ( 104 )" \
16831 -c "Verifying peer X.509 certificate... ok" \
16832 -s "HRR selected_group: ffdhe8192" \
16833 -c "received HelloRetryRequest message" \
16834 -c "selected_group ( 260 )"
16835
16836requires_config_enabled MBEDTLS_SSL_SRV_C
16837requires_config_enabled MBEDTLS_DEBUG_C
16838requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16839requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16840requires_config_enabled MBEDTLS_SSL_CLI_C
16841requires_config_enabled MBEDTLS_DEBUG_C
16842requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16843requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16844run_test "TLS 1.3 m->m: HRR x448 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16845 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16846 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16847 0 \
16848 -s "Protocol is TLSv1.3" \
16849 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16850 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16851 -c "Protocol is TLSv1.3" \
16852 -c "NamedGroup: x448 ( 1e )" \
16853 -c "NamedGroup: secp256r1 ( 17 )" \
16854 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16855 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16856 -c "received HelloRetryRequest message" \
16857 -c "selected_group ( 23 )"
16858
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16859requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16860requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16861requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16862requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16863requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16864requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16865requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16866requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16867run_test "TLS 1.3 m->m: HRR x448 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16868 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16869 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16870 0 \
16871 -s "Protocol is TLSv1.3" \
16872 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16873 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16874 -c "Protocol is TLSv1.3" \
16875 -c "NamedGroup: x448 ( 1e )" \
16876 -c "NamedGroup: secp384r1 ( 18 )" \
16877 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16878 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16879 -c "received HelloRetryRequest message" \
16880 -c "selected_group ( 24 )"
16881
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16882requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16883requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16885requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16886requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16887requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16888requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16889requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16890run_test "TLS 1.3 m->m: HRR x448 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16891 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16892 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16893 0 \
16894 -s "Protocol is TLSv1.3" \
16895 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16896 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16897 -c "Protocol is TLSv1.3" \
16898 -c "NamedGroup: x448 ( 1e )" \
16899 -c "NamedGroup: secp521r1 ( 19 )" \
16900 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16901 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16902 -c "received HelloRetryRequest message" \
16903 -c "selected_group ( 25 )"
16904
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16905requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16906requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16907requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16908requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16909requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16910requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16911requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16912requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16913run_test "TLS 1.3 m->m: HRR x448 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16914 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16915 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16916 0 \
16917 -s "Protocol is TLSv1.3" \
16918 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16919 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16920 -c "Protocol is TLSv1.3" \
16921 -c "NamedGroup: x448 ( 1e )" \
16922 -c "NamedGroup: x25519 ( 1d )" \
16923 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16924 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16925 -c "received HelloRetryRequest message" \
16926 -c "selected_group ( 29 )"
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16927
16928requires_config_enabled MBEDTLS_SSL_SRV_C
16929requires_config_enabled MBEDTLS_DEBUG_C
16930requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16931requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16932requires_config_enabled MBEDTLS_SSL_CLI_C
16933requires_config_enabled MBEDTLS_DEBUG_C
16934requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16935requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16936run_test "TLS 1.3 m->m: HRR x448 -> ffdhe2048" \
16937 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16938 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe2048" \
16939 0 \
16940 -s "Protocol is TLSv1.3" \
16941 -s "got named group: ffdhe2048(0100)" \
16942 -s "Certificate verification was skipped" \
16943 -c "Protocol is TLSv1.3" \
16944 -c "NamedGroup: x448 ( 1e )" \
16945 -c "NamedGroup: ffdhe2048 ( 100 )" \
16946 -c "Verifying peer X.509 certificate... ok" \
16947 -s "HRR selected_group: ffdhe2048" \
16948 -c "received HelloRetryRequest message" \
16949 -c "selected_group ( 256 )"
16950
16951requires_config_enabled MBEDTLS_SSL_SRV_C
16952requires_config_enabled MBEDTLS_DEBUG_C
16953requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16954requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16955requires_config_enabled MBEDTLS_SSL_CLI_C
16956requires_config_enabled MBEDTLS_DEBUG_C
16957requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16958requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16959run_test "TLS 1.3 m->m: HRR x448 -> ffdhe8192" \
16960 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16961 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe8192" \
16962 0 \
16963 -s "Protocol is TLSv1.3" \
16964 -s "got named group: ffdhe8192(0104)" \
16965 -s "Certificate verification was skipped" \
16966 -c "Protocol is TLSv1.3" \
16967 -c "NamedGroup: x448 ( 1e )" \
16968 -c "NamedGroup: ffdhe8192 ( 104 )" \
16969 -c "Verifying peer X.509 certificate... ok" \
16970 -s "HRR selected_group: ffdhe8192" \
16971 -c "received HelloRetryRequest message" \
16972 -c "selected_group ( 260 )"
16973
16974requires_config_enabled MBEDTLS_SSL_SRV_C
16975requires_config_enabled MBEDTLS_DEBUG_C
16976requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16977requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16978requires_config_enabled MBEDTLS_SSL_CLI_C
16979requires_config_enabled MBEDTLS_DEBUG_C
16980requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16981requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16982run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp256r1" \
16983 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16984 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp256r1" \
16985 0 \
16986 -s "Protocol is TLSv1.3" \
16987 -s "got named group: secp256r1(0017)" \
16988 -s "Certificate verification was skipped" \
16989 -c "Protocol is TLSv1.3" \
16990 -c "NamedGroup: ffdhe2048 ( 100 )" \
16991 -c "NamedGroup: secp256r1 ( 17 )" \
16992 -c "Verifying peer X.509 certificate... ok" \
16993 -s "HRR selected_group: secp256r1" \
16994 -c "received HelloRetryRequest message" \
16995 -c "selected_group ( 23 )"
16996
16997requires_config_enabled MBEDTLS_SSL_SRV_C
16998requires_config_enabled MBEDTLS_DEBUG_C
16999requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17000requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17001requires_config_enabled MBEDTLS_SSL_CLI_C
17002requires_config_enabled MBEDTLS_DEBUG_C
17003requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17004requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17005run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp384r1" \
17006 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17007 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp384r1" \
17008 0 \
17009 -s "Protocol is TLSv1.3" \
17010 -s "got named group: secp384r1(0018)" \
17011 -s "Certificate verification was skipped" \
17012 -c "Protocol is TLSv1.3" \
17013 -c "NamedGroup: ffdhe2048 ( 100 )" \
17014 -c "NamedGroup: secp384r1 ( 18 )" \
17015 -c "Verifying peer X.509 certificate... ok" \
17016 -s "HRR selected_group: secp384r1" \
17017 -c "received HelloRetryRequest message" \
17018 -c "selected_group ( 24 )"
17019
17020requires_config_enabled MBEDTLS_SSL_SRV_C
17021requires_config_enabled MBEDTLS_DEBUG_C
17022requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17023requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17024requires_config_enabled MBEDTLS_SSL_CLI_C
17025requires_config_enabled MBEDTLS_DEBUG_C
17026requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17027requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17028run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp521r1" \
17029 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17030 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp521r1" \
17031 0 \
17032 -s "Protocol is TLSv1.3" \
17033 -s "got named group: secp521r1(0019)" \
17034 -s "Certificate verification was skipped" \
17035 -c "Protocol is TLSv1.3" \
17036 -c "NamedGroup: ffdhe2048 ( 100 )" \
17037 -c "NamedGroup: secp521r1 ( 19 )" \
17038 -c "Verifying peer X.509 certificate... ok" \
17039 -s "HRR selected_group: secp521r1" \
17040 -c "received HelloRetryRequest message" \
17041 -c "selected_group ( 25 )"
17042
17043requires_config_enabled MBEDTLS_SSL_SRV_C
17044requires_config_enabled MBEDTLS_DEBUG_C
17045requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17046requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17047requires_config_enabled MBEDTLS_SSL_CLI_C
17048requires_config_enabled MBEDTLS_DEBUG_C
17049requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17050requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17051run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x25519" \
17052 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17053 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x25519" \
17054 0 \
17055 -s "Protocol is TLSv1.3" \
17056 -s "got named group: x25519(001d)" \
17057 -s "Certificate verification was skipped" \
17058 -c "Protocol is TLSv1.3" \
17059 -c "NamedGroup: ffdhe2048 ( 100 )" \
17060 -c "NamedGroup: x25519 ( 1d )" \
17061 -c "Verifying peer X.509 certificate... ok" \
17062 -s "HRR selected_group: x25519" \
17063 -c "received HelloRetryRequest message" \
17064 -c "selected_group ( 29 )"
17065
17066requires_config_enabled MBEDTLS_SSL_SRV_C
17067requires_config_enabled MBEDTLS_DEBUG_C
17068requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17069requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17070requires_config_enabled MBEDTLS_SSL_CLI_C
17071requires_config_enabled MBEDTLS_DEBUG_C
17072requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17073requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17074run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x448" \
17075 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17076 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x448" \
17077 0 \
17078 -s "Protocol is TLSv1.3" \
17079 -s "got named group: x448(001e)" \
17080 -s "Certificate verification was skipped" \
17081 -c "Protocol is TLSv1.3" \
17082 -c "NamedGroup: ffdhe2048 ( 100 )" \
17083 -c "NamedGroup: x448 ( 1e )" \
17084 -c "Verifying peer X.509 certificate... ok" \
17085 -s "HRR selected_group: x448" \
17086 -c "received HelloRetryRequest message" \
17087 -c "selected_group ( 30 )"
17088
17089requires_config_enabled MBEDTLS_SSL_SRV_C
17090requires_config_enabled MBEDTLS_DEBUG_C
17091requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17092requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17093requires_config_enabled MBEDTLS_SSL_CLI_C
17094requires_config_enabled MBEDTLS_DEBUG_C
17095requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17096requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17097run_test "TLS 1.3 m->m: HRR ffdhe2048 -> ffdhe8192" \
17098 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17099 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe8192" \
17100 0 \
17101 -s "Protocol is TLSv1.3" \
17102 -s "got named group: ffdhe8192(0104)" \
17103 -s "Certificate verification was skipped" \
17104 -c "Protocol is TLSv1.3" \
17105 -c "NamedGroup: ffdhe2048 ( 100 )" \
17106 -c "NamedGroup: ffdhe8192 ( 104 )" \
17107 -c "Verifying peer X.509 certificate... ok" \
17108 -s "HRR selected_group: ffdhe8192" \
17109 -c "received HelloRetryRequest message" \
17110 -c "selected_group ( 260 )"
17111
17112requires_config_enabled MBEDTLS_SSL_SRV_C
17113requires_config_enabled MBEDTLS_DEBUG_C
17114requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17115requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17116requires_config_enabled MBEDTLS_SSL_CLI_C
17117requires_config_enabled MBEDTLS_DEBUG_C
17118requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17119requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17120run_test "TLS 1.3 m->m: HRR ffdhe8192 -> secp256r1" \
17121 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17122 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp256r1" \
17123 0 \
17124 -s "Protocol is TLSv1.3" \
17125 -s "got named group: secp256r1(0017)" \
17126 -s "Certificate verification was skipped" \
17127 -c "Protocol is TLSv1.3" \
17128 -c "NamedGroup: ffdhe8192 ( 104 )" \
17129 -c "NamedGroup: secp256r1 ( 17 )" \
17130 -c "Verifying peer X.509 certificate... ok" \
17131 -s "HRR selected_group: secp256r1" \
17132 -c "received HelloRetryRequest message" \
17133 -c "selected_group ( 23 )"
17134
17135requires_config_enabled MBEDTLS_SSL_SRV_C
17136requires_config_enabled MBEDTLS_DEBUG_C
17137requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17138requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17139requires_config_enabled MBEDTLS_SSL_CLI_C
17140requires_config_enabled MBEDTLS_DEBUG_C
17141requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17142requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17143run_test "TLS 1.3 m->m: HRR ffdhe8192 -> secp384r1" \
17144 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17145 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp384r1" \
17146 0 \
17147 -s "Protocol is TLSv1.3" \
17148 -s "got named group: secp384r1(0018)" \
17149 -s "Certificate verification was skipped" \
17150 -c "Protocol is TLSv1.3" \
17151 -c "NamedGroup: ffdhe8192 ( 104 )" \
17152 -c "NamedGroup: secp384r1 ( 18 )" \
17153 -c "Verifying peer X.509 certificate... ok" \
17154 -s "HRR selected_group: secp384r1" \
17155 -c "received HelloRetryRequest message" \
17156 -c "selected_group ( 24 )"
17157
17158requires_config_enabled MBEDTLS_SSL_SRV_C
17159requires_config_enabled MBEDTLS_DEBUG_C
17160requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17161requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17162requires_config_enabled MBEDTLS_SSL_CLI_C
17163requires_config_enabled MBEDTLS_DEBUG_C
17164requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17165requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17166run_test "TLS 1.3 m->m: HRR ffdhe8192 -> secp521r1" \
17167 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17168 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp521r1" \
17169 0 \
17170 -s "Protocol is TLSv1.3" \
17171 -s "got named group: secp521r1(0019)" \
17172 -s "Certificate verification was skipped" \
17173 -c "Protocol is TLSv1.3" \
17174 -c "NamedGroup: ffdhe8192 ( 104 )" \
17175 -c "NamedGroup: secp521r1 ( 19 )" \
17176 -c "Verifying peer X.509 certificate... ok" \
17177 -s "HRR selected_group: secp521r1" \
17178 -c "received HelloRetryRequest message" \
17179 -c "selected_group ( 25 )"
17180
17181requires_config_enabled MBEDTLS_SSL_SRV_C
17182requires_config_enabled MBEDTLS_DEBUG_C
17183requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17184requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17185requires_config_enabled MBEDTLS_SSL_CLI_C
17186requires_config_enabled MBEDTLS_DEBUG_C
17187requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17188requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17189run_test "TLS 1.3 m->m: HRR ffdhe8192 -> x25519" \
17190 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17191 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x25519" \
17192 0 \
17193 -s "Protocol is TLSv1.3" \
17194 -s "got named group: x25519(001d)" \
17195 -s "Certificate verification was skipped" \
17196 -c "Protocol is TLSv1.3" \
17197 -c "NamedGroup: ffdhe8192 ( 104 )" \
17198 -c "NamedGroup: x25519 ( 1d )" \
17199 -c "Verifying peer X.509 certificate... ok" \
17200 -s "HRR selected_group: x25519" \
17201 -c "received HelloRetryRequest message" \
17202 -c "selected_group ( 29 )"
17203
17204requires_config_enabled MBEDTLS_SSL_SRV_C
17205requires_config_enabled MBEDTLS_DEBUG_C
17206requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17207requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17208requires_config_enabled MBEDTLS_SSL_CLI_C
17209requires_config_enabled MBEDTLS_DEBUG_C
17210requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17211requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17212run_test "TLS 1.3 m->m: HRR ffdhe8192 -> x448" \
17213 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17214 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x448" \
17215 0 \
17216 -s "Protocol is TLSv1.3" \
17217 -s "got named group: x448(001e)" \
17218 -s "Certificate verification was skipped" \
17219 -c "Protocol is TLSv1.3" \
17220 -c "NamedGroup: ffdhe8192 ( 104 )" \
17221 -c "NamedGroup: x448 ( 1e )" \
17222 -c "Verifying peer X.509 certificate... ok" \
17223 -s "HRR selected_group: x448" \
17224 -c "received HelloRetryRequest message" \
17225 -c "selected_group ( 30 )"
17226
17227requires_config_enabled MBEDTLS_SSL_SRV_C
17228requires_config_enabled MBEDTLS_DEBUG_C
17229requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17230requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17231requires_config_enabled MBEDTLS_SSL_CLI_C
17232requires_config_enabled MBEDTLS_DEBUG_C
17233requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17234requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17235run_test "TLS 1.3 m->m: HRR ffdhe8192 -> ffdhe2048" \
17236 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17237 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe2048" \
17238 0 \
17239 -s "Protocol is TLSv1.3" \
17240 -s "got named group: ffdhe2048(0100)" \
17241 -s "Certificate verification was skipped" \
17242 -c "Protocol is TLSv1.3" \
17243 -c "NamedGroup: ffdhe8192 ( 104 )" \
17244 -c "NamedGroup: ffdhe2048 ( 100 )" \
17245 -c "Verifying peer X.509 certificate... ok" \
17246 -s "HRR selected_group: ffdhe2048" \
17247 -c "received HelloRetryRequest message" \
17248 -c "selected_group ( 256 )"