TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 1f5c2ba4955d324ea2e4694afa97db1086cdd9a8 / . / tests / opt-testcases / tls13-compat.sh
blob: 6672dab6f2ce7e8553288be9e746bbca4c298ca6 [file] [log] [blame]
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1#!/bin/sh
2
3# tls13-compat.sh
4#
5# Copyright The Mbed TLS Contributors
6# SPDX-License-Identifier: Apache-2.0
7#
8# Licensed under the Apache License, Version 2.0 (the "License"); you may
9# not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17# See the License for the specific language governing permissions and
18# limitations under the License.
19#
20# Purpose
21#
22# List TLS1.3 compat test cases. They are generated by
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]23# `./tests/scripts/generate_tls13_compat_tests.py -a -o ./tests/opt-testcases/tls13-compat.sh`.
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]24#
25# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
26# AND REGENERATE THIS FILE.
27#
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]28requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]29requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]30requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]31requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]32requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]33requires_openssl_tls1_3
34run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]35 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]36 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]37 0 \
38 -s "Protocol is TLSv1.3" \
39 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
40 -s "received signature algorithm: 0x403" \
41 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]42 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]43 -C "received HelloRetryRequest message"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]44
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]45requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]46requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]47requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]48requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]49requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]50requires_openssl_tls1_3
51run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]52 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]53 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]54 0 \
55 -s "Protocol is TLSv1.3" \
56 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
57 -s "received signature algorithm: 0x503" \
58 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]59 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]60 -C "received HelloRetryRequest message"
61
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]62requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]63requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]64requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]65requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]66requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]67requires_openssl_tls1_3
68run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]69 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]70 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]71 0 \
72 -s "Protocol is TLSv1.3" \
73 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
74 -s "received signature algorithm: 0x603" \
75 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]76 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]77 -C "received HelloRetryRequest message"
78
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]79requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]80requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]81requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]82requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
83requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]84requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]85requires_openssl_tls1_3
86run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]87 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]88 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]89 0 \
90 -s "Protocol is TLSv1.3" \
91 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
92 -s "received signature algorithm: 0x804" \
93 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]94 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]95 -C "received HelloRetryRequest message"
96
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]97requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]98requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]99requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]100requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]101requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]102requires_openssl_tls1_3
103run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]104 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]105 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]106 0 \
107 -s "Protocol is TLSv1.3" \
108 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
109 -s "received signature algorithm: 0x403" \
110 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]111 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]112 -C "received HelloRetryRequest message"
113
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]114requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]115requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]116requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]117requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]118requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]119requires_openssl_tls1_3
120run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]121 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]122 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]123 0 \
124 -s "Protocol is TLSv1.3" \
125 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
126 -s "received signature algorithm: 0x503" \
127 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]128 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]129 -C "received HelloRetryRequest message"
130
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]131requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]132requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]133requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]134requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]135requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]136requires_openssl_tls1_3
137run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]138 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]139 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]140 0 \
141 -s "Protocol is TLSv1.3" \
142 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
143 -s "received signature algorithm: 0x603" \
144 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]145 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]146 -C "received HelloRetryRequest message"
147
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]148requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]149requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]150requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]151requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
152requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]153requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]154requires_openssl_tls1_3
155run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]156 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]157 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]158 0 \
159 -s "Protocol is TLSv1.3" \
160 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
161 -s "received signature algorithm: 0x804" \
162 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]163 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]164 -C "received HelloRetryRequest message"
165
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]166requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]167requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]168requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]169requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]170requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]171requires_openssl_tls1_3
172run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]173 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]174 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]175 0 \
176 -s "Protocol is TLSv1.3" \
177 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
178 -s "received signature algorithm: 0x403" \
179 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]180 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]181 -C "received HelloRetryRequest message"
182
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]183requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]184requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]185requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]186requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]187requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]188requires_openssl_tls1_3
189run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]190 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]191 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]192 0 \
193 -s "Protocol is TLSv1.3" \
194 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
195 -s "received signature algorithm: 0x503" \
196 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]197 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]198 -C "received HelloRetryRequest message"
199
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]200requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]201requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]202requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]203requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]204requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]205requires_openssl_tls1_3
206run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]207 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]208 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]209 0 \
210 -s "Protocol is TLSv1.3" \
211 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
212 -s "received signature algorithm: 0x603" \
213 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]214 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]215 -C "received HelloRetryRequest message"
216
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]217requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]218requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]219requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]220requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
221requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]222requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]223requires_openssl_tls1_3
224run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]225 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]226 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]227 0 \
228 -s "Protocol is TLSv1.3" \
229 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
230 -s "received signature algorithm: 0x804" \
231 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]232 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]233 -C "received HelloRetryRequest message"
234
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]235requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]236requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]237requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]238requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]239requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]240requires_openssl_tls1_3
241run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]242 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]243 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]244 0 \
245 -s "Protocol is TLSv1.3" \
246 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
247 -s "received signature algorithm: 0x403" \
248 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]249 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]250 -C "received HelloRetryRequest message"
251
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]252requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]253requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]254requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]255requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]256requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]257requires_openssl_tls1_3
258run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]259 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]260 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]261 0 \
262 -s "Protocol is TLSv1.3" \
263 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
264 -s "received signature algorithm: 0x503" \
265 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]266 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]267 -C "received HelloRetryRequest message"
268
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]269requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]270requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]271requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]272requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]273requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]274requires_openssl_tls1_3
275run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]276 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]277 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]278 0 \
279 -s "Protocol is TLSv1.3" \
280 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
281 -s "received signature algorithm: 0x603" \
282 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]283 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]284 -C "received HelloRetryRequest message"
285
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]286requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]287requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]288requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]289requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
290requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]291requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]292requires_openssl_tls1_3
293run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]294 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]295 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]296 0 \
297 -s "Protocol is TLSv1.3" \
298 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
299 -s "received signature algorithm: 0x804" \
300 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]301 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]302 -C "received HelloRetryRequest message"
303
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]304requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]305requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]306requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]307requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]308requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]309requires_openssl_tls1_3
310run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]311 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]312 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]313 0 \
314 -s "Protocol is TLSv1.3" \
315 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
316 -s "received signature algorithm: 0x403" \
317 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]318 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]319 -C "received HelloRetryRequest message"
320
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]321requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]322requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]323requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]324requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]325requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]326requires_openssl_tls1_3
327run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]328 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]329 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]330 0 \
331 -s "Protocol is TLSv1.3" \
332 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
333 -s "received signature algorithm: 0x503" \
334 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]335 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]336 -C "received HelloRetryRequest message"
337
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]338requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]339requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]340requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]341requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]342requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]343requires_openssl_tls1_3
344run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]345 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]346 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]347 0 \
348 -s "Protocol is TLSv1.3" \
349 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
350 -s "received signature algorithm: 0x603" \
351 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]352 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]353 -C "received HelloRetryRequest message"
354
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]355requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]356requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]357requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]358requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
359requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]360requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]361requires_openssl_tls1_3
362run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]363 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]364 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]365 0 \
366 -s "Protocol is TLSv1.3" \
367 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
368 -s "received signature algorithm: 0x804" \
369 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]370 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]371 -C "received HelloRetryRequest message"
372
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]373requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]374requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]375requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]376requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
377requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]378requires_openssl_3_x
379run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
380 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
381 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
382 0 \
383 -s "Protocol is TLSv1.3" \
384 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
385 -s "received signature algorithm: 0x403" \
386 -s "got named group: ffdhe2048(0100)" \
387 -s "Certificate verification was skipped" \
388 -C "received HelloRetryRequest message"
389
390requires_config_enabled MBEDTLS_SSL_SRV_C
391requires_config_enabled MBEDTLS_DEBUG_C
392requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
393requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
394requires_openssl_tls1_3
395requires_openssl_3_x
396run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
397 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
398 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
399 0 \
400 -s "Protocol is TLSv1.3" \
401 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
402 -s "received signature algorithm: 0x503" \
403 -s "got named group: ffdhe2048(0100)" \
404 -s "Certificate verification was skipped" \
405 -C "received HelloRetryRequest message"
406
407requires_config_enabled MBEDTLS_SSL_SRV_C
408requires_config_enabled MBEDTLS_DEBUG_C
409requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
410requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
411requires_openssl_tls1_3
412requires_openssl_3_x
413run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
414 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
415 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
416 0 \
417 -s "Protocol is TLSv1.3" \
418 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
419 -s "received signature algorithm: 0x603" \
420 -s "got named group: ffdhe2048(0100)" \
421 -s "Certificate verification was skipped" \
422 -C "received HelloRetryRequest message"
423
424requires_config_enabled MBEDTLS_SSL_SRV_C
425requires_config_enabled MBEDTLS_DEBUG_C
426requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
427requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
428requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
429requires_openssl_tls1_3
430requires_openssl_3_x
431run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
432 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
433 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
434 0 \
435 -s "Protocol is TLSv1.3" \
436 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
437 -s "received signature algorithm: 0x804" \
438 -s "got named group: ffdhe2048(0100)" \
439 -s "Certificate verification was skipped" \
440 -C "received HelloRetryRequest message"
441
442requires_config_enabled MBEDTLS_SSL_SRV_C
443requires_config_enabled MBEDTLS_DEBUG_C
444requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
445requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
446requires_openssl_tls1_3
447requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]448run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
449 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
450 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
451 0 \
452 -s "Protocol is TLSv1.3" \
453 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
454 -s "received signature algorithm: 0x403" \
455 -s "got named group: ffdhe8192(0104)" \
456 -s "Certificate verification was skipped" \
457 -C "received HelloRetryRequest message"
458
459requires_config_enabled MBEDTLS_SSL_SRV_C
460requires_config_enabled MBEDTLS_DEBUG_C
461requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
462requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
463requires_openssl_tls1_3
464requires_openssl_3_x
465run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
466 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
467 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
468 0 \
469 -s "Protocol is TLSv1.3" \
470 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
471 -s "received signature algorithm: 0x503" \
472 -s "got named group: ffdhe8192(0104)" \
473 -s "Certificate verification was skipped" \
474 -C "received HelloRetryRequest message"
475
476requires_config_enabled MBEDTLS_SSL_SRV_C
477requires_config_enabled MBEDTLS_DEBUG_C
478requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
479requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
480requires_openssl_tls1_3
481requires_openssl_3_x
482run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
483 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
484 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
485 0 \
486 -s "Protocol is TLSv1.3" \
487 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
488 -s "received signature algorithm: 0x603" \
489 -s "got named group: ffdhe8192(0104)" \
490 -s "Certificate verification was skipped" \
491 -C "received HelloRetryRequest message"
492
493requires_config_enabled MBEDTLS_SSL_SRV_C
494requires_config_enabled MBEDTLS_DEBUG_C
495requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
496requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
497requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
498requires_openssl_tls1_3
499requires_openssl_3_x
500run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
501 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
502 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
503 0 \
504 -s "Protocol is TLSv1.3" \
505 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
506 -s "received signature algorithm: 0x804" \
507 -s "got named group: ffdhe8192(0104)" \
508 -s "Certificate verification was skipped" \
509 -C "received HelloRetryRequest message"
510
511requires_config_enabled MBEDTLS_SSL_SRV_C
512requires_config_enabled MBEDTLS_DEBUG_C
513requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
514requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]515requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]516requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]517run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]518 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]519 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]520 0 \
521 -s "Protocol is TLSv1.3" \
522 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
523 -s "received signature algorithm: 0x403" \
524 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]525 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]526 -C "received HelloRetryRequest message"
527
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]528requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]529requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]530requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]531requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]532requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]533requires_openssl_tls1_3
534run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]535 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]536 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]537 0 \
538 -s "Protocol is TLSv1.3" \
539 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
540 -s "received signature algorithm: 0x503" \
541 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]542 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]543 -C "received HelloRetryRequest message"
544
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]545requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]546requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]547requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]548requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]549requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]550requires_openssl_tls1_3
551run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]552 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]553 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]554 0 \
555 -s "Protocol is TLSv1.3" \
556 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
557 -s "received signature algorithm: 0x603" \
558 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]559 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]560 -C "received HelloRetryRequest message"
561
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]562requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]563requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]564requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]565requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
566requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]567requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]568requires_openssl_tls1_3
569run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]570 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]571 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]572 0 \
573 -s "Protocol is TLSv1.3" \
574 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
575 -s "received signature algorithm: 0x804" \
576 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]577 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]578 -C "received HelloRetryRequest message"
579
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]580requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]581requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]582requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]583requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]584requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]585requires_openssl_tls1_3
586run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]587 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]588 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]589 0 \
590 -s "Protocol is TLSv1.3" \
591 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
592 -s "received signature algorithm: 0x403" \
593 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]594 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]595 -C "received HelloRetryRequest message"
596
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]597requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]598requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]599requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]600requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]601requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]602requires_openssl_tls1_3
603run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]604 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]605 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]606 0 \
607 -s "Protocol is TLSv1.3" \
608 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
609 -s "received signature algorithm: 0x503" \
610 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]611 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]612 -C "received HelloRetryRequest message"
613
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]614requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]615requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]616requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]617requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]618requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]619requires_openssl_tls1_3
620run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]621 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]622 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]623 0 \
624 -s "Protocol is TLSv1.3" \
625 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
626 -s "received signature algorithm: 0x603" \
627 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]628 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]629 -C "received HelloRetryRequest message"
630
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]631requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]632requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]633requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]634requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
635requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]636requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]637requires_openssl_tls1_3
638run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]639 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]640 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]641 0 \
642 -s "Protocol is TLSv1.3" \
643 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
644 -s "received signature algorithm: 0x804" \
645 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]646 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]647 -C "received HelloRetryRequest message"
648
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]649requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]650requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]651requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]652requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]653requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]654requires_openssl_tls1_3
655run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]656 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]657 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]658 0 \
659 -s "Protocol is TLSv1.3" \
660 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
661 -s "received signature algorithm: 0x403" \
662 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]663 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]664 -C "received HelloRetryRequest message"
665
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]666requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]667requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]668requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]669requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]670requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]671requires_openssl_tls1_3
672run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]673 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]674 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]675 0 \
676 -s "Protocol is TLSv1.3" \
677 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
678 -s "received signature algorithm: 0x503" \
679 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]680 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]681 -C "received HelloRetryRequest message"
682
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]683requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]684requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]685requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]686requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]687requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]688requires_openssl_tls1_3
689run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]690 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]691 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]692 0 \
693 -s "Protocol is TLSv1.3" \
694 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
695 -s "received signature algorithm: 0x603" \
696 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]697 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]698 -C "received HelloRetryRequest message"
699
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]700requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]701requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]702requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]703requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
704requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]705requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]706requires_openssl_tls1_3
707run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]708 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]709 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]710 0 \
711 -s "Protocol is TLSv1.3" \
712 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
713 -s "received signature algorithm: 0x804" \
714 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]715 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]716 -C "received HelloRetryRequest message"
717
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]718requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]719requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]720requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]721requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]722requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]723requires_openssl_tls1_3
724run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]725 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]726 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]727 0 \
728 -s "Protocol is TLSv1.3" \
729 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
730 -s "received signature algorithm: 0x403" \
731 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]732 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]733 -C "received HelloRetryRequest message"
734
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]735requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]736requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]737requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]738requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]739requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]740requires_openssl_tls1_3
741run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]742 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]743 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]744 0 \
745 -s "Protocol is TLSv1.3" \
746 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
747 -s "received signature algorithm: 0x503" \
748 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]749 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]750 -C "received HelloRetryRequest message"
751
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]752requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]753requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]754requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]755requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]756requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]757requires_openssl_tls1_3
758run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]759 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]760 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]761 0 \
762 -s "Protocol is TLSv1.3" \
763 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
764 -s "received signature algorithm: 0x603" \
765 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]766 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]767 -C "received HelloRetryRequest message"
768
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]769requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]770requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]771requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]772requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
773requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]774requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]775requires_openssl_tls1_3
776run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]777 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]778 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]779 0 \
780 -s "Protocol is TLSv1.3" \
781 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
782 -s "received signature algorithm: 0x804" \
783 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]784 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]785 -C "received HelloRetryRequest message"
786
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]787requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]788requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]789requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]790requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]791requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]792requires_openssl_tls1_3
793run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]794 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]795 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]796 0 \
797 -s "Protocol is TLSv1.3" \
798 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
799 -s "received signature algorithm: 0x403" \
800 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]801 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]802 -C "received HelloRetryRequest message"
803
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]804requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]805requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]806requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]807requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]808requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]809requires_openssl_tls1_3
810run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]811 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]812 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]813 0 \
814 -s "Protocol is TLSv1.3" \
815 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
816 -s "received signature algorithm: 0x503" \
817 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]818 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]819 -C "received HelloRetryRequest message"
820
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]821requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]822requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]823requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]824requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]825requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]826requires_openssl_tls1_3
827run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]828 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]829 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]830 0 \
831 -s "Protocol is TLSv1.3" \
832 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
833 -s "received signature algorithm: 0x603" \
834 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]835 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]836 -C "received HelloRetryRequest message"
837
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]838requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]839requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]840requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]841requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
842requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]843requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]844requires_openssl_tls1_3
845run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]846 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]847 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]848 0 \
849 -s "Protocol is TLSv1.3" \
850 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
851 -s "received signature algorithm: 0x804" \
852 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]853 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]854 -C "received HelloRetryRequest message"
855
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]856requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]857requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]858requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]859requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
860requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]861requires_openssl_3_x
862run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
863 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
864 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
865 0 \
866 -s "Protocol is TLSv1.3" \
867 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
868 -s "received signature algorithm: 0x403" \
869 -s "got named group: ffdhe2048(0100)" \
870 -s "Certificate verification was skipped" \
871 -C "received HelloRetryRequest message"
872
873requires_config_enabled MBEDTLS_SSL_SRV_C
874requires_config_enabled MBEDTLS_DEBUG_C
875requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
876requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
877requires_openssl_tls1_3
878requires_openssl_3_x
879run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
880 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
881 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
882 0 \
883 -s "Protocol is TLSv1.3" \
884 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
885 -s "received signature algorithm: 0x503" \
886 -s "got named group: ffdhe2048(0100)" \
887 -s "Certificate verification was skipped" \
888 -C "received HelloRetryRequest message"
889
890requires_config_enabled MBEDTLS_SSL_SRV_C
891requires_config_enabled MBEDTLS_DEBUG_C
892requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
893requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
894requires_openssl_tls1_3
895requires_openssl_3_x
896run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
897 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
898 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
899 0 \
900 -s "Protocol is TLSv1.3" \
901 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
902 -s "received signature algorithm: 0x603" \
903 -s "got named group: ffdhe2048(0100)" \
904 -s "Certificate verification was skipped" \
905 -C "received HelloRetryRequest message"
906
907requires_config_enabled MBEDTLS_SSL_SRV_C
908requires_config_enabled MBEDTLS_DEBUG_C
909requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
910requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
911requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
912requires_openssl_tls1_3
913requires_openssl_3_x
914run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
915 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
916 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
917 0 \
918 -s "Protocol is TLSv1.3" \
919 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
920 -s "received signature algorithm: 0x804" \
921 -s "got named group: ffdhe2048(0100)" \
922 -s "Certificate verification was skipped" \
923 -C "received HelloRetryRequest message"
924
925requires_config_enabled MBEDTLS_SSL_SRV_C
926requires_config_enabled MBEDTLS_DEBUG_C
927requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
928requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
929requires_openssl_tls1_3
930requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]931run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
932 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
933 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
934 0 \
935 -s "Protocol is TLSv1.3" \
936 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
937 -s "received signature algorithm: 0x403" \
938 -s "got named group: ffdhe8192(0104)" \
939 -s "Certificate verification was skipped" \
940 -C "received HelloRetryRequest message"
941
942requires_config_enabled MBEDTLS_SSL_SRV_C
943requires_config_enabled MBEDTLS_DEBUG_C
944requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
945requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
946requires_openssl_tls1_3
947requires_openssl_3_x
948run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
949 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
950 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
951 0 \
952 -s "Protocol is TLSv1.3" \
953 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
954 -s "received signature algorithm: 0x503" \
955 -s "got named group: ffdhe8192(0104)" \
956 -s "Certificate verification was skipped" \
957 -C "received HelloRetryRequest message"
958
959requires_config_enabled MBEDTLS_SSL_SRV_C
960requires_config_enabled MBEDTLS_DEBUG_C
961requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
962requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
963requires_openssl_tls1_3
964requires_openssl_3_x
965run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
966 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
967 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
968 0 \
969 -s "Protocol is TLSv1.3" \
970 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
971 -s "received signature algorithm: 0x603" \
972 -s "got named group: ffdhe8192(0104)" \
973 -s "Certificate verification was skipped" \
974 -C "received HelloRetryRequest message"
975
976requires_config_enabled MBEDTLS_SSL_SRV_C
977requires_config_enabled MBEDTLS_DEBUG_C
978requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
979requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
980requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
981requires_openssl_tls1_3
982requires_openssl_3_x
983run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
984 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
985 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
986 0 \
987 -s "Protocol is TLSv1.3" \
988 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
989 -s "received signature algorithm: 0x804" \
990 -s "got named group: ffdhe8192(0104)" \
991 -s "Certificate verification was skipped" \
992 -C "received HelloRetryRequest message"
993
994requires_config_enabled MBEDTLS_SSL_SRV_C
995requires_config_enabled MBEDTLS_DEBUG_C
996requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
997requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]998requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]999requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1000run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1001 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1002 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1003 0 \
1004 -s "Protocol is TLSv1.3" \
1005 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1006 -s "received signature algorithm: 0x403" \
1007 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1008 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1009 -C "received HelloRetryRequest message"
1010
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1011requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1012requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1013requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1014requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1015requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1016requires_openssl_tls1_3
1017run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1018 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1019 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1020 0 \
1021 -s "Protocol is TLSv1.3" \
1022 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1023 -s "received signature algorithm: 0x503" \
1024 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1025 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1026 -C "received HelloRetryRequest message"
1027
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1028requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1029requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1030requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1031requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1032requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1033requires_openssl_tls1_3
1034run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1035 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1036 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1037 0 \
1038 -s "Protocol is TLSv1.3" \
1039 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1040 -s "received signature algorithm: 0x603" \
1041 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1042 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1043 -C "received HelloRetryRequest message"
1044
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1045requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1046requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1047requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1048requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1049requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1050requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1051requires_openssl_tls1_3
1052run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1053 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1054 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1055 0 \
1056 -s "Protocol is TLSv1.3" \
1057 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1058 -s "received signature algorithm: 0x804" \
1059 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1060 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1061 -C "received HelloRetryRequest message"
1062
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1063requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1064requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1065requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1066requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1067requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1068requires_openssl_tls1_3
1069run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1070 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1071 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1072 0 \
1073 -s "Protocol is TLSv1.3" \
1074 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1075 -s "received signature algorithm: 0x403" \
1076 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1077 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1078 -C "received HelloRetryRequest message"
1079
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1080requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1081requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1082requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1083requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1084requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1085requires_openssl_tls1_3
1086run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1087 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1088 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1089 0 \
1090 -s "Protocol is TLSv1.3" \
1091 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1092 -s "received signature algorithm: 0x503" \
1093 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1094 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1095 -C "received HelloRetryRequest message"
1096
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1097requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1098requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1099requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1100requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1101requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1102requires_openssl_tls1_3
1103run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1104 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1105 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1106 0 \
1107 -s "Protocol is TLSv1.3" \
1108 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1109 -s "received signature algorithm: 0x603" \
1110 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1111 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1112 -C "received HelloRetryRequest message"
1113
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1114requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1115requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1116requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1117requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1118requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1119requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1120requires_openssl_tls1_3
1121run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1122 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1123 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1124 0 \
1125 -s "Protocol is TLSv1.3" \
1126 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1127 -s "received signature algorithm: 0x804" \
1128 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1129 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1130 -C "received HelloRetryRequest message"
1131
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1132requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1133requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1134requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1135requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1136requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1137requires_openssl_tls1_3
1138run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1139 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1140 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1141 0 \
1142 -s "Protocol is TLSv1.3" \
1143 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1144 -s "received signature algorithm: 0x403" \
1145 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1146 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1147 -C "received HelloRetryRequest message"
1148
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1149requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1150requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1151requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1152requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1153requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1154requires_openssl_tls1_3
1155run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1156 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1157 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1158 0 \
1159 -s "Protocol is TLSv1.3" \
1160 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1161 -s "received signature algorithm: 0x503" \
1162 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1163 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1164 -C "received HelloRetryRequest message"
1165
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1166requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1167requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1168requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1169requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1170requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1171requires_openssl_tls1_3
1172run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1173 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1174 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1175 0 \
1176 -s "Protocol is TLSv1.3" \
1177 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1178 -s "received signature algorithm: 0x603" \
1179 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1180 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1181 -C "received HelloRetryRequest message"
1182
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1183requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1184requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1185requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1186requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1187requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1188requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1189requires_openssl_tls1_3
1190run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1191 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1192 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1193 0 \
1194 -s "Protocol is TLSv1.3" \
1195 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1196 -s "received signature algorithm: 0x804" \
1197 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1198 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1199 -C "received HelloRetryRequest message"
1200
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1201requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1202requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1203requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1204requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1205requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1206requires_openssl_tls1_3
1207run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1208 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1209 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1210 0 \
1211 -s "Protocol is TLSv1.3" \
1212 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1213 -s "received signature algorithm: 0x403" \
1214 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1215 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1216 -C "received HelloRetryRequest message"
1217
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1218requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1219requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1220requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1221requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1222requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1223requires_openssl_tls1_3
1224run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1225 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1226 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1227 0 \
1228 -s "Protocol is TLSv1.3" \
1229 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1230 -s "received signature algorithm: 0x503" \
1231 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1232 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1233 -C "received HelloRetryRequest message"
1234
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1235requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1236requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1237requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1238requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1239requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1240requires_openssl_tls1_3
1241run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1242 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1243 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1244 0 \
1245 -s "Protocol is TLSv1.3" \
1246 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1247 -s "received signature algorithm: 0x603" \
1248 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1249 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1250 -C "received HelloRetryRequest message"
1251
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1252requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1253requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1254requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1255requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1256requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1257requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1258requires_openssl_tls1_3
1259run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1260 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1261 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1262 0 \
1263 -s "Protocol is TLSv1.3" \
1264 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1265 -s "received signature algorithm: 0x804" \
1266 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1267 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1268 -C "received HelloRetryRequest message"
1269
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1270requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1271requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1272requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1273requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1274requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1275requires_openssl_tls1_3
1276run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1277 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1278 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1279 0 \
1280 -s "Protocol is TLSv1.3" \
1281 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1282 -s "received signature algorithm: 0x403" \
1283 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1284 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1285 -C "received HelloRetryRequest message"
1286
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1287requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1288requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1289requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1290requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1291requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1292requires_openssl_tls1_3
1293run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1294 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1295 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1296 0 \
1297 -s "Protocol is TLSv1.3" \
1298 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1299 -s "received signature algorithm: 0x503" \
1300 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1301 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1302 -C "received HelloRetryRequest message"
1303
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1304requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1305requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1306requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1307requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1308requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1309requires_openssl_tls1_3
1310run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1311 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1312 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1313 0 \
1314 -s "Protocol is TLSv1.3" \
1315 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1316 -s "received signature algorithm: 0x603" \
1317 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1318 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1319 -C "received HelloRetryRequest message"
1320
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1321requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1322requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1323requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1324requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1325requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1326requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1327requires_openssl_tls1_3
1328run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1329 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1330 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1331 0 \
1332 -s "Protocol is TLSv1.3" \
1333 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1334 -s "received signature algorithm: 0x804" \
1335 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1336 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1337 -C "received HelloRetryRequest message"
1338
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1339requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1340requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1341requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1342requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1343requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1344requires_openssl_3_x
1345run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
1346 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1347 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
1348 0 \
1349 -s "Protocol is TLSv1.3" \
1350 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1351 -s "received signature algorithm: 0x403" \
1352 -s "got named group: ffdhe2048(0100)" \
1353 -s "Certificate verification was skipped" \
1354 -C "received HelloRetryRequest message"
1355
1356requires_config_enabled MBEDTLS_SSL_SRV_C
1357requires_config_enabled MBEDTLS_DEBUG_C
1358requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1359requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1360requires_openssl_tls1_3
1361requires_openssl_3_x
1362run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
1363 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1364 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
1365 0 \
1366 -s "Protocol is TLSv1.3" \
1367 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1368 -s "received signature algorithm: 0x503" \
1369 -s "got named group: ffdhe2048(0100)" \
1370 -s "Certificate verification was skipped" \
1371 -C "received HelloRetryRequest message"
1372
1373requires_config_enabled MBEDTLS_SSL_SRV_C
1374requires_config_enabled MBEDTLS_DEBUG_C
1375requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1376requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1377requires_openssl_tls1_3
1378requires_openssl_3_x
1379run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
1380 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1381 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
1382 0 \
1383 -s "Protocol is TLSv1.3" \
1384 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1385 -s "received signature algorithm: 0x603" \
1386 -s "got named group: ffdhe2048(0100)" \
1387 -s "Certificate verification was skipped" \
1388 -C "received HelloRetryRequest message"
1389
1390requires_config_enabled MBEDTLS_SSL_SRV_C
1391requires_config_enabled MBEDTLS_DEBUG_C
1392requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1393requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1394requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1395requires_openssl_tls1_3
1396requires_openssl_3_x
1397run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
1398 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1399 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
1400 0 \
1401 -s "Protocol is TLSv1.3" \
1402 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1403 -s "received signature algorithm: 0x804" \
1404 -s "got named group: ffdhe2048(0100)" \
1405 -s "Certificate verification was skipped" \
1406 -C "received HelloRetryRequest message"
1407
1408requires_config_enabled MBEDTLS_SSL_SRV_C
1409requires_config_enabled MBEDTLS_DEBUG_C
1410requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1411requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1412requires_openssl_tls1_3
1413requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1414run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
1415 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1416 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
1417 0 \
1418 -s "Protocol is TLSv1.3" \
1419 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1420 -s "received signature algorithm: 0x403" \
1421 -s "got named group: ffdhe8192(0104)" \
1422 -s "Certificate verification was skipped" \
1423 -C "received HelloRetryRequest message"
1424
1425requires_config_enabled MBEDTLS_SSL_SRV_C
1426requires_config_enabled MBEDTLS_DEBUG_C
1427requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1428requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1429requires_openssl_tls1_3
1430requires_openssl_3_x
1431run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
1432 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1433 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
1434 0 \
1435 -s "Protocol is TLSv1.3" \
1436 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1437 -s "received signature algorithm: 0x503" \
1438 -s "got named group: ffdhe8192(0104)" \
1439 -s "Certificate verification was skipped" \
1440 -C "received HelloRetryRequest message"
1441
1442requires_config_enabled MBEDTLS_SSL_SRV_C
1443requires_config_enabled MBEDTLS_DEBUG_C
1444requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1445requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1446requires_openssl_tls1_3
1447requires_openssl_3_x
1448run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
1449 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1450 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
1451 0 \
1452 -s "Protocol is TLSv1.3" \
1453 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1454 -s "received signature algorithm: 0x603" \
1455 -s "got named group: ffdhe8192(0104)" \
1456 -s "Certificate verification was skipped" \
1457 -C "received HelloRetryRequest message"
1458
1459requires_config_enabled MBEDTLS_SSL_SRV_C
1460requires_config_enabled MBEDTLS_DEBUG_C
1461requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1462requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1463requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1464requires_openssl_tls1_3
1465requires_openssl_3_x
1466run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
1467 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1468 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
1469 0 \
1470 -s "Protocol is TLSv1.3" \
1471 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1472 -s "received signature algorithm: 0x804" \
1473 -s "got named group: ffdhe8192(0104)" \
1474 -s "Certificate verification was skipped" \
1475 -C "received HelloRetryRequest message"
1476
1477requires_config_enabled MBEDTLS_SSL_SRV_C
1478requires_config_enabled MBEDTLS_DEBUG_C
1479requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1480requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1481requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1482requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1483run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1484 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1485 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1486 0 \
1487 -s "Protocol is TLSv1.3" \
1488 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1489 -s "received signature algorithm: 0x403" \
1490 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1491 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1492 -C "received HelloRetryRequest message"
1493
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1494requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1495requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1496requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1497requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1498requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1499requires_openssl_tls1_3
1500run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1501 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1502 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1503 0 \
1504 -s "Protocol is TLSv1.3" \
1505 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1506 -s "received signature algorithm: 0x503" \
1507 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1508 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1509 -C "received HelloRetryRequest message"
1510
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1511requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1512requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1513requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1514requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1515requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1516requires_openssl_tls1_3
1517run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1518 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1519 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1520 0 \
1521 -s "Protocol is TLSv1.3" \
1522 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1523 -s "received signature algorithm: 0x603" \
1524 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1525 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1526 -C "received HelloRetryRequest message"
1527
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1528requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1529requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1530requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1531requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1532requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1533requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1534requires_openssl_tls1_3
1535run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1536 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1537 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1538 0 \
1539 -s "Protocol is TLSv1.3" \
1540 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1541 -s "received signature algorithm: 0x804" \
1542 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1543 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1544 -C "received HelloRetryRequest message"
1545
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1546requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1547requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1548requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1549requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1550requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1551requires_openssl_tls1_3
1552run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1553 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1554 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1555 0 \
1556 -s "Protocol is TLSv1.3" \
1557 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1558 -s "received signature algorithm: 0x403" \
1559 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1560 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1561 -C "received HelloRetryRequest message"
1562
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1563requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1564requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1565requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1566requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1567requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1568requires_openssl_tls1_3
1569run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1570 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1571 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1572 0 \
1573 -s "Protocol is TLSv1.3" \
1574 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1575 -s "received signature algorithm: 0x503" \
1576 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1577 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1578 -C "received HelloRetryRequest message"
1579
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1580requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1581requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1582requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1583requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1584requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1585requires_openssl_tls1_3
1586run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1587 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1588 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1589 0 \
1590 -s "Protocol is TLSv1.3" \
1591 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1592 -s "received signature algorithm: 0x603" \
1593 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1594 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1595 -C "received HelloRetryRequest message"
1596
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1597requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1598requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1599requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1600requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1601requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1602requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1603requires_openssl_tls1_3
1604run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1605 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1606 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1607 0 \
1608 -s "Protocol is TLSv1.3" \
1609 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1610 -s "received signature algorithm: 0x804" \
1611 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1612 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1613 -C "received HelloRetryRequest message"
1614
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1615requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1616requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1617requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1618requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1619requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1620requires_openssl_tls1_3
1621run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1622 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1623 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1624 0 \
1625 -s "Protocol is TLSv1.3" \
1626 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1627 -s "received signature algorithm: 0x403" \
1628 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1629 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1630 -C "received HelloRetryRequest message"
1631
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1632requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1633requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1634requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1635requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1636requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1637requires_openssl_tls1_3
1638run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1639 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1640 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1641 0 \
1642 -s "Protocol is TLSv1.3" \
1643 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1644 -s "received signature algorithm: 0x503" \
1645 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1646 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1647 -C "received HelloRetryRequest message"
1648
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1649requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1650requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1651requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1652requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1653requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1654requires_openssl_tls1_3
1655run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1656 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1657 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1658 0 \
1659 -s "Protocol is TLSv1.3" \
1660 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1661 -s "received signature algorithm: 0x603" \
1662 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1663 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1664 -C "received HelloRetryRequest message"
1665
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1666requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1667requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1668requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1669requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1670requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1671requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1672requires_openssl_tls1_3
1673run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1674 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1675 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1676 0 \
1677 -s "Protocol is TLSv1.3" \
1678 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1679 -s "received signature algorithm: 0x804" \
1680 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1681 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1682 -C "received HelloRetryRequest message"
1683
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1684requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1685requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1686requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1687requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1688requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1689requires_openssl_tls1_3
1690run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1691 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1692 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1693 0 \
1694 -s "Protocol is TLSv1.3" \
1695 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1696 -s "received signature algorithm: 0x403" \
1697 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1698 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1699 -C "received HelloRetryRequest message"
1700
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1701requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1702requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1703requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1704requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1705requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1706requires_openssl_tls1_3
1707run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1708 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1709 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1710 0 \
1711 -s "Protocol is TLSv1.3" \
1712 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1713 -s "received signature algorithm: 0x503" \
1714 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1715 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1716 -C "received HelloRetryRequest message"
1717
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1718requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1719requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1720requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1721requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1722requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1723requires_openssl_tls1_3
1724run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1725 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1726 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1727 0 \
1728 -s "Protocol is TLSv1.3" \
1729 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1730 -s "received signature algorithm: 0x603" \
1731 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1732 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1733 -C "received HelloRetryRequest message"
1734
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1735requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1736requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1737requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1738requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1739requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1740requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1741requires_openssl_tls1_3
1742run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1743 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1744 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1745 0 \
1746 -s "Protocol is TLSv1.3" \
1747 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1748 -s "received signature algorithm: 0x804" \
1749 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1750 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1751 -C "received HelloRetryRequest message"
1752
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1753requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1754requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1755requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1756requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1757requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1758requires_openssl_tls1_3
1759run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1760 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1761 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1762 0 \
1763 -s "Protocol is TLSv1.3" \
1764 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1765 -s "received signature algorithm: 0x403" \
1766 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1767 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1768 -C "received HelloRetryRequest message"
1769
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1770requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1771requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1772requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1773requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1774requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1775requires_openssl_tls1_3
1776run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1777 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1778 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1779 0 \
1780 -s "Protocol is TLSv1.3" \
1781 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1782 -s "received signature algorithm: 0x503" \
1783 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1784 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1785 -C "received HelloRetryRequest message"
1786
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1787requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1788requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1789requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1790requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1791requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1792requires_openssl_tls1_3
1793run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1794 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1795 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1796 0 \
1797 -s "Protocol is TLSv1.3" \
1798 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1799 -s "received signature algorithm: 0x603" \
1800 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1801 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1802 -C "received HelloRetryRequest message"
1803
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1804requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1805requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1806requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1807requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1808requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1809requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1810requires_openssl_tls1_3
1811run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1812 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1813 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1814 0 \
1815 -s "Protocol is TLSv1.3" \
1816 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1817 -s "received signature algorithm: 0x804" \
1818 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1819 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1820 -C "received HelloRetryRequest message"
1821
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1822requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1823requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1824requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1825requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1826requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1827requires_openssl_3_x
1828run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
1829 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1830 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
1831 0 \
1832 -s "Protocol is TLSv1.3" \
1833 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1834 -s "received signature algorithm: 0x403" \
1835 -s "got named group: ffdhe2048(0100)" \
1836 -s "Certificate verification was skipped" \
1837 -C "received HelloRetryRequest message"
1838
1839requires_config_enabled MBEDTLS_SSL_SRV_C
1840requires_config_enabled MBEDTLS_DEBUG_C
1841requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1842requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1843requires_openssl_tls1_3
1844requires_openssl_3_x
1845run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
1846 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1847 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
1848 0 \
1849 -s "Protocol is TLSv1.3" \
1850 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1851 -s "received signature algorithm: 0x503" \
1852 -s "got named group: ffdhe2048(0100)" \
1853 -s "Certificate verification was skipped" \
1854 -C "received HelloRetryRequest message"
1855
1856requires_config_enabled MBEDTLS_SSL_SRV_C
1857requires_config_enabled MBEDTLS_DEBUG_C
1858requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1859requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1860requires_openssl_tls1_3
1861requires_openssl_3_x
1862run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
1863 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1864 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
1865 0 \
1866 -s "Protocol is TLSv1.3" \
1867 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1868 -s "received signature algorithm: 0x603" \
1869 -s "got named group: ffdhe2048(0100)" \
1870 -s "Certificate verification was skipped" \
1871 -C "received HelloRetryRequest message"
1872
1873requires_config_enabled MBEDTLS_SSL_SRV_C
1874requires_config_enabled MBEDTLS_DEBUG_C
1875requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1876requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1877requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1878requires_openssl_tls1_3
1879requires_openssl_3_x
1880run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
1881 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1882 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
1883 0 \
1884 -s "Protocol is TLSv1.3" \
1885 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1886 -s "received signature algorithm: 0x804" \
1887 -s "got named group: ffdhe2048(0100)" \
1888 -s "Certificate verification was skipped" \
1889 -C "received HelloRetryRequest message"
1890
1891requires_config_enabled MBEDTLS_SSL_SRV_C
1892requires_config_enabled MBEDTLS_DEBUG_C
1893requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1894requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1895requires_openssl_tls1_3
1896requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1897run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
1898 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1899 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
1900 0 \
1901 -s "Protocol is TLSv1.3" \
1902 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1903 -s "received signature algorithm: 0x403" \
1904 -s "got named group: ffdhe8192(0104)" \
1905 -s "Certificate verification was skipped" \
1906 -C "received HelloRetryRequest message"
1907
1908requires_config_enabled MBEDTLS_SSL_SRV_C
1909requires_config_enabled MBEDTLS_DEBUG_C
1910requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1911requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1912requires_openssl_tls1_3
1913requires_openssl_3_x
1914run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
1915 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1916 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
1917 0 \
1918 -s "Protocol is TLSv1.3" \
1919 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1920 -s "received signature algorithm: 0x503" \
1921 -s "got named group: ffdhe8192(0104)" \
1922 -s "Certificate verification was skipped" \
1923 -C "received HelloRetryRequest message"
1924
1925requires_config_enabled MBEDTLS_SSL_SRV_C
1926requires_config_enabled MBEDTLS_DEBUG_C
1927requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1928requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1929requires_openssl_tls1_3
1930requires_openssl_3_x
1931run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
1932 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1933 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
1934 0 \
1935 -s "Protocol is TLSv1.3" \
1936 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1937 -s "received signature algorithm: 0x603" \
1938 -s "got named group: ffdhe8192(0104)" \
1939 -s "Certificate verification was skipped" \
1940 -C "received HelloRetryRequest message"
1941
1942requires_config_enabled MBEDTLS_SSL_SRV_C
1943requires_config_enabled MBEDTLS_DEBUG_C
1944requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1945requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1946requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1947requires_openssl_tls1_3
1948requires_openssl_3_x
1949run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
1950 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1951 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
1952 0 \
1953 -s "Protocol is TLSv1.3" \
1954 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1955 -s "received signature algorithm: 0x804" \
1956 -s "got named group: ffdhe8192(0104)" \
1957 -s "Certificate verification was skipped" \
1958 -C "received HelloRetryRequest message"
1959
1960requires_config_enabled MBEDTLS_SSL_SRV_C
1961requires_config_enabled MBEDTLS_DEBUG_C
1962requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1963requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1964requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1965requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1966run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1967 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1968 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1969 0 \
1970 -s "Protocol is TLSv1.3" \
1971 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1972 -s "received signature algorithm: 0x403" \
1973 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1974 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1975 -C "received HelloRetryRequest message"
1976
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1977requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1978requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1979requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1980requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1981requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1982requires_openssl_tls1_3
1983run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1984 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1985 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1986 0 \
1987 -s "Protocol is TLSv1.3" \
1988 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1989 -s "received signature algorithm: 0x503" \
1990 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1991 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1992 -C "received HelloRetryRequest message"
1993
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1994requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1995requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1996requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1997requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]1998requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1999requires_openssl_tls1_3
2000run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2001 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2002 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2003 0 \
2004 -s "Protocol is TLSv1.3" \
2005 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2006 -s "received signature algorithm: 0x603" \
2007 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2008 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2009 -C "received HelloRetryRequest message"
2010
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2011requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2012requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2013requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2014requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2015requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2016requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2017requires_openssl_tls1_3
2018run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2019 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2020 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2021 0 \
2022 -s "Protocol is TLSv1.3" \
2023 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2024 -s "received signature algorithm: 0x804" \
2025 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2026 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2027 -C "received HelloRetryRequest message"
2028
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2029requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2030requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2031requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2032requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2033requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2034requires_openssl_tls1_3
2035run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2036 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2037 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2038 0 \
2039 -s "Protocol is TLSv1.3" \
2040 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2041 -s "received signature algorithm: 0x403" \
2042 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2043 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2044 -C "received HelloRetryRequest message"
2045
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2046requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2047requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2048requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2049requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2050requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2051requires_openssl_tls1_3
2052run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2053 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2054 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2055 0 \
2056 -s "Protocol is TLSv1.3" \
2057 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2058 -s "received signature algorithm: 0x503" \
2059 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2060 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2061 -C "received HelloRetryRequest message"
2062
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2063requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2064requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2065requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2066requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2067requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2068requires_openssl_tls1_3
2069run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2070 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2071 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2072 0 \
2073 -s "Protocol is TLSv1.3" \
2074 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2075 -s "received signature algorithm: 0x603" \
2076 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2077 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2078 -C "received HelloRetryRequest message"
2079
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2080requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2081requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2082requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2083requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2084requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2085requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2086requires_openssl_tls1_3
2087run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2088 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2089 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2090 0 \
2091 -s "Protocol is TLSv1.3" \
2092 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2093 -s "received signature algorithm: 0x804" \
2094 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2095 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2096 -C "received HelloRetryRequest message"
2097
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2098requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2099requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2100requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2101requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2102requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2103requires_openssl_tls1_3
2104run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2105 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2106 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2107 0 \
2108 -s "Protocol is TLSv1.3" \
2109 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2110 -s "received signature algorithm: 0x403" \
2111 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2112 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2113 -C "received HelloRetryRequest message"
2114
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2115requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2116requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2117requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2118requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2119requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2120requires_openssl_tls1_3
2121run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2122 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2123 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2124 0 \
2125 -s "Protocol is TLSv1.3" \
2126 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2127 -s "received signature algorithm: 0x503" \
2128 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2129 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2130 -C "received HelloRetryRequest message"
2131
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2132requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2133requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2134requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2135requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2136requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2137requires_openssl_tls1_3
2138run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2139 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2140 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2141 0 \
2142 -s "Protocol is TLSv1.3" \
2143 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2144 -s "received signature algorithm: 0x603" \
2145 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2146 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2147 -C "received HelloRetryRequest message"
2148
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2149requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2150requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2151requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2152requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2153requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2154requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2155requires_openssl_tls1_3
2156run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2157 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2158 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2159 0 \
2160 -s "Protocol is TLSv1.3" \
2161 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2162 -s "received signature algorithm: 0x804" \
2163 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2164 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2165 -C "received HelloRetryRequest message"
2166
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2167requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2168requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2169requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2170requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2171requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2172requires_openssl_tls1_3
2173run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2174 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2175 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2176 0 \
2177 -s "Protocol is TLSv1.3" \
2178 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2179 -s "received signature algorithm: 0x403" \
2180 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2181 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2182 -C "received HelloRetryRequest message"
2183
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2184requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2185requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2186requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2187requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2188requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2189requires_openssl_tls1_3
2190run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2191 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2192 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2193 0 \
2194 -s "Protocol is TLSv1.3" \
2195 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2196 -s "received signature algorithm: 0x503" \
2197 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2198 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2199 -C "received HelloRetryRequest message"
2200
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2201requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2202requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2203requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2204requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2205requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2206requires_openssl_tls1_3
2207run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2208 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2209 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2210 0 \
2211 -s "Protocol is TLSv1.3" \
2212 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2213 -s "received signature algorithm: 0x603" \
2214 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2215 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2216 -C "received HelloRetryRequest message"
2217
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2218requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2219requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2220requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2221requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2222requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2223requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2224requires_openssl_tls1_3
2225run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2226 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2227 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2228 0 \
2229 -s "Protocol is TLSv1.3" \
2230 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2231 -s "received signature algorithm: 0x804" \
2232 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2233 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2234 -C "received HelloRetryRequest message"
2235
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2236requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2237requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2238requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2239requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2240requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2241requires_openssl_tls1_3
2242run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2243 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2244 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2245 0 \
2246 -s "Protocol is TLSv1.3" \
2247 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2248 -s "received signature algorithm: 0x403" \
2249 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2250 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2251 -C "received HelloRetryRequest message"
2252
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2253requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2254requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2255requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2256requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2257requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2258requires_openssl_tls1_3
2259run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2260 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2261 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2262 0 \
2263 -s "Protocol is TLSv1.3" \
2264 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2265 -s "received signature algorithm: 0x503" \
2266 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2267 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2268 -C "received HelloRetryRequest message"
2269
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2270requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2271requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2272requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2273requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2274requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2275requires_openssl_tls1_3
2276run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2277 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2278 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2279 0 \
2280 -s "Protocol is TLSv1.3" \
2281 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2282 -s "received signature algorithm: 0x603" \
2283 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2284 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2285 -C "received HelloRetryRequest message"
2286
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2287requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2288requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2289requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2290requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2291requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2292requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2293requires_openssl_tls1_3
2294run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2295 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2296 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2297 0 \
2298 -s "Protocol is TLSv1.3" \
2299 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2300 -s "received signature algorithm: 0x804" \
2301 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2302 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2303 -C "received HelloRetryRequest message"
2304
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2305requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2306requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2307requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2308requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2309requires_openssl_tls1_3
2310requires_openssl_3_x
2311run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
2312 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2313 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
2314 0 \
2315 -s "Protocol is TLSv1.3" \
2316 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2317 -s "received signature algorithm: 0x403" \
2318 -s "got named group: ffdhe2048(0100)" \
2319 -s "Certificate verification was skipped" \
2320 -C "received HelloRetryRequest message"
2321
2322requires_config_enabled MBEDTLS_SSL_SRV_C
2323requires_config_enabled MBEDTLS_DEBUG_C
2324requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2325requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2326requires_openssl_tls1_3
2327requires_openssl_3_x
2328run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
2329 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2330 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
2331 0 \
2332 -s "Protocol is TLSv1.3" \
2333 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2334 -s "received signature algorithm: 0x503" \
2335 -s "got named group: ffdhe2048(0100)" \
2336 -s "Certificate verification was skipped" \
2337 -C "received HelloRetryRequest message"
2338
2339requires_config_enabled MBEDTLS_SSL_SRV_C
2340requires_config_enabled MBEDTLS_DEBUG_C
2341requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2342requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2343requires_openssl_tls1_3
2344requires_openssl_3_x
2345run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
2346 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2347 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
2348 0 \
2349 -s "Protocol is TLSv1.3" \
2350 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2351 -s "received signature algorithm: 0x603" \
2352 -s "got named group: ffdhe2048(0100)" \
2353 -s "Certificate verification was skipped" \
2354 -C "received HelloRetryRequest message"
2355
2356requires_config_enabled MBEDTLS_SSL_SRV_C
2357requires_config_enabled MBEDTLS_DEBUG_C
2358requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2359requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2360requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2361requires_openssl_tls1_3
2362requires_openssl_3_x
2363run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
2364 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2365 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
2366 0 \
2367 -s "Protocol is TLSv1.3" \
2368 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2369 -s "received signature algorithm: 0x804" \
2370 -s "got named group: ffdhe2048(0100)" \
2371 -s "Certificate verification was skipped" \
2372 -C "received HelloRetryRequest message"
2373
2374requires_config_enabled MBEDTLS_SSL_SRV_C
2375requires_config_enabled MBEDTLS_DEBUG_C
2376requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2377requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2378requires_openssl_tls1_3
2379requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2380run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
2381 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2382 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
2383 0 \
2384 -s "Protocol is TLSv1.3" \
2385 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2386 -s "received signature algorithm: 0x403" \
2387 -s "got named group: ffdhe8192(0104)" \
2388 -s "Certificate verification was skipped" \
2389 -C "received HelloRetryRequest message"
2390
2391requires_config_enabled MBEDTLS_SSL_SRV_C
2392requires_config_enabled MBEDTLS_DEBUG_C
2393requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2394requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2395requires_openssl_tls1_3
2396requires_openssl_3_x
2397run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
2398 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2399 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
2400 0 \
2401 -s "Protocol is TLSv1.3" \
2402 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2403 -s "received signature algorithm: 0x503" \
2404 -s "got named group: ffdhe8192(0104)" \
2405 -s "Certificate verification was skipped" \
2406 -C "received HelloRetryRequest message"
2407
2408requires_config_enabled MBEDTLS_SSL_SRV_C
2409requires_config_enabled MBEDTLS_DEBUG_C
2410requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2411requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2412requires_openssl_tls1_3
2413requires_openssl_3_x
2414run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
2415 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2416 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
2417 0 \
2418 -s "Protocol is TLSv1.3" \
2419 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2420 -s "received signature algorithm: 0x603" \
2421 -s "got named group: ffdhe8192(0104)" \
2422 -s "Certificate verification was skipped" \
2423 -C "received HelloRetryRequest message"
2424
2425requires_config_enabled MBEDTLS_SSL_SRV_C
2426requires_config_enabled MBEDTLS_DEBUG_C
2427requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2428requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2429requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2430requires_openssl_tls1_3
2431requires_openssl_3_x
2432run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
2433 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2434 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
2435 0 \
2436 -s "Protocol is TLSv1.3" \
2437 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2438 -s "received signature algorithm: 0x804" \
2439 -s "got named group: ffdhe8192(0104)" \
2440 -s "Certificate verification was skipped" \
2441 -C "received HelloRetryRequest message"
2442
2443requires_config_enabled MBEDTLS_SSL_SRV_C
2444requires_config_enabled MBEDTLS_DEBUG_C
2445requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2446requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2447requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2448requires_gnutls_tls1_3
2449requires_gnutls_next_no_ticket
2450requires_gnutls_next_disable_tls13_compat
2451run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2452 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2453 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2454 0 \
2455 -s "Protocol is TLSv1.3" \
2456 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2457 -s "received signature algorithm: 0x403" \
2458 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2459 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2460 -C "received HelloRetryRequest message"
2461
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2462requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2463requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2464requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2465requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2466requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2467requires_gnutls_tls1_3
2468requires_gnutls_next_no_ticket
2469requires_gnutls_next_disable_tls13_compat
2470run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2471 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2472 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2473 0 \
2474 -s "Protocol is TLSv1.3" \
2475 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2476 -s "received signature algorithm: 0x503" \
2477 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2478 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2479 -C "received HelloRetryRequest message"
2480
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2481requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2482requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2483requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2484requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2485requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2486requires_gnutls_tls1_3
2487requires_gnutls_next_no_ticket
2488requires_gnutls_next_disable_tls13_compat
2489run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2490 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2491 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2492 0 \
2493 -s "Protocol is TLSv1.3" \
2494 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2495 -s "received signature algorithm: 0x603" \
2496 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2497 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2498 -C "received HelloRetryRequest message"
2499
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2500requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2501requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2502requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2503requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2504requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2505requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2506requires_gnutls_tls1_3
2507requires_gnutls_next_no_ticket
2508requires_gnutls_next_disable_tls13_compat
2509run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2510 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2511 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2512 0 \
2513 -s "Protocol is TLSv1.3" \
2514 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2515 -s "received signature algorithm: 0x804" \
2516 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2517 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2518 -C "received HelloRetryRequest message"
2519
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2520requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2521requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2522requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2523requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2524requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2525requires_gnutls_tls1_3
2526requires_gnutls_next_no_ticket
2527requires_gnutls_next_disable_tls13_compat
2528run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2529 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2530 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2531 0 \
2532 -s "Protocol is TLSv1.3" \
2533 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2534 -s "received signature algorithm: 0x403" \
2535 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2536 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2537 -C "received HelloRetryRequest message"
2538
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2539requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2540requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2541requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2542requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2543requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2544requires_gnutls_tls1_3
2545requires_gnutls_next_no_ticket
2546requires_gnutls_next_disable_tls13_compat
2547run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2548 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2549 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2550 0 \
2551 -s "Protocol is TLSv1.3" \
2552 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2553 -s "received signature algorithm: 0x503" \
2554 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2555 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2556 -C "received HelloRetryRequest message"
2557
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2558requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2559requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2560requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2561requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2562requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2563requires_gnutls_tls1_3
2564requires_gnutls_next_no_ticket
2565requires_gnutls_next_disable_tls13_compat
2566run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2567 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2568 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2569 0 \
2570 -s "Protocol is TLSv1.3" \
2571 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2572 -s "received signature algorithm: 0x603" \
2573 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2574 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2575 -C "received HelloRetryRequest message"
2576
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2577requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2578requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2579requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2580requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2581requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2582requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2583requires_gnutls_tls1_3
2584requires_gnutls_next_no_ticket
2585requires_gnutls_next_disable_tls13_compat
2586run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2587 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2588 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2589 0 \
2590 -s "Protocol is TLSv1.3" \
2591 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2592 -s "received signature algorithm: 0x804" \
2593 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2594 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2595 -C "received HelloRetryRequest message"
2596
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2597requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2598requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2599requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2600requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2601requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2602requires_gnutls_tls1_3
2603requires_gnutls_next_no_ticket
2604requires_gnutls_next_disable_tls13_compat
2605run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2606 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2607 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2608 0 \
2609 -s "Protocol is TLSv1.3" \
2610 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2611 -s "received signature algorithm: 0x403" \
2612 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2613 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2614 -C "received HelloRetryRequest message"
2615
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2616requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2617requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2618requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2619requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2620requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2621requires_gnutls_tls1_3
2622requires_gnutls_next_no_ticket
2623requires_gnutls_next_disable_tls13_compat
2624run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2625 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2626 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2627 0 \
2628 -s "Protocol is TLSv1.3" \
2629 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2630 -s "received signature algorithm: 0x503" \
2631 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2632 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2633 -C "received HelloRetryRequest message"
2634
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2635requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2636requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2637requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2638requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2639requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2640requires_gnutls_tls1_3
2641requires_gnutls_next_no_ticket
2642requires_gnutls_next_disable_tls13_compat
2643run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2644 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2645 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2646 0 \
2647 -s "Protocol is TLSv1.3" \
2648 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2649 -s "received signature algorithm: 0x603" \
2650 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2651 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2652 -C "received HelloRetryRequest message"
2653
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2654requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2655requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2656requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2657requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2658requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2659requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2660requires_gnutls_tls1_3
2661requires_gnutls_next_no_ticket
2662requires_gnutls_next_disable_tls13_compat
2663run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2664 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2665 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2666 0 \
2667 -s "Protocol is TLSv1.3" \
2668 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2669 -s "received signature algorithm: 0x804" \
2670 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2671 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2672 -C "received HelloRetryRequest message"
2673
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2674requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2675requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2676requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2677requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2678requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2679requires_gnutls_tls1_3
2680requires_gnutls_next_no_ticket
2681requires_gnutls_next_disable_tls13_compat
2682run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2683 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2684 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2685 0 \
2686 -s "Protocol is TLSv1.3" \
2687 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2688 -s "received signature algorithm: 0x403" \
2689 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2690 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2691 -C "received HelloRetryRequest message"
2692
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2693requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2694requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2695requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2696requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2697requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2698requires_gnutls_tls1_3
2699requires_gnutls_next_no_ticket
2700requires_gnutls_next_disable_tls13_compat
2701run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2702 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2703 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2704 0 \
2705 -s "Protocol is TLSv1.3" \
2706 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2707 -s "received signature algorithm: 0x503" \
2708 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2709 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2710 -C "received HelloRetryRequest message"
2711
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2712requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2713requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2714requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2715requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2716requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2717requires_gnutls_tls1_3
2718requires_gnutls_next_no_ticket
2719requires_gnutls_next_disable_tls13_compat
2720run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2721 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2722 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2723 0 \
2724 -s "Protocol is TLSv1.3" \
2725 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2726 -s "received signature algorithm: 0x603" \
2727 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2728 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2729 -C "received HelloRetryRequest message"
2730
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2731requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2732requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2733requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2734requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2735requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2736requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2737requires_gnutls_tls1_3
2738requires_gnutls_next_no_ticket
2739requires_gnutls_next_disable_tls13_compat
2740run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2741 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2742 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2743 0 \
2744 -s "Protocol is TLSv1.3" \
2745 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2746 -s "received signature algorithm: 0x804" \
2747 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2748 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2749 -C "received HelloRetryRequest message"
2750
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2751requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2752requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2753requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2754requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2755requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2756requires_gnutls_tls1_3
2757requires_gnutls_next_no_ticket
2758requires_gnutls_next_disable_tls13_compat
2759run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2760 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2761 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2762 0 \
2763 -s "Protocol is TLSv1.3" \
2764 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2765 -s "received signature algorithm: 0x403" \
2766 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2767 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2768 -C "received HelloRetryRequest message"
2769
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2770requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2771requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2772requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2773requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2774requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2775requires_gnutls_tls1_3
2776requires_gnutls_next_no_ticket
2777requires_gnutls_next_disable_tls13_compat
2778run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2779 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2780 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2781 0 \
2782 -s "Protocol is TLSv1.3" \
2783 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2784 -s "received signature algorithm: 0x503" \
2785 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2786 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2787 -C "received HelloRetryRequest message"
2788
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2789requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2790requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2791requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2792requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2793requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2794requires_gnutls_tls1_3
2795requires_gnutls_next_no_ticket
2796requires_gnutls_next_disable_tls13_compat
2797run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2798 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2799 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2800 0 \
2801 -s "Protocol is TLSv1.3" \
2802 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2803 -s "received signature algorithm: 0x603" \
2804 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2805 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2806 -C "received HelloRetryRequest message"
2807
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2808requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2809requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2810requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2811requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2812requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2813requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2814requires_gnutls_tls1_3
2815requires_gnutls_next_no_ticket
2816requires_gnutls_next_disable_tls13_compat
2817run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2818 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2819 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2820 0 \
2821 -s "Protocol is TLSv1.3" \
2822 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2823 -s "received signature algorithm: 0x804" \
2824 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2825 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2826 -C "received HelloRetryRequest message"
2827
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2828requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2829requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2830requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2831requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2832requires_gnutls_tls1_3
2833requires_gnutls_next_no_ticket
2834requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2835run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
2836 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2837 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
2838 0 \
2839 -s "Protocol is TLSv1.3" \
2840 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2841 -s "received signature algorithm: 0x403" \
2842 -s "got named group: ffdhe2048(0100)" \
2843 -s "Certificate verification was skipped" \
2844 -C "received HelloRetryRequest message"
2845
2846requires_config_enabled MBEDTLS_SSL_SRV_C
2847requires_config_enabled MBEDTLS_DEBUG_C
2848requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2849requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2850requires_gnutls_tls1_3
2851requires_gnutls_next_no_ticket
2852requires_gnutls_next_disable_tls13_compat
2853run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
2854 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2855 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
2856 0 \
2857 -s "Protocol is TLSv1.3" \
2858 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2859 -s "received signature algorithm: 0x503" \
2860 -s "got named group: ffdhe2048(0100)" \
2861 -s "Certificate verification was skipped" \
2862 -C "received HelloRetryRequest message"
2863
2864requires_config_enabled MBEDTLS_SSL_SRV_C
2865requires_config_enabled MBEDTLS_DEBUG_C
2866requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2867requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2868requires_gnutls_tls1_3
2869requires_gnutls_next_no_ticket
2870requires_gnutls_next_disable_tls13_compat
2871run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
2872 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2873 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
2874 0 \
2875 -s "Protocol is TLSv1.3" \
2876 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2877 -s "received signature algorithm: 0x603" \
2878 -s "got named group: ffdhe2048(0100)" \
2879 -s "Certificate verification was skipped" \
2880 -C "received HelloRetryRequest message"
2881
2882requires_config_enabled MBEDTLS_SSL_SRV_C
2883requires_config_enabled MBEDTLS_DEBUG_C
2884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2885requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2886requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2887requires_gnutls_tls1_3
2888requires_gnutls_next_no_ticket
2889requires_gnutls_next_disable_tls13_compat
2890run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
2891 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2892 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
2893 0 \
2894 -s "Protocol is TLSv1.3" \
2895 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2896 -s "received signature algorithm: 0x804" \
2897 -s "got named group: ffdhe2048(0100)" \
2898 -s "Certificate verification was skipped" \
2899 -C "received HelloRetryRequest message"
2900
2901requires_config_enabled MBEDTLS_SSL_SRV_C
2902requires_config_enabled MBEDTLS_DEBUG_C
2903requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2904requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2905requires_gnutls_tls1_3
2906requires_gnutls_next_no_ticket
2907requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2908run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
2909 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2910 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
2911 0 \
2912 -s "Protocol is TLSv1.3" \
2913 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2914 -s "received signature algorithm: 0x403" \
2915 -s "got named group: ffdhe8192(0104)" \
2916 -s "Certificate verification was skipped" \
2917 -C "received HelloRetryRequest message"
2918
2919requires_config_enabled MBEDTLS_SSL_SRV_C
2920requires_config_enabled MBEDTLS_DEBUG_C
2921requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2922requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2923requires_gnutls_tls1_3
2924requires_gnutls_next_no_ticket
2925requires_gnutls_next_disable_tls13_compat
2926run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
2927 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2928 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
2929 0 \
2930 -s "Protocol is TLSv1.3" \
2931 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2932 -s "received signature algorithm: 0x503" \
2933 -s "got named group: ffdhe8192(0104)" \
2934 -s "Certificate verification was skipped" \
2935 -C "received HelloRetryRequest message"
2936
2937requires_config_enabled MBEDTLS_SSL_SRV_C
2938requires_config_enabled MBEDTLS_DEBUG_C
2939requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2940requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2941requires_gnutls_tls1_3
2942requires_gnutls_next_no_ticket
2943requires_gnutls_next_disable_tls13_compat
2944run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
2945 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2946 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
2947 0 \
2948 -s "Protocol is TLSv1.3" \
2949 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2950 -s "received signature algorithm: 0x603" \
2951 -s "got named group: ffdhe8192(0104)" \
2952 -s "Certificate verification was skipped" \
2953 -C "received HelloRetryRequest message"
2954
2955requires_config_enabled MBEDTLS_SSL_SRV_C
2956requires_config_enabled MBEDTLS_DEBUG_C
2957requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2958requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2959requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2960requires_gnutls_tls1_3
2961requires_gnutls_next_no_ticket
2962requires_gnutls_next_disable_tls13_compat
2963run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
2964 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2965 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
2966 0 \
2967 -s "Protocol is TLSv1.3" \
2968 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2969 -s "received signature algorithm: 0x804" \
2970 -s "got named group: ffdhe8192(0104)" \
2971 -s "Certificate verification was skipped" \
2972 -C "received HelloRetryRequest message"
2973
2974requires_config_enabled MBEDTLS_SSL_SRV_C
2975requires_config_enabled MBEDTLS_DEBUG_C
2976requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2977requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2978requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2979requires_gnutls_tls1_3
2980requires_gnutls_next_no_ticket
2981requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2982run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2983 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2984 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2985 0 \
2986 -s "Protocol is TLSv1.3" \
2987 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2988 -s "received signature algorithm: 0x403" \
2989 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2990 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2991 -C "received HelloRetryRequest message"
2992
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2993requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2994requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2995requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2996requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]2997requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2998requires_gnutls_tls1_3
2999requires_gnutls_next_no_ticket
3000requires_gnutls_next_disable_tls13_compat
3001run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3002 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3003 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3004 0 \
3005 -s "Protocol is TLSv1.3" \
3006 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3007 -s "received signature algorithm: 0x503" \
3008 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3009 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3010 -C "received HelloRetryRequest message"
3011
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3012requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3013requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3014requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3015requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3016requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3017requires_gnutls_tls1_3
3018requires_gnutls_next_no_ticket
3019requires_gnutls_next_disable_tls13_compat
3020run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3021 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3022 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3023 0 \
3024 -s "Protocol is TLSv1.3" \
3025 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3026 -s "received signature algorithm: 0x603" \
3027 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3028 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3029 -C "received HelloRetryRequest message"
3030
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3031requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3032requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3033requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3034requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3035requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3036requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3037requires_gnutls_tls1_3
3038requires_gnutls_next_no_ticket
3039requires_gnutls_next_disable_tls13_compat
3040run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3041 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3042 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3043 0 \
3044 -s "Protocol is TLSv1.3" \
3045 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3046 -s "received signature algorithm: 0x804" \
3047 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3048 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3049 -C "received HelloRetryRequest message"
3050
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3051requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3052requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3053requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3054requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3055requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3056requires_gnutls_tls1_3
3057requires_gnutls_next_no_ticket
3058requires_gnutls_next_disable_tls13_compat
3059run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3060 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3061 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3062 0 \
3063 -s "Protocol is TLSv1.3" \
3064 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3065 -s "received signature algorithm: 0x403" \
3066 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3067 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3068 -C "received HelloRetryRequest message"
3069
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3070requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3071requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3072requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3073requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3074requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3075requires_gnutls_tls1_3
3076requires_gnutls_next_no_ticket
3077requires_gnutls_next_disable_tls13_compat
3078run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3079 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3080 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3081 0 \
3082 -s "Protocol is TLSv1.3" \
3083 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3084 -s "received signature algorithm: 0x503" \
3085 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3086 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3087 -C "received HelloRetryRequest message"
3088
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3089requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3090requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3091requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3092requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3093requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3094requires_gnutls_tls1_3
3095requires_gnutls_next_no_ticket
3096requires_gnutls_next_disable_tls13_compat
3097run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3098 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3099 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3100 0 \
3101 -s "Protocol is TLSv1.3" \
3102 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3103 -s "received signature algorithm: 0x603" \
3104 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3105 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3106 -C "received HelloRetryRequest message"
3107
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3108requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3109requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3110requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3111requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3112requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3113requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3114requires_gnutls_tls1_3
3115requires_gnutls_next_no_ticket
3116requires_gnutls_next_disable_tls13_compat
3117run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3118 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3119 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3120 0 \
3121 -s "Protocol is TLSv1.3" \
3122 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3123 -s "received signature algorithm: 0x804" \
3124 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3125 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3126 -C "received HelloRetryRequest message"
3127
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3128requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3129requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3130requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3131requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3132requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3133requires_gnutls_tls1_3
3134requires_gnutls_next_no_ticket
3135requires_gnutls_next_disable_tls13_compat
3136run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3137 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3138 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3139 0 \
3140 -s "Protocol is TLSv1.3" \
3141 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3142 -s "received signature algorithm: 0x403" \
3143 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3144 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3145 -C "received HelloRetryRequest message"
3146
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3147requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3148requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3149requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3150requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3151requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3152requires_gnutls_tls1_3
3153requires_gnutls_next_no_ticket
3154requires_gnutls_next_disable_tls13_compat
3155run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3156 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3157 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3158 0 \
3159 -s "Protocol is TLSv1.3" \
3160 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3161 -s "received signature algorithm: 0x503" \
3162 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3163 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3164 -C "received HelloRetryRequest message"
3165
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3166requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3167requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3168requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3169requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3170requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3171requires_gnutls_tls1_3
3172requires_gnutls_next_no_ticket
3173requires_gnutls_next_disable_tls13_compat
3174run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3175 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3176 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3177 0 \
3178 -s "Protocol is TLSv1.3" \
3179 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3180 -s "received signature algorithm: 0x603" \
3181 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3182 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3183 -C "received HelloRetryRequest message"
3184
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3185requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3186requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3187requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3188requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3189requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3190requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3191requires_gnutls_tls1_3
3192requires_gnutls_next_no_ticket
3193requires_gnutls_next_disable_tls13_compat
3194run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3195 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3196 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3197 0 \
3198 -s "Protocol is TLSv1.3" \
3199 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3200 -s "received signature algorithm: 0x804" \
3201 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3202 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3203 -C "received HelloRetryRequest message"
3204
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3205requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3206requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3207requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3208requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3209requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3210requires_gnutls_tls1_3
3211requires_gnutls_next_no_ticket
3212requires_gnutls_next_disable_tls13_compat
3213run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3214 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3215 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3216 0 \
3217 -s "Protocol is TLSv1.3" \
3218 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3219 -s "received signature algorithm: 0x403" \
3220 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3221 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3222 -C "received HelloRetryRequest message"
3223
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3224requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3225requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3226requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3227requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3228requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3229requires_gnutls_tls1_3
3230requires_gnutls_next_no_ticket
3231requires_gnutls_next_disable_tls13_compat
3232run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3233 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3234 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3235 0 \
3236 -s "Protocol is TLSv1.3" \
3237 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3238 -s "received signature algorithm: 0x503" \
3239 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3240 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3241 -C "received HelloRetryRequest message"
3242
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3243requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3244requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3245requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3246requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3247requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3248requires_gnutls_tls1_3
3249requires_gnutls_next_no_ticket
3250requires_gnutls_next_disable_tls13_compat
3251run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3252 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3253 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3254 0 \
3255 -s "Protocol is TLSv1.3" \
3256 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3257 -s "received signature algorithm: 0x603" \
3258 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3259 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3260 -C "received HelloRetryRequest message"
3261
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3262requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3263requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3264requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3265requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3266requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3267requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3268requires_gnutls_tls1_3
3269requires_gnutls_next_no_ticket
3270requires_gnutls_next_disable_tls13_compat
3271run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3272 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3273 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3274 0 \
3275 -s "Protocol is TLSv1.3" \
3276 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3277 -s "received signature algorithm: 0x804" \
3278 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3279 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3280 -C "received HelloRetryRequest message"
3281
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3282requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3283requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3284requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3285requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3286requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3287requires_gnutls_tls1_3
3288requires_gnutls_next_no_ticket
3289requires_gnutls_next_disable_tls13_compat
3290run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3291 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3292 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3293 0 \
3294 -s "Protocol is TLSv1.3" \
3295 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3296 -s "received signature algorithm: 0x403" \
3297 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3298 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3299 -C "received HelloRetryRequest message"
3300
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3301requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3302requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3303requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3304requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3305requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3306requires_gnutls_tls1_3
3307requires_gnutls_next_no_ticket
3308requires_gnutls_next_disable_tls13_compat
3309run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3310 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3311 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3312 0 \
3313 -s "Protocol is TLSv1.3" \
3314 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3315 -s "received signature algorithm: 0x503" \
3316 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3317 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3318 -C "received HelloRetryRequest message"
3319
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3320requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3321requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3322requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3323requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3324requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3325requires_gnutls_tls1_3
3326requires_gnutls_next_no_ticket
3327requires_gnutls_next_disable_tls13_compat
3328run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3329 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3330 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3331 0 \
3332 -s "Protocol is TLSv1.3" \
3333 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3334 -s "received signature algorithm: 0x603" \
3335 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3336 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3337 -C "received HelloRetryRequest message"
3338
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3339requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3340requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3341requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3342requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3343requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3344requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3345requires_gnutls_tls1_3
3346requires_gnutls_next_no_ticket
3347requires_gnutls_next_disable_tls13_compat
3348run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3349 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3350 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3351 0 \
3352 -s "Protocol is TLSv1.3" \
3353 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3354 -s "received signature algorithm: 0x804" \
3355 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3356 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3357 -C "received HelloRetryRequest message"
3358
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3359requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3360requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3361requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3362requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3363requires_gnutls_tls1_3
3364requires_gnutls_next_no_ticket
3365requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3366run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
3367 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3368 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3369 0 \
3370 -s "Protocol is TLSv1.3" \
3371 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3372 -s "received signature algorithm: 0x403" \
3373 -s "got named group: ffdhe2048(0100)" \
3374 -s "Certificate verification was skipped" \
3375 -C "received HelloRetryRequest message"
3376
3377requires_config_enabled MBEDTLS_SSL_SRV_C
3378requires_config_enabled MBEDTLS_DEBUG_C
3379requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3380requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3381requires_gnutls_tls1_3
3382requires_gnutls_next_no_ticket
3383requires_gnutls_next_disable_tls13_compat
3384run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
3385 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3386 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3387 0 \
3388 -s "Protocol is TLSv1.3" \
3389 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3390 -s "received signature algorithm: 0x503" \
3391 -s "got named group: ffdhe2048(0100)" \
3392 -s "Certificate verification was skipped" \
3393 -C "received HelloRetryRequest message"
3394
3395requires_config_enabled MBEDTLS_SSL_SRV_C
3396requires_config_enabled MBEDTLS_DEBUG_C
3397requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3398requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3399requires_gnutls_tls1_3
3400requires_gnutls_next_no_ticket
3401requires_gnutls_next_disable_tls13_compat
3402run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
3403 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3404 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3405 0 \
3406 -s "Protocol is TLSv1.3" \
3407 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3408 -s "received signature algorithm: 0x603" \
3409 -s "got named group: ffdhe2048(0100)" \
3410 -s "Certificate verification was skipped" \
3411 -C "received HelloRetryRequest message"
3412
3413requires_config_enabled MBEDTLS_SSL_SRV_C
3414requires_config_enabled MBEDTLS_DEBUG_C
3415requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3416requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3417requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3418requires_gnutls_tls1_3
3419requires_gnutls_next_no_ticket
3420requires_gnutls_next_disable_tls13_compat
3421run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
3422 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3423 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3424 0 \
3425 -s "Protocol is TLSv1.3" \
3426 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3427 -s "received signature algorithm: 0x804" \
3428 -s "got named group: ffdhe2048(0100)" \
3429 -s "Certificate verification was skipped" \
3430 -C "received HelloRetryRequest message"
3431
3432requires_config_enabled MBEDTLS_SSL_SRV_C
3433requires_config_enabled MBEDTLS_DEBUG_C
3434requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3435requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3436requires_gnutls_tls1_3
3437requires_gnutls_next_no_ticket
3438requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3439run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
3440 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3441 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
3442 0 \
3443 -s "Protocol is TLSv1.3" \
3444 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3445 -s "received signature algorithm: 0x403" \
3446 -s "got named group: ffdhe8192(0104)" \
3447 -s "Certificate verification was skipped" \
3448 -C "received HelloRetryRequest message"
3449
3450requires_config_enabled MBEDTLS_SSL_SRV_C
3451requires_config_enabled MBEDTLS_DEBUG_C
3452requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3453requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3454requires_gnutls_tls1_3
3455requires_gnutls_next_no_ticket
3456requires_gnutls_next_disable_tls13_compat
3457run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
3458 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3459 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
3460 0 \
3461 -s "Protocol is TLSv1.3" \
3462 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3463 -s "received signature algorithm: 0x503" \
3464 -s "got named group: ffdhe8192(0104)" \
3465 -s "Certificate verification was skipped" \
3466 -C "received HelloRetryRequest message"
3467
3468requires_config_enabled MBEDTLS_SSL_SRV_C
3469requires_config_enabled MBEDTLS_DEBUG_C
3470requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3471requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3472requires_gnutls_tls1_3
3473requires_gnutls_next_no_ticket
3474requires_gnutls_next_disable_tls13_compat
3475run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
3476 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3477 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
3478 0 \
3479 -s "Protocol is TLSv1.3" \
3480 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3481 -s "received signature algorithm: 0x603" \
3482 -s "got named group: ffdhe8192(0104)" \
3483 -s "Certificate verification was skipped" \
3484 -C "received HelloRetryRequest message"
3485
3486requires_config_enabled MBEDTLS_SSL_SRV_C
3487requires_config_enabled MBEDTLS_DEBUG_C
3488requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3489requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3490requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3491requires_gnutls_tls1_3
3492requires_gnutls_next_no_ticket
3493requires_gnutls_next_disable_tls13_compat
3494run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
3495 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3496 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
3497 0 \
3498 -s "Protocol is TLSv1.3" \
3499 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3500 -s "received signature algorithm: 0x804" \
3501 -s "got named group: ffdhe8192(0104)" \
3502 -s "Certificate verification was skipped" \
3503 -C "received HelloRetryRequest message"
3504
3505requires_config_enabled MBEDTLS_SSL_SRV_C
3506requires_config_enabled MBEDTLS_DEBUG_C
3507requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3508requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3509requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3510requires_gnutls_tls1_3
3511requires_gnutls_next_no_ticket
3512requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3513run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3514 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3515 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3516 0 \
3517 -s "Protocol is TLSv1.3" \
3518 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3519 -s "received signature algorithm: 0x403" \
3520 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3521 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3522 -C "received HelloRetryRequest message"
3523
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3524requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3525requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3526requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3527requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3528requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3529requires_gnutls_tls1_3
3530requires_gnutls_next_no_ticket
3531requires_gnutls_next_disable_tls13_compat
3532run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3533 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3534 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3535 0 \
3536 -s "Protocol is TLSv1.3" \
3537 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3538 -s "received signature algorithm: 0x503" \
3539 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3540 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3541 -C "received HelloRetryRequest message"
3542
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3543requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3544requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3545requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3546requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3547requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3548requires_gnutls_tls1_3
3549requires_gnutls_next_no_ticket
3550requires_gnutls_next_disable_tls13_compat
3551run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3552 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3553 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3554 0 \
3555 -s "Protocol is TLSv1.3" \
3556 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3557 -s "received signature algorithm: 0x603" \
3558 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3559 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3560 -C "received HelloRetryRequest message"
3561
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3562requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3563requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3564requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3565requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3566requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3567requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3568requires_gnutls_tls1_3
3569requires_gnutls_next_no_ticket
3570requires_gnutls_next_disable_tls13_compat
3571run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3572 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3573 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3574 0 \
3575 -s "Protocol is TLSv1.3" \
3576 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3577 -s "received signature algorithm: 0x804" \
3578 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3579 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3580 -C "received HelloRetryRequest message"
3581
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3582requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3583requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3584requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3585requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3586requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3587requires_gnutls_tls1_3
3588requires_gnutls_next_no_ticket
3589requires_gnutls_next_disable_tls13_compat
3590run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3591 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3592 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3593 0 \
3594 -s "Protocol is TLSv1.3" \
3595 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3596 -s "received signature algorithm: 0x403" \
3597 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3598 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3599 -C "received HelloRetryRequest message"
3600
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3601requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3602requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3603requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3604requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3605requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3606requires_gnutls_tls1_3
3607requires_gnutls_next_no_ticket
3608requires_gnutls_next_disable_tls13_compat
3609run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3610 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3611 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3612 0 \
3613 -s "Protocol is TLSv1.3" \
3614 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3615 -s "received signature algorithm: 0x503" \
3616 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3617 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3618 -C "received HelloRetryRequest message"
3619
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3620requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3621requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3622requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3623requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3624requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3625requires_gnutls_tls1_3
3626requires_gnutls_next_no_ticket
3627requires_gnutls_next_disable_tls13_compat
3628run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3629 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3630 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3631 0 \
3632 -s "Protocol is TLSv1.3" \
3633 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3634 -s "received signature algorithm: 0x603" \
3635 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3636 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3637 -C "received HelloRetryRequest message"
3638
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3639requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3640requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3641requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3642requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3643requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3644requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3645requires_gnutls_tls1_3
3646requires_gnutls_next_no_ticket
3647requires_gnutls_next_disable_tls13_compat
3648run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3649 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3650 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3651 0 \
3652 -s "Protocol is TLSv1.3" \
3653 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3654 -s "received signature algorithm: 0x804" \
3655 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3656 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3657 -C "received HelloRetryRequest message"
3658
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3659requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3660requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3661requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3662requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3663requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3664requires_gnutls_tls1_3
3665requires_gnutls_next_no_ticket
3666requires_gnutls_next_disable_tls13_compat
3667run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3668 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3669 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3670 0 \
3671 -s "Protocol is TLSv1.3" \
3672 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3673 -s "received signature algorithm: 0x403" \
3674 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3675 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3676 -C "received HelloRetryRequest message"
3677
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3678requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3679requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3680requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3681requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3682requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3683requires_gnutls_tls1_3
3684requires_gnutls_next_no_ticket
3685requires_gnutls_next_disable_tls13_compat
3686run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3687 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3688 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3689 0 \
3690 -s "Protocol is TLSv1.3" \
3691 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3692 -s "received signature algorithm: 0x503" \
3693 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3694 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3695 -C "received HelloRetryRequest message"
3696
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3697requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3698requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3699requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3700requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3701requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3702requires_gnutls_tls1_3
3703requires_gnutls_next_no_ticket
3704requires_gnutls_next_disable_tls13_compat
3705run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3706 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3707 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3708 0 \
3709 -s "Protocol is TLSv1.3" \
3710 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3711 -s "received signature algorithm: 0x603" \
3712 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3713 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3714 -C "received HelloRetryRequest message"
3715
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3716requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3717requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3718requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3719requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3720requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3721requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3722requires_gnutls_tls1_3
3723requires_gnutls_next_no_ticket
3724requires_gnutls_next_disable_tls13_compat
3725run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3726 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3727 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3728 0 \
3729 -s "Protocol is TLSv1.3" \
3730 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3731 -s "received signature algorithm: 0x804" \
3732 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3733 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3734 -C "received HelloRetryRequest message"
3735
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3736requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3737requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3738requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3739requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3740requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3741requires_gnutls_tls1_3
3742requires_gnutls_next_no_ticket
3743requires_gnutls_next_disable_tls13_compat
3744run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3745 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3746 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3747 0 \
3748 -s "Protocol is TLSv1.3" \
3749 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3750 -s "received signature algorithm: 0x403" \
3751 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3752 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3753 -C "received HelloRetryRequest message"
3754
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3755requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3756requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3757requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3758requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3759requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3760requires_gnutls_tls1_3
3761requires_gnutls_next_no_ticket
3762requires_gnutls_next_disable_tls13_compat
3763run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3764 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3765 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3766 0 \
3767 -s "Protocol is TLSv1.3" \
3768 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3769 -s "received signature algorithm: 0x503" \
3770 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3771 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3772 -C "received HelloRetryRequest message"
3773
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3774requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3775requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3776requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3777requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3778requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3779requires_gnutls_tls1_3
3780requires_gnutls_next_no_ticket
3781requires_gnutls_next_disable_tls13_compat
3782run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3783 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3784 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3785 0 \
3786 -s "Protocol is TLSv1.3" \
3787 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3788 -s "received signature algorithm: 0x603" \
3789 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3790 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3791 -C "received HelloRetryRequest message"
3792
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3793requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3794requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3795requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3796requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3797requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3798requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3799requires_gnutls_tls1_3
3800requires_gnutls_next_no_ticket
3801requires_gnutls_next_disable_tls13_compat
3802run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3803 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3804 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3805 0 \
3806 -s "Protocol is TLSv1.3" \
3807 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3808 -s "received signature algorithm: 0x804" \
3809 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3810 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3811 -C "received HelloRetryRequest message"
3812
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3813requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3814requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3815requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3816requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3817requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3818requires_gnutls_tls1_3
3819requires_gnutls_next_no_ticket
3820requires_gnutls_next_disable_tls13_compat
3821run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3822 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3823 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3824 0 \
3825 -s "Protocol is TLSv1.3" \
3826 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3827 -s "received signature algorithm: 0x403" \
3828 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3829 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3830 -C "received HelloRetryRequest message"
3831
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3832requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3833requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3834requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3835requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3836requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3837requires_gnutls_tls1_3
3838requires_gnutls_next_no_ticket
3839requires_gnutls_next_disable_tls13_compat
3840run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3841 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3842 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3843 0 \
3844 -s "Protocol is TLSv1.3" \
3845 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3846 -s "received signature algorithm: 0x503" \
3847 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3848 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3849 -C "received HelloRetryRequest message"
3850
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3851requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3852requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3853requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3854requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3855requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3856requires_gnutls_tls1_3
3857requires_gnutls_next_no_ticket
3858requires_gnutls_next_disable_tls13_compat
3859run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3860 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3861 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3862 0 \
3863 -s "Protocol is TLSv1.3" \
3864 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3865 -s "received signature algorithm: 0x603" \
3866 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3867 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3868 -C "received HelloRetryRequest message"
3869
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3870requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3871requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3872requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3873requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3874requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]3875requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3876requires_gnutls_tls1_3
3877requires_gnutls_next_no_ticket
3878requires_gnutls_next_disable_tls13_compat
3879run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3880 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3881 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3882 0 \
3883 -s "Protocol is TLSv1.3" \
3884 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3885 -s "received signature algorithm: 0x804" \
3886 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3887 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3888 -C "received HelloRetryRequest message"
3889
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3890requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3891requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3892requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3893requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3894requires_gnutls_tls1_3
3895requires_gnutls_next_no_ticket
3896requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3897run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
3898 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3899 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3900 0 \
3901 -s "Protocol is TLSv1.3" \
3902 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3903 -s "received signature algorithm: 0x403" \
3904 -s "got named group: ffdhe2048(0100)" \
3905 -s "Certificate verification was skipped" \
3906 -C "received HelloRetryRequest message"
3907
3908requires_config_enabled MBEDTLS_SSL_SRV_C
3909requires_config_enabled MBEDTLS_DEBUG_C
3910requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3911requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3912requires_gnutls_tls1_3
3913requires_gnutls_next_no_ticket
3914requires_gnutls_next_disable_tls13_compat
3915run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
3916 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3917 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3918 0 \
3919 -s "Protocol is TLSv1.3" \
3920 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3921 -s "received signature algorithm: 0x503" \
3922 -s "got named group: ffdhe2048(0100)" \
3923 -s "Certificate verification was skipped" \
3924 -C "received HelloRetryRequest message"
3925
3926requires_config_enabled MBEDTLS_SSL_SRV_C
3927requires_config_enabled MBEDTLS_DEBUG_C
3928requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3929requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3930requires_gnutls_tls1_3
3931requires_gnutls_next_no_ticket
3932requires_gnutls_next_disable_tls13_compat
3933run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
3934 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3935 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3936 0 \
3937 -s "Protocol is TLSv1.3" \
3938 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3939 -s "received signature algorithm: 0x603" \
3940 -s "got named group: ffdhe2048(0100)" \
3941 -s "Certificate verification was skipped" \
3942 -C "received HelloRetryRequest message"
3943
3944requires_config_enabled MBEDTLS_SSL_SRV_C
3945requires_config_enabled MBEDTLS_DEBUG_C
3946requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3947requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3948requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3949requires_gnutls_tls1_3
3950requires_gnutls_next_no_ticket
3951requires_gnutls_next_disable_tls13_compat
3952run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
3953 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3954 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3955 0 \
3956 -s "Protocol is TLSv1.3" \
3957 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3958 -s "received signature algorithm: 0x804" \
3959 -s "got named group: ffdhe2048(0100)" \
3960 -s "Certificate verification was skipped" \
3961 -C "received HelloRetryRequest message"
3962
3963requires_config_enabled MBEDTLS_SSL_SRV_C
3964requires_config_enabled MBEDTLS_DEBUG_C
3965requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3966requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3967requires_gnutls_tls1_3
3968requires_gnutls_next_no_ticket
3969requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3970run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
3971 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3972 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
3973 0 \
3974 -s "Protocol is TLSv1.3" \
3975 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3976 -s "received signature algorithm: 0x403" \
3977 -s "got named group: ffdhe8192(0104)" \
3978 -s "Certificate verification was skipped" \
3979 -C "received HelloRetryRequest message"
3980
3981requires_config_enabled MBEDTLS_SSL_SRV_C
3982requires_config_enabled MBEDTLS_DEBUG_C
3983requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3984requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3985requires_gnutls_tls1_3
3986requires_gnutls_next_no_ticket
3987requires_gnutls_next_disable_tls13_compat
3988run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
3989 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3990 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
3991 0 \
3992 -s "Protocol is TLSv1.3" \
3993 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3994 -s "received signature algorithm: 0x503" \
3995 -s "got named group: ffdhe8192(0104)" \
3996 -s "Certificate verification was skipped" \
3997 -C "received HelloRetryRequest message"
3998
3999requires_config_enabled MBEDTLS_SSL_SRV_C
4000requires_config_enabled MBEDTLS_DEBUG_C
4001requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4002requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4003requires_gnutls_tls1_3
4004requires_gnutls_next_no_ticket
4005requires_gnutls_next_disable_tls13_compat
4006run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
4007 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4008 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4009 0 \
4010 -s "Protocol is TLSv1.3" \
4011 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
4012 -s "received signature algorithm: 0x603" \
4013 -s "got named group: ffdhe8192(0104)" \
4014 -s "Certificate verification was skipped" \
4015 -C "received HelloRetryRequest message"
4016
4017requires_config_enabled MBEDTLS_SSL_SRV_C
4018requires_config_enabled MBEDTLS_DEBUG_C
4019requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4020requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4021requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4022requires_gnutls_tls1_3
4023requires_gnutls_next_no_ticket
4024requires_gnutls_next_disable_tls13_compat
4025run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
4026 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4027 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4028 0 \
4029 -s "Protocol is TLSv1.3" \
4030 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
4031 -s "received signature algorithm: 0x804" \
4032 -s "got named group: ffdhe8192(0104)" \
4033 -s "Certificate verification was skipped" \
4034 -C "received HelloRetryRequest message"
4035
4036requires_config_enabled MBEDTLS_SSL_SRV_C
4037requires_config_enabled MBEDTLS_DEBUG_C
4038requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4039requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4040requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4041requires_gnutls_tls1_3
4042requires_gnutls_next_no_ticket
4043requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4044run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4045 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4046 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4047 0 \
4048 -s "Protocol is TLSv1.3" \
4049 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4050 -s "received signature algorithm: 0x403" \
4051 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4052 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4053 -C "received HelloRetryRequest message"
4054
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4055requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4056requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4057requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4058requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4059requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4060requires_gnutls_tls1_3
4061requires_gnutls_next_no_ticket
4062requires_gnutls_next_disable_tls13_compat
4063run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4064 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4065 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4066 0 \
4067 -s "Protocol is TLSv1.3" \
4068 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4069 -s "received signature algorithm: 0x503" \
4070 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4071 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4072 -C "received HelloRetryRequest message"
4073
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4074requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4075requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4076requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4077requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4078requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4079requires_gnutls_tls1_3
4080requires_gnutls_next_no_ticket
4081requires_gnutls_next_disable_tls13_compat
4082run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4083 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4084 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4085 0 \
4086 -s "Protocol is TLSv1.3" \
4087 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4088 -s "received signature algorithm: 0x603" \
4089 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4090 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4091 -C "received HelloRetryRequest message"
4092
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4093requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4094requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4095requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4096requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4097requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4098requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4099requires_gnutls_tls1_3
4100requires_gnutls_next_no_ticket
4101requires_gnutls_next_disable_tls13_compat
4102run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4103 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4104 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4105 0 \
4106 -s "Protocol is TLSv1.3" \
4107 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4108 -s "received signature algorithm: 0x804" \
4109 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4110 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4111 -C "received HelloRetryRequest message"
4112
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4113requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4114requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4115requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4116requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4117requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4118requires_gnutls_tls1_3
4119requires_gnutls_next_no_ticket
4120requires_gnutls_next_disable_tls13_compat
4121run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4122 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4123 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4124 0 \
4125 -s "Protocol is TLSv1.3" \
4126 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4127 -s "received signature algorithm: 0x403" \
4128 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4129 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4130 -C "received HelloRetryRequest message"
4131
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4132requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4133requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4134requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4135requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4136requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4137requires_gnutls_tls1_3
4138requires_gnutls_next_no_ticket
4139requires_gnutls_next_disable_tls13_compat
4140run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4141 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4142 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4143 0 \
4144 -s "Protocol is TLSv1.3" \
4145 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4146 -s "received signature algorithm: 0x503" \
4147 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4148 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4149 -C "received HelloRetryRequest message"
4150
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4151requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4152requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4153requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4154requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4155requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4156requires_gnutls_tls1_3
4157requires_gnutls_next_no_ticket
4158requires_gnutls_next_disable_tls13_compat
4159run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4160 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4161 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4162 0 \
4163 -s "Protocol is TLSv1.3" \
4164 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4165 -s "received signature algorithm: 0x603" \
4166 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4167 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4168 -C "received HelloRetryRequest message"
4169
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4170requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4171requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4172requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4173requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4174requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4175requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4176requires_gnutls_tls1_3
4177requires_gnutls_next_no_ticket
4178requires_gnutls_next_disable_tls13_compat
4179run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4180 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4181 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4182 0 \
4183 -s "Protocol is TLSv1.3" \
4184 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4185 -s "received signature algorithm: 0x804" \
4186 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4187 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4188 -C "received HelloRetryRequest message"
4189
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4190requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4191requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4192requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4193requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4194requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4195requires_gnutls_tls1_3
4196requires_gnutls_next_no_ticket
4197requires_gnutls_next_disable_tls13_compat
4198run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4199 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4200 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4201 0 \
4202 -s "Protocol is TLSv1.3" \
4203 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4204 -s "received signature algorithm: 0x403" \
4205 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4206 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4207 -C "received HelloRetryRequest message"
4208
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4209requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4210requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4211requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4212requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4213requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4214requires_gnutls_tls1_3
4215requires_gnutls_next_no_ticket
4216requires_gnutls_next_disable_tls13_compat
4217run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4218 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4219 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4220 0 \
4221 -s "Protocol is TLSv1.3" \
4222 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4223 -s "received signature algorithm: 0x503" \
4224 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4225 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4226 -C "received HelloRetryRequest message"
4227
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4228requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4229requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4230requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4231requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4232requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4233requires_gnutls_tls1_3
4234requires_gnutls_next_no_ticket
4235requires_gnutls_next_disable_tls13_compat
4236run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4237 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4238 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4239 0 \
4240 -s "Protocol is TLSv1.3" \
4241 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4242 -s "received signature algorithm: 0x603" \
4243 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4244 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4245 -C "received HelloRetryRequest message"
4246
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4247requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4248requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4249requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4250requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4251requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4252requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4253requires_gnutls_tls1_3
4254requires_gnutls_next_no_ticket
4255requires_gnutls_next_disable_tls13_compat
4256run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4257 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4258 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4259 0 \
4260 -s "Protocol is TLSv1.3" \
4261 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4262 -s "received signature algorithm: 0x804" \
4263 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4264 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4265 -C "received HelloRetryRequest message"
4266
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4267requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4268requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4269requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4270requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4271requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4272requires_gnutls_tls1_3
4273requires_gnutls_next_no_ticket
4274requires_gnutls_next_disable_tls13_compat
4275run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4276 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4277 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4278 0 \
4279 -s "Protocol is TLSv1.3" \
4280 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4281 -s "received signature algorithm: 0x403" \
4282 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4283 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4284 -C "received HelloRetryRequest message"
4285
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4286requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4287requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4288requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4289requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4290requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4291requires_gnutls_tls1_3
4292requires_gnutls_next_no_ticket
4293requires_gnutls_next_disable_tls13_compat
4294run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4295 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4296 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4297 0 \
4298 -s "Protocol is TLSv1.3" \
4299 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4300 -s "received signature algorithm: 0x503" \
4301 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4302 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4303 -C "received HelloRetryRequest message"
4304
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4305requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4306requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4307requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4308requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4309requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4310requires_gnutls_tls1_3
4311requires_gnutls_next_no_ticket
4312requires_gnutls_next_disable_tls13_compat
4313run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4314 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4315 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4316 0 \
4317 -s "Protocol is TLSv1.3" \
4318 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4319 -s "received signature algorithm: 0x603" \
4320 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4321 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4322 -C "received HelloRetryRequest message"
4323
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4324requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4325requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4326requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4327requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4328requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4329requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4330requires_gnutls_tls1_3
4331requires_gnutls_next_no_ticket
4332requires_gnutls_next_disable_tls13_compat
4333run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4334 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4335 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4336 0 \
4337 -s "Protocol is TLSv1.3" \
4338 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4339 -s "received signature algorithm: 0x804" \
4340 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4341 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4342 -C "received HelloRetryRequest message"
4343
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4344requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4345requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4346requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4347requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4348requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4349requires_gnutls_tls1_3
4350requires_gnutls_next_no_ticket
4351requires_gnutls_next_disable_tls13_compat
4352run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4353 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4354 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4355 0 \
4356 -s "Protocol is TLSv1.3" \
4357 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4358 -s "received signature algorithm: 0x403" \
4359 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4360 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4361 -C "received HelloRetryRequest message"
4362
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4363requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4364requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4365requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4366requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4367requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4368requires_gnutls_tls1_3
4369requires_gnutls_next_no_ticket
4370requires_gnutls_next_disable_tls13_compat
4371run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4372 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4373 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4374 0 \
4375 -s "Protocol is TLSv1.3" \
4376 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4377 -s "received signature algorithm: 0x503" \
4378 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4379 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4380 -C "received HelloRetryRequest message"
4381
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4382requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4383requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4384requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4385requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4386requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4387requires_gnutls_tls1_3
4388requires_gnutls_next_no_ticket
4389requires_gnutls_next_disable_tls13_compat
4390run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4391 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4392 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4393 0 \
4394 -s "Protocol is TLSv1.3" \
4395 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4396 -s "received signature algorithm: 0x603" \
4397 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4398 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4399 -C "received HelloRetryRequest message"
4400
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4401requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4402requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4403requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4404requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4405requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4406requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4407requires_gnutls_tls1_3
4408requires_gnutls_next_no_ticket
4409requires_gnutls_next_disable_tls13_compat
4410run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4411 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4412 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4413 0 \
4414 -s "Protocol is TLSv1.3" \
4415 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4416 -s "received signature algorithm: 0x804" \
4417 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4418 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4419 -C "received HelloRetryRequest message"
4420
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4421requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4422requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4423requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4424requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4425requires_gnutls_tls1_3
4426requires_gnutls_next_no_ticket
4427requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4428run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
4429 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4430 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
4431 0 \
4432 -s "Protocol is TLSv1.3" \
4433 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4434 -s "received signature algorithm: 0x403" \
4435 -s "got named group: ffdhe2048(0100)" \
4436 -s "Certificate verification was skipped" \
4437 -C "received HelloRetryRequest message"
4438
4439requires_config_enabled MBEDTLS_SSL_SRV_C
4440requires_config_enabled MBEDTLS_DEBUG_C
4441requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4442requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4443requires_gnutls_tls1_3
4444requires_gnutls_next_no_ticket
4445requires_gnutls_next_disable_tls13_compat
4446run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
4447 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4448 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
4449 0 \
4450 -s "Protocol is TLSv1.3" \
4451 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4452 -s "received signature algorithm: 0x503" \
4453 -s "got named group: ffdhe2048(0100)" \
4454 -s "Certificate verification was skipped" \
4455 -C "received HelloRetryRequest message"
4456
4457requires_config_enabled MBEDTLS_SSL_SRV_C
4458requires_config_enabled MBEDTLS_DEBUG_C
4459requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4460requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4461requires_gnutls_tls1_3
4462requires_gnutls_next_no_ticket
4463requires_gnutls_next_disable_tls13_compat
4464run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
4465 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4466 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
4467 0 \
4468 -s "Protocol is TLSv1.3" \
4469 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4470 -s "received signature algorithm: 0x603" \
4471 -s "got named group: ffdhe2048(0100)" \
4472 -s "Certificate verification was skipped" \
4473 -C "received HelloRetryRequest message"
4474
4475requires_config_enabled MBEDTLS_SSL_SRV_C
4476requires_config_enabled MBEDTLS_DEBUG_C
4477requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4478requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4479requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4480requires_gnutls_tls1_3
4481requires_gnutls_next_no_ticket
4482requires_gnutls_next_disable_tls13_compat
4483run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
4484 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4485 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
4486 0 \
4487 -s "Protocol is TLSv1.3" \
4488 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4489 -s "received signature algorithm: 0x804" \
4490 -s "got named group: ffdhe2048(0100)" \
4491 -s "Certificate verification was skipped" \
4492 -C "received HelloRetryRequest message"
4493
4494requires_config_enabled MBEDTLS_SSL_SRV_C
4495requires_config_enabled MBEDTLS_DEBUG_C
4496requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4497requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4498requires_gnutls_tls1_3
4499requires_gnutls_next_no_ticket
4500requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4501run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
4502 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4503 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4504 0 \
4505 -s "Protocol is TLSv1.3" \
4506 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4507 -s "received signature algorithm: 0x403" \
4508 -s "got named group: ffdhe8192(0104)" \
4509 -s "Certificate verification was skipped" \
4510 -C "received HelloRetryRequest message"
4511
4512requires_config_enabled MBEDTLS_SSL_SRV_C
4513requires_config_enabled MBEDTLS_DEBUG_C
4514requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4515requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4516requires_gnutls_tls1_3
4517requires_gnutls_next_no_ticket
4518requires_gnutls_next_disable_tls13_compat
4519run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
4520 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4521 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4522 0 \
4523 -s "Protocol is TLSv1.3" \
4524 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4525 -s "received signature algorithm: 0x503" \
4526 -s "got named group: ffdhe8192(0104)" \
4527 -s "Certificate verification was skipped" \
4528 -C "received HelloRetryRequest message"
4529
4530requires_config_enabled MBEDTLS_SSL_SRV_C
4531requires_config_enabled MBEDTLS_DEBUG_C
4532requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4533requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4534requires_gnutls_tls1_3
4535requires_gnutls_next_no_ticket
4536requires_gnutls_next_disable_tls13_compat
4537run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
4538 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4539 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4540 0 \
4541 -s "Protocol is TLSv1.3" \
4542 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4543 -s "received signature algorithm: 0x603" \
4544 -s "got named group: ffdhe8192(0104)" \
4545 -s "Certificate verification was skipped" \
4546 -C "received HelloRetryRequest message"
4547
4548requires_config_enabled MBEDTLS_SSL_SRV_C
4549requires_config_enabled MBEDTLS_DEBUG_C
4550requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4551requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4552requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4553requires_gnutls_tls1_3
4554requires_gnutls_next_no_ticket
4555requires_gnutls_next_disable_tls13_compat
4556run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
4557 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4558 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4559 0 \
4560 -s "Protocol is TLSv1.3" \
4561 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
4562 -s "received signature algorithm: 0x804" \
4563 -s "got named group: ffdhe8192(0104)" \
4564 -s "Certificate verification was skipped" \
4565 -C "received HelloRetryRequest message"
4566
4567requires_config_enabled MBEDTLS_SSL_SRV_C
4568requires_config_enabled MBEDTLS_DEBUG_C
4569requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4570requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4571requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4572requires_gnutls_tls1_3
4573requires_gnutls_next_no_ticket
4574requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4575run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4576 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4577 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4578 0 \
4579 -s "Protocol is TLSv1.3" \
4580 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4581 -s "received signature algorithm: 0x403" \
4582 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4583 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4584 -C "received HelloRetryRequest message"
4585
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4586requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4587requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4588requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4589requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4590requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4591requires_gnutls_tls1_3
4592requires_gnutls_next_no_ticket
4593requires_gnutls_next_disable_tls13_compat
4594run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4595 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4596 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4597 0 \
4598 -s "Protocol is TLSv1.3" \
4599 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4600 -s "received signature algorithm: 0x503" \
4601 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4602 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4603 -C "received HelloRetryRequest message"
4604
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4605requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4606requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4607requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4608requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4609requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4610requires_gnutls_tls1_3
4611requires_gnutls_next_no_ticket
4612requires_gnutls_next_disable_tls13_compat
4613run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4614 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4615 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4616 0 \
4617 -s "Protocol is TLSv1.3" \
4618 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4619 -s "received signature algorithm: 0x603" \
4620 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4621 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4622 -C "received HelloRetryRequest message"
4623
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4624requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4625requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4626requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4627requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4628requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4629requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4630requires_gnutls_tls1_3
4631requires_gnutls_next_no_ticket
4632requires_gnutls_next_disable_tls13_compat
4633run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4634 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4635 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4636 0 \
4637 -s "Protocol is TLSv1.3" \
4638 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4639 -s "received signature algorithm: 0x804" \
4640 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4641 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4642 -C "received HelloRetryRequest message"
4643
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4644requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4645requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4646requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4647requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4648requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4649requires_gnutls_tls1_3
4650requires_gnutls_next_no_ticket
4651requires_gnutls_next_disable_tls13_compat
4652run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4653 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4654 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4655 0 \
4656 -s "Protocol is TLSv1.3" \
4657 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4658 -s "received signature algorithm: 0x403" \
4659 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4660 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4661 -C "received HelloRetryRequest message"
4662
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4663requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4664requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4665requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4666requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4667requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4668requires_gnutls_tls1_3
4669requires_gnutls_next_no_ticket
4670requires_gnutls_next_disable_tls13_compat
4671run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4672 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4673 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4674 0 \
4675 -s "Protocol is TLSv1.3" \
4676 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4677 -s "received signature algorithm: 0x503" \
4678 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4679 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4680 -C "received HelloRetryRequest message"
4681
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4682requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4683requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4684requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4685requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4686requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4687requires_gnutls_tls1_3
4688requires_gnutls_next_no_ticket
4689requires_gnutls_next_disable_tls13_compat
4690run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4691 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4692 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4693 0 \
4694 -s "Protocol is TLSv1.3" \
4695 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4696 -s "received signature algorithm: 0x603" \
4697 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4698 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4699 -C "received HelloRetryRequest message"
4700
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4701requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4702requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4703requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4704requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4705requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4706requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4707requires_gnutls_tls1_3
4708requires_gnutls_next_no_ticket
4709requires_gnutls_next_disable_tls13_compat
4710run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4711 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4712 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4713 0 \
4714 -s "Protocol is TLSv1.3" \
4715 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4716 -s "received signature algorithm: 0x804" \
4717 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4718 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4719 -C "received HelloRetryRequest message"
4720
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4721requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4722requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4723requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4724requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4725requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4726requires_gnutls_tls1_3
4727requires_gnutls_next_no_ticket
4728requires_gnutls_next_disable_tls13_compat
4729run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4730 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4731 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4732 0 \
4733 -s "Protocol is TLSv1.3" \
4734 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4735 -s "received signature algorithm: 0x403" \
4736 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4737 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4738 -C "received HelloRetryRequest message"
4739
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4740requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4741requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4742requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4743requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4744requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4745requires_gnutls_tls1_3
4746requires_gnutls_next_no_ticket
4747requires_gnutls_next_disable_tls13_compat
4748run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4749 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4750 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4751 0 \
4752 -s "Protocol is TLSv1.3" \
4753 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4754 -s "received signature algorithm: 0x503" \
4755 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4756 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4757 -C "received HelloRetryRequest message"
4758
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4759requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4760requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4761requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4762requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4763requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4764requires_gnutls_tls1_3
4765requires_gnutls_next_no_ticket
4766requires_gnutls_next_disable_tls13_compat
4767run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4768 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4769 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4770 0 \
4771 -s "Protocol is TLSv1.3" \
4772 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4773 -s "received signature algorithm: 0x603" \
4774 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4775 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4776 -C "received HelloRetryRequest message"
4777
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4778requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4779requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4780requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4781requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4782requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4783requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4784requires_gnutls_tls1_3
4785requires_gnutls_next_no_ticket
4786requires_gnutls_next_disable_tls13_compat
4787run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4788 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4789 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4790 0 \
4791 -s "Protocol is TLSv1.3" \
4792 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4793 -s "received signature algorithm: 0x804" \
4794 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4795 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4796 -C "received HelloRetryRequest message"
4797
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4798requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4799requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4800requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4801requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4802requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4803requires_gnutls_tls1_3
4804requires_gnutls_next_no_ticket
4805requires_gnutls_next_disable_tls13_compat
4806run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4807 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4808 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4809 0 \
4810 -s "Protocol is TLSv1.3" \
4811 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4812 -s "received signature algorithm: 0x403" \
4813 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4814 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4815 -C "received HelloRetryRequest message"
4816
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4817requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4818requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4819requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4820requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4821requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4822requires_gnutls_tls1_3
4823requires_gnutls_next_no_ticket
4824requires_gnutls_next_disable_tls13_compat
4825run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4826 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4827 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4828 0 \
4829 -s "Protocol is TLSv1.3" \
4830 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4831 -s "received signature algorithm: 0x503" \
4832 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4833 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4834 -C "received HelloRetryRequest message"
4835
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4836requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4837requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4838requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4839requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4840requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4841requires_gnutls_tls1_3
4842requires_gnutls_next_no_ticket
4843requires_gnutls_next_disable_tls13_compat
4844run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4845 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4846 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4847 0 \
4848 -s "Protocol is TLSv1.3" \
4849 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4850 -s "received signature algorithm: 0x603" \
4851 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4852 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4853 -C "received HelloRetryRequest message"
4854
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4855requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4856requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4857requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4858requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4859requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4860requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4861requires_gnutls_tls1_3
4862requires_gnutls_next_no_ticket
4863requires_gnutls_next_disable_tls13_compat
4864run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4865 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4866 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4867 0 \
4868 -s "Protocol is TLSv1.3" \
4869 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4870 -s "received signature algorithm: 0x804" \
4871 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4872 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4873 -C "received HelloRetryRequest message"
4874
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4875requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4876requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4877requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4878requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4879requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4880requires_gnutls_tls1_3
4881requires_gnutls_next_no_ticket
4882requires_gnutls_next_disable_tls13_compat
4883run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4884 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4885 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4886 0 \
4887 -s "Protocol is TLSv1.3" \
4888 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4889 -s "received signature algorithm: 0x403" \
4890 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4891 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4892 -C "received HelloRetryRequest message"
4893
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4894requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4895requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4896requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4897requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4898requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4899requires_gnutls_tls1_3
4900requires_gnutls_next_no_ticket
4901requires_gnutls_next_disable_tls13_compat
4902run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4903 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4904 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4905 0 \
4906 -s "Protocol is TLSv1.3" \
4907 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4908 -s "received signature algorithm: 0x503" \
4909 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4910 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4911 -C "received HelloRetryRequest message"
4912
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4913requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4914requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4915requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4916requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4917requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4918requires_gnutls_tls1_3
4919requires_gnutls_next_no_ticket
4920requires_gnutls_next_disable_tls13_compat
4921run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4922 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4923 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4924 0 \
4925 -s "Protocol is TLSv1.3" \
4926 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4927 -s "received signature algorithm: 0x603" \
4928 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4929 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4930 -C "received HelloRetryRequest message"
4931
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4932requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4933requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4934requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4935requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4936requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]4937requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4938requires_gnutls_tls1_3
4939requires_gnutls_next_no_ticket
4940requires_gnutls_next_disable_tls13_compat
4941run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4942 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4943 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4944 0 \
4945 -s "Protocol is TLSv1.3" \
4946 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4947 -s "received signature algorithm: 0x804" \
4948 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4949 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4950 -C "received HelloRetryRequest message"
4951
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4952requires_config_enabled MBEDTLS_SSL_SRV_C
4953requires_config_enabled MBEDTLS_DEBUG_C
4954requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4955requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4956requires_gnutls_tls1_3
4957requires_gnutls_next_no_ticket
4958requires_gnutls_next_disable_tls13_compat
4959run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
4960 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4961 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
4962 0 \
4963 -s "Protocol is TLSv1.3" \
4964 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4965 -s "received signature algorithm: 0x403" \
4966 -s "got named group: ffdhe2048(0100)" \
4967 -s "Certificate verification was skipped" \
4968 -C "received HelloRetryRequest message"
4969
4970requires_config_enabled MBEDTLS_SSL_SRV_C
4971requires_config_enabled MBEDTLS_DEBUG_C
4972requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4973requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4974requires_gnutls_tls1_3
4975requires_gnutls_next_no_ticket
4976requires_gnutls_next_disable_tls13_compat
4977run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
4978 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4979 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
4980 0 \
4981 -s "Protocol is TLSv1.3" \
4982 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4983 -s "received signature algorithm: 0x503" \
4984 -s "got named group: ffdhe2048(0100)" \
4985 -s "Certificate verification was skipped" \
4986 -C "received HelloRetryRequest message"
4987
4988requires_config_enabled MBEDTLS_SSL_SRV_C
4989requires_config_enabled MBEDTLS_DEBUG_C
4990requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4991requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4992requires_gnutls_tls1_3
4993requires_gnutls_next_no_ticket
4994requires_gnutls_next_disable_tls13_compat
4995run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
4996 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4997 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
4998 0 \
4999 -s "Protocol is TLSv1.3" \
5000 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
5001 -s "received signature algorithm: 0x603" \
5002 -s "got named group: ffdhe2048(0100)" \
5003 -s "Certificate verification was skipped" \
5004 -C "received HelloRetryRequest message"
5005
5006requires_config_enabled MBEDTLS_SSL_SRV_C
5007requires_config_enabled MBEDTLS_DEBUG_C
5008requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5009requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5010requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5011requires_gnutls_tls1_3
5012requires_gnutls_next_no_ticket
5013requires_gnutls_next_disable_tls13_compat
5014run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
5015 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5016 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
5017 0 \
5018 -s "Protocol is TLSv1.3" \
5019 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
5020 -s "received signature algorithm: 0x804" \
5021 -s "got named group: ffdhe2048(0100)" \
5022 -s "Certificate verification was skipped" \
5023 -C "received HelloRetryRequest message"
5024
5025requires_config_enabled MBEDTLS_SSL_SRV_C
5026requires_config_enabled MBEDTLS_DEBUG_C
5027requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5028requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5029requires_gnutls_tls1_3
5030requires_gnutls_next_no_ticket
5031requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5032run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
5033 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5034 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
5035 0 \
5036 -s "Protocol is TLSv1.3" \
5037 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
5038 -s "received signature algorithm: 0x403" \
5039 -s "got named group: ffdhe8192(0104)" \
5040 -s "Certificate verification was skipped" \
5041 -C "received HelloRetryRequest message"
5042
5043requires_config_enabled MBEDTLS_SSL_SRV_C
5044requires_config_enabled MBEDTLS_DEBUG_C
5045requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5046requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5047requires_gnutls_tls1_3
5048requires_gnutls_next_no_ticket
5049requires_gnutls_next_disable_tls13_compat
5050run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
5051 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5052 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
5053 0 \
5054 -s "Protocol is TLSv1.3" \
5055 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
5056 -s "received signature algorithm: 0x503" \
5057 -s "got named group: ffdhe8192(0104)" \
5058 -s "Certificate verification was skipped" \
5059 -C "received HelloRetryRequest message"
5060
5061requires_config_enabled MBEDTLS_SSL_SRV_C
5062requires_config_enabled MBEDTLS_DEBUG_C
5063requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5064requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5065requires_gnutls_tls1_3
5066requires_gnutls_next_no_ticket
5067requires_gnutls_next_disable_tls13_compat
5068run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
5069 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5070 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
5071 0 \
5072 -s "Protocol is TLSv1.3" \
5073 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
5074 -s "received signature algorithm: 0x603" \
5075 -s "got named group: ffdhe8192(0104)" \
5076 -s "Certificate verification was skipped" \
5077 -C "received HelloRetryRequest message"
5078
5079requires_config_enabled MBEDTLS_SSL_SRV_C
5080requires_config_enabled MBEDTLS_DEBUG_C
5081requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5082requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5083requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5084requires_gnutls_tls1_3
5085requires_gnutls_next_no_ticket
5086requires_gnutls_next_disable_tls13_compat
5087run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
5088 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5089 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
5090 0 \
5091 -s "Protocol is TLSv1.3" \
5092 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
5093 -s "received signature algorithm: 0x804" \
5094 -s "got named group: ffdhe8192(0104)" \
5095 -s "Certificate verification was skipped" \
5096 -C "received HelloRetryRequest message"
5097
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5098requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5099requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5100requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5101requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5102requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5103requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5104run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5105 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5106 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5107 0 \
5108 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5109 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5110 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5111 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5112 -c "NamedGroup: secp256r1 ( 17 )" \
5113 -c "Verifying peer X.509 certificate... ok" \
5114 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5115
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5116requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5117requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5118requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5119requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5120requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5121requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5122run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5123 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5124 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5125 0 \
5126 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5127 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5128 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5129 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5130 -c "NamedGroup: secp256r1 ( 17 )" \
5131 -c "Verifying peer X.509 certificate... ok" \
5132 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5133
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5134requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5135requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5136requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5137requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5138requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5139requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5140run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5141 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5142 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5143 0 \
5144 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5145 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5146 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5147 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5148 -c "NamedGroup: secp256r1 ( 17 )" \
5149 -c "Verifying peer X.509 certificate... ok" \
5150 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5151
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5152requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5153requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5154requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5155requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5156requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5157requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5158requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5159run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5160 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5161 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5162 0 \
5163 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5164 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5165 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5166 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5167 -c "NamedGroup: secp256r1 ( 17 )" \
5168 -c "Verifying peer X.509 certificate... ok" \
5169 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5170
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5171requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5172requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5173requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5174requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5175requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5176requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5177run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5178 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5179 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5180 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5181 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5182 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5183 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5184 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5185 -c "NamedGroup: secp384r1 ( 18 )" \
5186 -c "Verifying peer X.509 certificate... ok" \
5187 -C "received HelloRetryRequest message"
5188
5189requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5190requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5191requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5192requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5193requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5194requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5195run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5196 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5197 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5198 0 \
5199 -c "HTTP/1.0 200 ok" \
5200 -c "Protocol is TLSv1.3" \
5201 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5202 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5203 -c "NamedGroup: secp384r1 ( 18 )" \
5204 -c "Verifying peer X.509 certificate... ok" \
5205 -C "received HelloRetryRequest message"
5206
5207requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5208requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5209requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5210requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5211requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5212requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5213run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5214 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5215 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5216 0 \
5217 -c "HTTP/1.0 200 ok" \
5218 -c "Protocol is TLSv1.3" \
5219 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5220 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5221 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5222 -c "Verifying peer X.509 certificate... ok" \
5223 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5224
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5225requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5226requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5227requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5228requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5229requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5230requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5231requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5232run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5233 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5234 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5235 0 \
5236 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5237 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5238 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5239 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5240 -c "NamedGroup: secp384r1 ( 18 )" \
5241 -c "Verifying peer X.509 certificate... ok" \
5242 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5243
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5244requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5245requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5246requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5247requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5248requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5249requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5250run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5251 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5252 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5253 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5254 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5255 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5256 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5257 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5258 -c "NamedGroup: secp521r1 ( 19 )" \
5259 -c "Verifying peer X.509 certificate... ok" \
5260 -C "received HelloRetryRequest message"
5261
5262requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5263requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5264requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5265requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5266requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5267requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5268run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5269 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5270 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5271 0 \
5272 -c "HTTP/1.0 200 ok" \
5273 -c "Protocol is TLSv1.3" \
5274 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5275 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5276 -c "NamedGroup: secp521r1 ( 19 )" \
5277 -c "Verifying peer X.509 certificate... ok" \
5278 -C "received HelloRetryRequest message"
5279
5280requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5281requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5282requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5283requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5284requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5285requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5286run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5287 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5288 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5289 0 \
5290 -c "HTTP/1.0 200 ok" \
5291 -c "Protocol is TLSv1.3" \
5292 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5293 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5294 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5295 -c "Verifying peer X.509 certificate... ok" \
5296 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5297
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5298requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5299requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5300requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5301requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5302requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5303requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5304requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5305run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5306 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5307 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5308 0 \
5309 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5310 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5311 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5312 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5313 -c "NamedGroup: secp521r1 ( 19 )" \
5314 -c "Verifying peer X.509 certificate... ok" \
5315 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5316
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5317requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5318requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5319requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5320requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5321requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5322requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5323run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5324 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5325 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5326 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5327 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5328 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5329 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5330 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5331 -c "NamedGroup: x25519 ( 1d )" \
5332 -c "Verifying peer X.509 certificate... ok" \
5333 -C "received HelloRetryRequest message"
5334
5335requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5336requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5337requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5338requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5339requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5340requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5341run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5342 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5343 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5344 0 \
5345 -c "HTTP/1.0 200 ok" \
5346 -c "Protocol is TLSv1.3" \
5347 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5348 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5349 -c "NamedGroup: x25519 ( 1d )" \
5350 -c "Verifying peer X.509 certificate... ok" \
5351 -C "received HelloRetryRequest message"
5352
5353requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5354requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5355requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5356requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5357requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5358requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5359run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5360 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5361 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5362 0 \
5363 -c "HTTP/1.0 200 ok" \
5364 -c "Protocol is TLSv1.3" \
5365 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5366 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5367 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5368 -c "Verifying peer X.509 certificate... ok" \
5369 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5370
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5371requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5372requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5373requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5374requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5375requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5376requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5377requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5378run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5379 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5380 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5381 0 \
5382 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5383 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5384 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5385 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5386 -c "NamedGroup: x25519 ( 1d )" \
5387 -c "Verifying peer X.509 certificate... ok" \
5388 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5389
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5390requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5391requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5392requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5393requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5394requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5395requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5396run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5397 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5398 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5399 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5400 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5401 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5402 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5403 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5404 -c "NamedGroup: x448 ( 1e )" \
5405 -c "Verifying peer X.509 certificate... ok" \
5406 -C "received HelloRetryRequest message"
5407
5408requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5409requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5410requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5411requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5412requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5413requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5414run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5415 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5416 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5417 0 \
5418 -c "HTTP/1.0 200 ok" \
5419 -c "Protocol is TLSv1.3" \
5420 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5421 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5422 -c "NamedGroup: x448 ( 1e )" \
5423 -c "Verifying peer X.509 certificate... ok" \
5424 -C "received HelloRetryRequest message"
5425
5426requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5427requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5428requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5429requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5430requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5431requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5432run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5433 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5434 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5435 0 \
5436 -c "HTTP/1.0 200 ok" \
5437 -c "Protocol is TLSv1.3" \
5438 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5439 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5440 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5441 -c "Verifying peer X.509 certificate... ok" \
5442 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5443
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5444requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5445requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5446requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5447requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5448requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5449requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5450requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5451run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5452 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5453 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5454 0 \
5455 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5456 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5457 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5458 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5459 -c "NamedGroup: x448 ( 1e )" \
5460 -c "Verifying peer X.509 certificate... ok" \
5461 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5462
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5463requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5464requires_openssl_3_x
5465requires_config_enabled MBEDTLS_SSL_CLI_C
5466requires_config_enabled MBEDTLS_DEBUG_C
5467requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5468requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5469run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
5470 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5471 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
5472 0 \
5473 -c "HTTP/1.0 200 ok" \
5474 -c "Protocol is TLSv1.3" \
5475 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5476 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5477 -c "NamedGroup: ffdhe2048 ( 100 )" \
5478 -c "Verifying peer X.509 certificate... ok" \
5479 -C "received HelloRetryRequest message"
5480
5481requires_openssl_tls1_3
5482requires_openssl_3_x
5483requires_config_enabled MBEDTLS_SSL_CLI_C
5484requires_config_enabled MBEDTLS_DEBUG_C
5485requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5486requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5487run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
5488 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5489 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
5490 0 \
5491 -c "HTTP/1.0 200 ok" \
5492 -c "Protocol is TLSv1.3" \
5493 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5494 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5495 -c "NamedGroup: ffdhe2048 ( 100 )" \
5496 -c "Verifying peer X.509 certificate... ok" \
5497 -C "received HelloRetryRequest message"
5498
5499requires_openssl_tls1_3
5500requires_openssl_3_x
5501requires_config_enabled MBEDTLS_SSL_CLI_C
5502requires_config_enabled MBEDTLS_DEBUG_C
5503requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5504requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5505run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
5506 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5507 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
5508 0 \
5509 -c "HTTP/1.0 200 ok" \
5510 -c "Protocol is TLSv1.3" \
5511 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5512 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5513 -c "NamedGroup: ffdhe2048 ( 100 )" \
5514 -c "Verifying peer X.509 certificate... ok" \
5515 -C "received HelloRetryRequest message"
5516
5517requires_openssl_tls1_3
5518requires_openssl_3_x
5519requires_config_enabled MBEDTLS_SSL_CLI_C
5520requires_config_enabled MBEDTLS_DEBUG_C
5521requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5522requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5523requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5524run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
5525 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5526 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
5527 0 \
5528 -c "HTTP/1.0 200 ok" \
5529 -c "Protocol is TLSv1.3" \
5530 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5531 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5532 -c "NamedGroup: ffdhe2048 ( 100 )" \
5533 -c "Verifying peer X.509 certificate... ok" \
5534 -C "received HelloRetryRequest message"
5535
5536requires_openssl_tls1_3
5537requires_openssl_3_x
5538requires_config_enabled MBEDTLS_SSL_CLI_C
5539requires_config_enabled MBEDTLS_DEBUG_C
5540requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5541requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5542run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
5543 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5544 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
5545 0 \
5546 -c "HTTP/1.0 200 ok" \
5547 -c "Protocol is TLSv1.3" \
5548 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5549 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5550 -c "NamedGroup: ffdhe8192 ( 104 )" \
5551 -c "Verifying peer X.509 certificate... ok" \
5552 -C "received HelloRetryRequest message"
5553
5554requires_openssl_tls1_3
5555requires_openssl_3_x
5556requires_config_enabled MBEDTLS_SSL_CLI_C
5557requires_config_enabled MBEDTLS_DEBUG_C
5558requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5559requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5560run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
5561 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5562 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
5563 0 \
5564 -c "HTTP/1.0 200 ok" \
5565 -c "Protocol is TLSv1.3" \
5566 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5567 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5568 -c "NamedGroup: ffdhe8192 ( 104 )" \
5569 -c "Verifying peer X.509 certificate... ok" \
5570 -C "received HelloRetryRequest message"
5571
5572requires_openssl_tls1_3
5573requires_openssl_3_x
5574requires_config_enabled MBEDTLS_SSL_CLI_C
5575requires_config_enabled MBEDTLS_DEBUG_C
5576requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5577requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5578run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
5579 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5580 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
5581 0 \
5582 -c "HTTP/1.0 200 ok" \
5583 -c "Protocol is TLSv1.3" \
5584 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5585 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5586 -c "NamedGroup: ffdhe8192 ( 104 )" \
5587 -c "Verifying peer X.509 certificate... ok" \
5588 -C "received HelloRetryRequest message"
5589
5590requires_openssl_tls1_3
5591requires_openssl_3_x
5592requires_config_enabled MBEDTLS_SSL_CLI_C
5593requires_config_enabled MBEDTLS_DEBUG_C
5594requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5595requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5596requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5597run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
5598 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5599 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
5600 0 \
5601 -c "HTTP/1.0 200 ok" \
5602 -c "Protocol is TLSv1.3" \
5603 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5604 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5605 -c "NamedGroup: ffdhe8192 ( 104 )" \
5606 -c "Verifying peer X.509 certificate... ok" \
5607 -C "received HelloRetryRequest message"
5608
5609requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5610requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5611requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5612requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5613requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5614requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5615run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5616 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5617 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5618 0 \
5619 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5620 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5621 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5622 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5623 -c "NamedGroup: secp256r1 ( 17 )" \
5624 -c "Verifying peer X.509 certificate... ok" \
5625 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5626
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5627requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5628requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5629requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5630requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5631requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5632requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5633run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5634 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5635 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5636 0 \
5637 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5638 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5639 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5640 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5641 -c "NamedGroup: secp256r1 ( 17 )" \
5642 -c "Verifying peer X.509 certificate... ok" \
5643 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5644
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5645requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5646requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5647requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5648requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5649requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5650requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5651run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5652 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5653 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5654 0 \
5655 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5656 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5657 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5658 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5659 -c "NamedGroup: secp256r1 ( 17 )" \
5660 -c "Verifying peer X.509 certificate... ok" \
5661 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5662
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5663requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5664requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5665requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5666requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5667requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5668requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5669requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5670run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5671 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5672 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5673 0 \
5674 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5675 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5676 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5677 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5678 -c "NamedGroup: secp256r1 ( 17 )" \
5679 -c "Verifying peer X.509 certificate... ok" \
5680 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5681
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5682requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5683requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5684requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5685requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5686requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5687requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5688run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5689 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5690 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5691 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5692 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5693 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5694 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5695 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5696 -c "NamedGroup: secp384r1 ( 18 )" \
5697 -c "Verifying peer X.509 certificate... ok" \
5698 -C "received HelloRetryRequest message"
5699
5700requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5701requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5702requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5703requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5704requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5705requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5706run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5707 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5708 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5709 0 \
5710 -c "HTTP/1.0 200 ok" \
5711 -c "Protocol is TLSv1.3" \
5712 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5713 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5714 -c "NamedGroup: secp384r1 ( 18 )" \
5715 -c "Verifying peer X.509 certificate... ok" \
5716 -C "received HelloRetryRequest message"
5717
5718requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5719requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5720requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5721requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5722requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5723requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5724run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5725 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5726 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5727 0 \
5728 -c "HTTP/1.0 200 ok" \
5729 -c "Protocol is TLSv1.3" \
5730 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5731 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5732 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5733 -c "Verifying peer X.509 certificate... ok" \
5734 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5735
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5736requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5737requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5738requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5739requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5740requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5741requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5742requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5743run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5744 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5745 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5746 0 \
5747 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5748 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5749 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5750 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5751 -c "NamedGroup: secp384r1 ( 18 )" \
5752 -c "Verifying peer X.509 certificate... ok" \
5753 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5754
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5755requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5756requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5757requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5758requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5759requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5760requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5761run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5762 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5763 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5764 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5765 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5766 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5767 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5768 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5769 -c "NamedGroup: secp521r1 ( 19 )" \
5770 -c "Verifying peer X.509 certificate... ok" \
5771 -C "received HelloRetryRequest message"
5772
5773requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5774requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5775requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5776requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5777requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5778requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5779run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5780 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5781 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5782 0 \
5783 -c "HTTP/1.0 200 ok" \
5784 -c "Protocol is TLSv1.3" \
5785 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5786 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5787 -c "NamedGroup: secp521r1 ( 19 )" \
5788 -c "Verifying peer X.509 certificate... ok" \
5789 -C "received HelloRetryRequest message"
5790
5791requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5792requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5793requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5794requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5795requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5796requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5797run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5798 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5799 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5800 0 \
5801 -c "HTTP/1.0 200 ok" \
5802 -c "Protocol is TLSv1.3" \
5803 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5804 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5805 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5806 -c "Verifying peer X.509 certificate... ok" \
5807 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5808
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5809requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5810requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5811requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5812requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5813requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5814requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5815requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5816run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5817 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5818 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5819 0 \
5820 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5821 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5822 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5823 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5824 -c "NamedGroup: secp521r1 ( 19 )" \
5825 -c "Verifying peer X.509 certificate... ok" \
5826 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5827
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5828requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5829requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5830requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5831requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5832requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5833requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5834run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5835 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5836 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5837 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5838 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5839 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5840 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5841 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5842 -c "NamedGroup: x25519 ( 1d )" \
5843 -c "Verifying peer X.509 certificate... ok" \
5844 -C "received HelloRetryRequest message"
5845
5846requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5847requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5848requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5849requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5850requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5851requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5852run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5853 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5854 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5855 0 \
5856 -c "HTTP/1.0 200 ok" \
5857 -c "Protocol is TLSv1.3" \
5858 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5859 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5860 -c "NamedGroup: x25519 ( 1d )" \
5861 -c "Verifying peer X.509 certificate... ok" \
5862 -C "received HelloRetryRequest message"
5863
5864requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5865requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5866requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5867requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5868requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5869requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5870run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5871 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5872 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5873 0 \
5874 -c "HTTP/1.0 200 ok" \
5875 -c "Protocol is TLSv1.3" \
5876 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5877 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5878 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5879 -c "Verifying peer X.509 certificate... ok" \
5880 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5881
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5882requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5883requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5884requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5885requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5886requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5887requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5888requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5889run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5890 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5891 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5892 0 \
5893 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5894 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5895 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5896 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5897 -c "NamedGroup: x25519 ( 1d )" \
5898 -c "Verifying peer X.509 certificate... ok" \
5899 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5900
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5901requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5902requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5903requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5904requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5905requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5906requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5907run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5908 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5909 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5910 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5911 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5912 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5913 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5914 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5915 -c "NamedGroup: x448 ( 1e )" \
5916 -c "Verifying peer X.509 certificate... ok" \
5917 -C "received HelloRetryRequest message"
5918
5919requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5920requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5921requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5922requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5923requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5924requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5925run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5926 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5927 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5928 0 \
5929 -c "HTTP/1.0 200 ok" \
5930 -c "Protocol is TLSv1.3" \
5931 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5932 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5933 -c "NamedGroup: x448 ( 1e )" \
5934 -c "Verifying peer X.509 certificate... ok" \
5935 -C "received HelloRetryRequest message"
5936
5937requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5938requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5939requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5940requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5941requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5942requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5943run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5944 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5945 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5946 0 \
5947 -c "HTTP/1.0 200 ok" \
5948 -c "Protocol is TLSv1.3" \
5949 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5950 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5951 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5952 -c "Verifying peer X.509 certificate... ok" \
5953 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5954
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5955requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5956requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5957requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5958requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5959requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5960requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]5961requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5962run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5963 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5964 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5965 0 \
5966 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5967 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5968 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5969 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5970 -c "NamedGroup: x448 ( 1e )" \
5971 -c "Verifying peer X.509 certificate... ok" \
5972 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5973
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5974requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5975requires_openssl_3_x
5976requires_config_enabled MBEDTLS_SSL_CLI_C
5977requires_config_enabled MBEDTLS_DEBUG_C
5978requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5979requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5980run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
5981 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5982 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
5983 0 \
5984 -c "HTTP/1.0 200 ok" \
5985 -c "Protocol is TLSv1.3" \
5986 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5987 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5988 -c "NamedGroup: ffdhe2048 ( 100 )" \
5989 -c "Verifying peer X.509 certificate... ok" \
5990 -C "received HelloRetryRequest message"
5991
5992requires_openssl_tls1_3
5993requires_openssl_3_x
5994requires_config_enabled MBEDTLS_SSL_CLI_C
5995requires_config_enabled MBEDTLS_DEBUG_C
5996requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5997requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5998run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
5999 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6000 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
6001 0 \
6002 -c "HTTP/1.0 200 ok" \
6003 -c "Protocol is TLSv1.3" \
6004 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6005 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6006 -c "NamedGroup: ffdhe2048 ( 100 )" \
6007 -c "Verifying peer X.509 certificate... ok" \
6008 -C "received HelloRetryRequest message"
6009
6010requires_openssl_tls1_3
6011requires_openssl_3_x
6012requires_config_enabled MBEDTLS_SSL_CLI_C
6013requires_config_enabled MBEDTLS_DEBUG_C
6014requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6015requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6016run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
6017 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6018 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
6019 0 \
6020 -c "HTTP/1.0 200 ok" \
6021 -c "Protocol is TLSv1.3" \
6022 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6023 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6024 -c "NamedGroup: ffdhe2048 ( 100 )" \
6025 -c "Verifying peer X.509 certificate... ok" \
6026 -C "received HelloRetryRequest message"
6027
6028requires_openssl_tls1_3
6029requires_openssl_3_x
6030requires_config_enabled MBEDTLS_SSL_CLI_C
6031requires_config_enabled MBEDTLS_DEBUG_C
6032requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6033requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6034requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6035run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
6036 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6037 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
6038 0 \
6039 -c "HTTP/1.0 200 ok" \
6040 -c "Protocol is TLSv1.3" \
6041 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6042 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6043 -c "NamedGroup: ffdhe2048 ( 100 )" \
6044 -c "Verifying peer X.509 certificate... ok" \
6045 -C "received HelloRetryRequest message"
6046
6047requires_openssl_tls1_3
6048requires_openssl_3_x
6049requires_config_enabled MBEDTLS_SSL_CLI_C
6050requires_config_enabled MBEDTLS_DEBUG_C
6051requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6052requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6053run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
6054 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6055 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
6056 0 \
6057 -c "HTTP/1.0 200 ok" \
6058 -c "Protocol is TLSv1.3" \
6059 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6060 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6061 -c "NamedGroup: ffdhe8192 ( 104 )" \
6062 -c "Verifying peer X.509 certificate... ok" \
6063 -C "received HelloRetryRequest message"
6064
6065requires_openssl_tls1_3
6066requires_openssl_3_x
6067requires_config_enabled MBEDTLS_SSL_CLI_C
6068requires_config_enabled MBEDTLS_DEBUG_C
6069requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6070requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6071run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
6072 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6073 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
6074 0 \
6075 -c "HTTP/1.0 200 ok" \
6076 -c "Protocol is TLSv1.3" \
6077 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6078 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6079 -c "NamedGroup: ffdhe8192 ( 104 )" \
6080 -c "Verifying peer X.509 certificate... ok" \
6081 -C "received HelloRetryRequest message"
6082
6083requires_openssl_tls1_3
6084requires_openssl_3_x
6085requires_config_enabled MBEDTLS_SSL_CLI_C
6086requires_config_enabled MBEDTLS_DEBUG_C
6087requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6088requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6089run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
6090 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6091 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
6092 0 \
6093 -c "HTTP/1.0 200 ok" \
6094 -c "Protocol is TLSv1.3" \
6095 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6096 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6097 -c "NamedGroup: ffdhe8192 ( 104 )" \
6098 -c "Verifying peer X.509 certificate... ok" \
6099 -C "received HelloRetryRequest message"
6100
6101requires_openssl_tls1_3
6102requires_openssl_3_x
6103requires_config_enabled MBEDTLS_SSL_CLI_C
6104requires_config_enabled MBEDTLS_DEBUG_C
6105requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6106requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6107requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6108run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
6109 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6110 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
6111 0 \
6112 -c "HTTP/1.0 200 ok" \
6113 -c "Protocol is TLSv1.3" \
6114 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6115 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6116 -c "NamedGroup: ffdhe8192 ( 104 )" \
6117 -c "Verifying peer X.509 certificate... ok" \
6118 -C "received HelloRetryRequest message"
6119
6120requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6121requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6122requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6123requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6124requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6125requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6126run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6127 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6128 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6129 0 \
6130 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6131 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6132 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6133 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6134 -c "NamedGroup: secp256r1 ( 17 )" \
6135 -c "Verifying peer X.509 certificate... ok" \
6136 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6137
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6138requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6139requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6140requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6141requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6142requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6143requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6144run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6145 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6146 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6147 0 \
6148 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6149 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6150 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6151 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6152 -c "NamedGroup: secp256r1 ( 17 )" \
6153 -c "Verifying peer X.509 certificate... ok" \
6154 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6155
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6156requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6157requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6158requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6159requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6160requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6161requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6162run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6163 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6164 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6165 0 \
6166 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6167 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6168 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6169 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6170 -c "NamedGroup: secp256r1 ( 17 )" \
6171 -c "Verifying peer X.509 certificate... ok" \
6172 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6173
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6174requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6175requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6176requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6177requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6178requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6179requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6180requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6181run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6182 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6183 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6184 0 \
6185 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6186 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6187 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6188 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6189 -c "NamedGroup: secp256r1 ( 17 )" \
6190 -c "Verifying peer X.509 certificate... ok" \
6191 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6192
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6193requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6194requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6195requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6196requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6197requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6198requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6199run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6200 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6201 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6202 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6203 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6204 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6205 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6206 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6207 -c "NamedGroup: secp384r1 ( 18 )" \
6208 -c "Verifying peer X.509 certificate... ok" \
6209 -C "received HelloRetryRequest message"
6210
6211requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6212requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6213requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6214requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6215requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6216requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6217run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6218 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6219 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6220 0 \
6221 -c "HTTP/1.0 200 ok" \
6222 -c "Protocol is TLSv1.3" \
6223 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6224 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6225 -c "NamedGroup: secp384r1 ( 18 )" \
6226 -c "Verifying peer X.509 certificate... ok" \
6227 -C "received HelloRetryRequest message"
6228
6229requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6230requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6231requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6232requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6233requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6234requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6235run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6236 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6237 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6238 0 \
6239 -c "HTTP/1.0 200 ok" \
6240 -c "Protocol is TLSv1.3" \
6241 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6242 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6243 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6244 -c "Verifying peer X.509 certificate... ok" \
6245 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6246
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6247requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6248requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6249requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6250requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6251requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6252requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6253requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6254run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6255 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6256 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6257 0 \
6258 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6259 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6260 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6261 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6262 -c "NamedGroup: secp384r1 ( 18 )" \
6263 -c "Verifying peer X.509 certificate... ok" \
6264 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6265
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6266requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6267requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6268requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6269requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6270requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6271requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6272run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6273 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6274 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6275 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6276 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6277 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6278 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6279 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6280 -c "NamedGroup: secp521r1 ( 19 )" \
6281 -c "Verifying peer X.509 certificate... ok" \
6282 -C "received HelloRetryRequest message"
6283
6284requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6285requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6286requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6287requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6288requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6289requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6290run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6291 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6292 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6293 0 \
6294 -c "HTTP/1.0 200 ok" \
6295 -c "Protocol is TLSv1.3" \
6296 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6297 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6298 -c "NamedGroup: secp521r1 ( 19 )" \
6299 -c "Verifying peer X.509 certificate... ok" \
6300 -C "received HelloRetryRequest message"
6301
6302requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6303requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6304requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6305requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6306requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6307requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6308run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6309 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6310 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6311 0 \
6312 -c "HTTP/1.0 200 ok" \
6313 -c "Protocol is TLSv1.3" \
6314 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6315 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6316 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6317 -c "Verifying peer X.509 certificate... ok" \
6318 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6319
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6320requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6321requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6322requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6323requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6324requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6325requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6326requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6327run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6328 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6329 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6330 0 \
6331 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6332 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6333 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6334 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6335 -c "NamedGroup: secp521r1 ( 19 )" \
6336 -c "Verifying peer X.509 certificate... ok" \
6337 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6338
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6339requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6340requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6341requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6342requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6343requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6344requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6345run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6346 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6347 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6348 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6349 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6350 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6351 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6352 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6353 -c "NamedGroup: x25519 ( 1d )" \
6354 -c "Verifying peer X.509 certificate... ok" \
6355 -C "received HelloRetryRequest message"
6356
6357requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6358requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6359requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6360requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6361requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6362requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6363run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6364 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6365 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6366 0 \
6367 -c "HTTP/1.0 200 ok" \
6368 -c "Protocol is TLSv1.3" \
6369 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6370 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6371 -c "NamedGroup: x25519 ( 1d )" \
6372 -c "Verifying peer X.509 certificate... ok" \
6373 -C "received HelloRetryRequest message"
6374
6375requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6376requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6377requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6378requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6379requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6380requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6381run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6382 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6383 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6384 0 \
6385 -c "HTTP/1.0 200 ok" \
6386 -c "Protocol is TLSv1.3" \
6387 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6388 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6389 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6390 -c "Verifying peer X.509 certificate... ok" \
6391 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6392
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6393requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6394requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6395requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6396requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6397requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6398requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6399requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6400run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6401 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6402 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6403 0 \
6404 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6405 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6406 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6407 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6408 -c "NamedGroup: x25519 ( 1d )" \
6409 -c "Verifying peer X.509 certificate... ok" \
6410 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6411
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6412requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6413requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6414requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6415requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6416requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6417requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6418run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6419 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6420 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6421 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6422 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6423 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6424 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6425 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6426 -c "NamedGroup: x448 ( 1e )" \
6427 -c "Verifying peer X.509 certificate... ok" \
6428 -C "received HelloRetryRequest message"
6429
6430requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6431requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6432requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6433requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6434requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6435requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6436run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6437 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6438 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6439 0 \
6440 -c "HTTP/1.0 200 ok" \
6441 -c "Protocol is TLSv1.3" \
6442 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6443 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6444 -c "NamedGroup: x448 ( 1e )" \
6445 -c "Verifying peer X.509 certificate... ok" \
6446 -C "received HelloRetryRequest message"
6447
6448requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6449requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6450requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6451requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6452requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6453requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6454run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6455 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6456 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6457 0 \
6458 -c "HTTP/1.0 200 ok" \
6459 -c "Protocol is TLSv1.3" \
6460 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6461 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6462 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6463 -c "Verifying peer X.509 certificate... ok" \
6464 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6465
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6466requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6467requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6468requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6469requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6470requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6471requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6472requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6473run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6474 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6475 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6476 0 \
6477 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6478 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6479 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6480 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6481 -c "NamedGroup: x448 ( 1e )" \
6482 -c "Verifying peer X.509 certificate... ok" \
6483 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6484
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6485requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6486requires_openssl_3_x
6487requires_config_enabled MBEDTLS_SSL_CLI_C
6488requires_config_enabled MBEDTLS_DEBUG_C
6489requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6490requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6491run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
6492 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6493 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
6494 0 \
6495 -c "HTTP/1.0 200 ok" \
6496 -c "Protocol is TLSv1.3" \
6497 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6498 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6499 -c "NamedGroup: ffdhe2048 ( 100 )" \
6500 -c "Verifying peer X.509 certificate... ok" \
6501 -C "received HelloRetryRequest message"
6502
6503requires_openssl_tls1_3
6504requires_openssl_3_x
6505requires_config_enabled MBEDTLS_SSL_CLI_C
6506requires_config_enabled MBEDTLS_DEBUG_C
6507requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6508requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6509run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
6510 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6511 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
6512 0 \
6513 -c "HTTP/1.0 200 ok" \
6514 -c "Protocol is TLSv1.3" \
6515 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6516 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6517 -c "NamedGroup: ffdhe2048 ( 100 )" \
6518 -c "Verifying peer X.509 certificate... ok" \
6519 -C "received HelloRetryRequest message"
6520
6521requires_openssl_tls1_3
6522requires_openssl_3_x
6523requires_config_enabled MBEDTLS_SSL_CLI_C
6524requires_config_enabled MBEDTLS_DEBUG_C
6525requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6526requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6527run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
6528 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6529 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
6530 0 \
6531 -c "HTTP/1.0 200 ok" \
6532 -c "Protocol is TLSv1.3" \
6533 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6534 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6535 -c "NamedGroup: ffdhe2048 ( 100 )" \
6536 -c "Verifying peer X.509 certificate... ok" \
6537 -C "received HelloRetryRequest message"
6538
6539requires_openssl_tls1_3
6540requires_openssl_3_x
6541requires_config_enabled MBEDTLS_SSL_CLI_C
6542requires_config_enabled MBEDTLS_DEBUG_C
6543requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6544requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6545requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6546run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
6547 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6548 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
6549 0 \
6550 -c "HTTP/1.0 200 ok" \
6551 -c "Protocol is TLSv1.3" \
6552 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6553 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6554 -c "NamedGroup: ffdhe2048 ( 100 )" \
6555 -c "Verifying peer X.509 certificate... ok" \
6556 -C "received HelloRetryRequest message"
6557
6558requires_openssl_tls1_3
6559requires_openssl_3_x
6560requires_config_enabled MBEDTLS_SSL_CLI_C
6561requires_config_enabled MBEDTLS_DEBUG_C
6562requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6563requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6564run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
6565 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6566 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
6567 0 \
6568 -c "HTTP/1.0 200 ok" \
6569 -c "Protocol is TLSv1.3" \
6570 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6571 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6572 -c "NamedGroup: ffdhe8192 ( 104 )" \
6573 -c "Verifying peer X.509 certificate... ok" \
6574 -C "received HelloRetryRequest message"
6575
6576requires_openssl_tls1_3
6577requires_openssl_3_x
6578requires_config_enabled MBEDTLS_SSL_CLI_C
6579requires_config_enabled MBEDTLS_DEBUG_C
6580requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6581requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6582run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
6583 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6584 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
6585 0 \
6586 -c "HTTP/1.0 200 ok" \
6587 -c "Protocol is TLSv1.3" \
6588 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6589 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6590 -c "NamedGroup: ffdhe8192 ( 104 )" \
6591 -c "Verifying peer X.509 certificate... ok" \
6592 -C "received HelloRetryRequest message"
6593
6594requires_openssl_tls1_3
6595requires_openssl_3_x
6596requires_config_enabled MBEDTLS_SSL_CLI_C
6597requires_config_enabled MBEDTLS_DEBUG_C
6598requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6599requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6600run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
6601 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6602 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
6603 0 \
6604 -c "HTTP/1.0 200 ok" \
6605 -c "Protocol is TLSv1.3" \
6606 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6607 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6608 -c "NamedGroup: ffdhe8192 ( 104 )" \
6609 -c "Verifying peer X.509 certificate... ok" \
6610 -C "received HelloRetryRequest message"
6611
6612requires_openssl_tls1_3
6613requires_openssl_3_x
6614requires_config_enabled MBEDTLS_SSL_CLI_C
6615requires_config_enabled MBEDTLS_DEBUG_C
6616requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6617requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6618requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6619run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
6620 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6621 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
6622 0 \
6623 -c "HTTP/1.0 200 ok" \
6624 -c "Protocol is TLSv1.3" \
6625 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6626 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6627 -c "NamedGroup: ffdhe8192 ( 104 )" \
6628 -c "Verifying peer X.509 certificate... ok" \
6629 -C "received HelloRetryRequest message"
6630
6631requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6632requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6633requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6634requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6635requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6636requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6637run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6638 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6639 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6640 0 \
6641 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6642 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6643 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6644 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6645 -c "NamedGroup: secp256r1 ( 17 )" \
6646 -c "Verifying peer X.509 certificate... ok" \
6647 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6648
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6649requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6650requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6651requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6652requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6653requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6654requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6655run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6656 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6657 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6658 0 \
6659 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6660 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6661 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6662 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6663 -c "NamedGroup: secp256r1 ( 17 )" \
6664 -c "Verifying peer X.509 certificate... ok" \
6665 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6666
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6667requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6668requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6669requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6670requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6671requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6672requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6673run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6674 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6675 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6676 0 \
6677 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6678 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6679 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6680 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6681 -c "NamedGroup: secp256r1 ( 17 )" \
6682 -c "Verifying peer X.509 certificate... ok" \
6683 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6684
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6685requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6686requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6687requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6688requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6689requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6690requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6691requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6692run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6693 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6694 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6695 0 \
6696 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6697 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6698 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6699 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6700 -c "NamedGroup: secp256r1 ( 17 )" \
6701 -c "Verifying peer X.509 certificate... ok" \
6702 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6703
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6704requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6705requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6706requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6707requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6708requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6709requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6710run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6711 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6712 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6713 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6714 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6715 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6716 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6717 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6718 -c "NamedGroup: secp384r1 ( 18 )" \
6719 -c "Verifying peer X.509 certificate... ok" \
6720 -C "received HelloRetryRequest message"
6721
6722requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6723requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6724requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6725requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6726requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6727requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6728run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6729 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6730 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6731 0 \
6732 -c "HTTP/1.0 200 ok" \
6733 -c "Protocol is TLSv1.3" \
6734 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6735 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6736 -c "NamedGroup: secp384r1 ( 18 )" \
6737 -c "Verifying peer X.509 certificate... ok" \
6738 -C "received HelloRetryRequest message"
6739
6740requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6741requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6742requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6743requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6744requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6745requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6746run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6747 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6748 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6749 0 \
6750 -c "HTTP/1.0 200 ok" \
6751 -c "Protocol is TLSv1.3" \
6752 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6753 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6754 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6755 -c "Verifying peer X.509 certificate... ok" \
6756 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6757
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6758requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6759requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6760requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6761requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6762requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6763requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6764requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6765run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6766 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6767 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6768 0 \
6769 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6770 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6771 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6772 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6773 -c "NamedGroup: secp384r1 ( 18 )" \
6774 -c "Verifying peer X.509 certificate... ok" \
6775 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6776
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6777requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6778requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6779requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6780requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6781requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6782requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6783run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6784 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6785 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6786 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6787 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6788 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6789 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6790 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6791 -c "NamedGroup: secp521r1 ( 19 )" \
6792 -c "Verifying peer X.509 certificate... ok" \
6793 -C "received HelloRetryRequest message"
6794
6795requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6796requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6797requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6798requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6799requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6800requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6801run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6802 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6803 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6804 0 \
6805 -c "HTTP/1.0 200 ok" \
6806 -c "Protocol is TLSv1.3" \
6807 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6808 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6809 -c "NamedGroup: secp521r1 ( 19 )" \
6810 -c "Verifying peer X.509 certificate... ok" \
6811 -C "received HelloRetryRequest message"
6812
6813requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6814requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6815requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6816requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6817requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6818requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6819run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6820 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6821 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6822 0 \
6823 -c "HTTP/1.0 200 ok" \
6824 -c "Protocol is TLSv1.3" \
6825 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6826 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6827 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6828 -c "Verifying peer X.509 certificate... ok" \
6829 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6830
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6831requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6832requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6833requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6834requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6835requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6836requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6837requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6838run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6839 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6840 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6841 0 \
6842 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6843 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6844 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6845 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6846 -c "NamedGroup: secp521r1 ( 19 )" \
6847 -c "Verifying peer X.509 certificate... ok" \
6848 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6849
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6850requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6851requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6852requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6853requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6854requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6855requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6856run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6857 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6858 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6859 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6860 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6861 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6862 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6863 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6864 -c "NamedGroup: x25519 ( 1d )" \
6865 -c "Verifying peer X.509 certificate... ok" \
6866 -C "received HelloRetryRequest message"
6867
6868requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6869requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6870requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6871requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6872requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6873requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6874run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6875 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6876 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6877 0 \
6878 -c "HTTP/1.0 200 ok" \
6879 -c "Protocol is TLSv1.3" \
6880 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6881 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6882 -c "NamedGroup: x25519 ( 1d )" \
6883 -c "Verifying peer X.509 certificate... ok" \
6884 -C "received HelloRetryRequest message"
6885
6886requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6887requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6888requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6889requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6890requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6891requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6892run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6893 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6894 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6895 0 \
6896 -c "HTTP/1.0 200 ok" \
6897 -c "Protocol is TLSv1.3" \
6898 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6899 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6900 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6901 -c "Verifying peer X.509 certificate... ok" \
6902 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6903
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6904requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6905requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6906requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6907requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6908requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6909requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6910requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6911run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6912 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6913 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6914 0 \
6915 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6916 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6917 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6918 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6919 -c "NamedGroup: x25519 ( 1d )" \
6920 -c "Verifying peer X.509 certificate... ok" \
6921 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6922
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6923requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6924requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6925requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6926requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6927requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6928requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6929run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6930 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6931 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6932 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6933 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6934 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6935 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6936 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6937 -c "NamedGroup: x448 ( 1e )" \
6938 -c "Verifying peer X.509 certificate... ok" \
6939 -C "received HelloRetryRequest message"
6940
6941requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6942requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6943requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6944requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6945requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6946requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6947run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6948 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6949 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6950 0 \
6951 -c "HTTP/1.0 200 ok" \
6952 -c "Protocol is TLSv1.3" \
6953 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6954 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6955 -c "NamedGroup: x448 ( 1e )" \
6956 -c "Verifying peer X.509 certificate... ok" \
6957 -C "received HelloRetryRequest message"
6958
6959requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6960requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6961requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6962requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6963requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6964requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6965run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6966 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6967 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6968 0 \
6969 -c "HTTP/1.0 200 ok" \
6970 -c "Protocol is TLSv1.3" \
6971 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6972 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6973 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6974 -c "Verifying peer X.509 certificate... ok" \
6975 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6976
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6977requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6978requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6979requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6980requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6981requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6982requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]6983requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6984run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6985 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6986 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6987 0 \
6988 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6989 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6990 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6991 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6992 -c "NamedGroup: x448 ( 1e )" \
6993 -c "Verifying peer X.509 certificate... ok" \
6994 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6995
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6996requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6997requires_openssl_3_x
6998requires_config_enabled MBEDTLS_SSL_CLI_C
6999requires_config_enabled MBEDTLS_DEBUG_C
7000requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7001requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7002run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
7003 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7004 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
7005 0 \
7006 -c "HTTP/1.0 200 ok" \
7007 -c "Protocol is TLSv1.3" \
7008 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
7009 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7010 -c "NamedGroup: ffdhe2048 ( 100 )" \
7011 -c "Verifying peer X.509 certificate... ok" \
7012 -C "received HelloRetryRequest message"
7013
7014requires_openssl_tls1_3
7015requires_openssl_3_x
7016requires_config_enabled MBEDTLS_SSL_CLI_C
7017requires_config_enabled MBEDTLS_DEBUG_C
7018requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7019requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7020run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
7021 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7022 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
7023 0 \
7024 -c "HTTP/1.0 200 ok" \
7025 -c "Protocol is TLSv1.3" \
7026 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
7027 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7028 -c "NamedGroup: ffdhe2048 ( 100 )" \
7029 -c "Verifying peer X.509 certificate... ok" \
7030 -C "received HelloRetryRequest message"
7031
7032requires_openssl_tls1_3
7033requires_openssl_3_x
7034requires_config_enabled MBEDTLS_SSL_CLI_C
7035requires_config_enabled MBEDTLS_DEBUG_C
7036requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7037requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7038run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
7039 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7040 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
7041 0 \
7042 -c "HTTP/1.0 200 ok" \
7043 -c "Protocol is TLSv1.3" \
7044 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
7045 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7046 -c "NamedGroup: ffdhe2048 ( 100 )" \
7047 -c "Verifying peer X.509 certificate... ok" \
7048 -C "received HelloRetryRequest message"
7049
7050requires_openssl_tls1_3
7051requires_openssl_3_x
7052requires_config_enabled MBEDTLS_SSL_CLI_C
7053requires_config_enabled MBEDTLS_DEBUG_C
7054requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7055requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7056requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7057run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
7058 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7059 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
7060 0 \
7061 -c "HTTP/1.0 200 ok" \
7062 -c "Protocol is TLSv1.3" \
7063 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
7064 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7065 -c "NamedGroup: ffdhe2048 ( 100 )" \
7066 -c "Verifying peer X.509 certificate... ok" \
7067 -C "received HelloRetryRequest message"
7068
7069requires_openssl_tls1_3
7070requires_openssl_3_x
7071requires_config_enabled MBEDTLS_SSL_CLI_C
7072requires_config_enabled MBEDTLS_DEBUG_C
7073requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7074requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7075run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
7076 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7077 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
7078 0 \
7079 -c "HTTP/1.0 200 ok" \
7080 -c "Protocol is TLSv1.3" \
7081 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
7082 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7083 -c "NamedGroup: ffdhe8192 ( 104 )" \
7084 -c "Verifying peer X.509 certificate... ok" \
7085 -C "received HelloRetryRequest message"
7086
7087requires_openssl_tls1_3
7088requires_openssl_3_x
7089requires_config_enabled MBEDTLS_SSL_CLI_C
7090requires_config_enabled MBEDTLS_DEBUG_C
7091requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7092requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7093run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
7094 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7095 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
7096 0 \
7097 -c "HTTP/1.0 200 ok" \
7098 -c "Protocol is TLSv1.3" \
7099 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
7100 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7101 -c "NamedGroup: ffdhe8192 ( 104 )" \
7102 -c "Verifying peer X.509 certificate... ok" \
7103 -C "received HelloRetryRequest message"
7104
7105requires_openssl_tls1_3
7106requires_openssl_3_x
7107requires_config_enabled MBEDTLS_SSL_CLI_C
7108requires_config_enabled MBEDTLS_DEBUG_C
7109requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7110requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7111run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
7112 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7113 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
7114 0 \
7115 -c "HTTP/1.0 200 ok" \
7116 -c "Protocol is TLSv1.3" \
7117 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
7118 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7119 -c "NamedGroup: ffdhe8192 ( 104 )" \
7120 -c "Verifying peer X.509 certificate... ok" \
7121 -C "received HelloRetryRequest message"
7122
7123requires_openssl_tls1_3
7124requires_openssl_3_x
7125requires_config_enabled MBEDTLS_SSL_CLI_C
7126requires_config_enabled MBEDTLS_DEBUG_C
7127requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7128requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7129requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7130run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
7131 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7132 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
7133 0 \
7134 -c "HTTP/1.0 200 ok" \
7135 -c "Protocol is TLSv1.3" \
7136 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
7137 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7138 -c "NamedGroup: ffdhe8192 ( 104 )" \
7139 -c "Verifying peer X.509 certificate... ok" \
7140 -C "received HelloRetryRequest message"
7141
7142requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7143requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7144requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7145requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7146requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7147requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7148run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7149 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7150 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7151 0 \
7152 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7153 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7154 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7155 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7156 -c "NamedGroup: secp256r1 ( 17 )" \
7157 -c "Verifying peer X.509 certificate... ok" \
7158 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7159
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7160requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7161requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7162requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7163requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7164requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7165requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7166run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7167 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7168 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7169 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7170 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7171 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7172 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7173 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7174 -c "NamedGroup: secp256r1 ( 17 )" \
7175 -c "Verifying peer X.509 certificate... ok" \
7176 -C "received HelloRetryRequest message"
7177
7178requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7179requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7180requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7181requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7182requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7183requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7184run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7185 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7186 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7187 0 \
7188 -c "HTTP/1.0 200 ok" \
7189 -c "Protocol is TLSv1.3" \
7190 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7191 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7192 -c "NamedGroup: secp256r1 ( 17 )" \
7193 -c "Verifying peer X.509 certificate... ok" \
7194 -C "received HelloRetryRequest message"
7195
7196requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7197requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7198requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7199requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7200requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7201requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7202requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7203run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7204 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7205 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7206 0 \
7207 -c "HTTP/1.0 200 ok" \
7208 -c "Protocol is TLSv1.3" \
7209 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7210 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7211 -c "NamedGroup: secp256r1 ( 17 )" \
7212 -c "Verifying peer X.509 certificate... ok" \
7213 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7214
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7215requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7216requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7217requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7218requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7219requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7220requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7221run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7222 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7223 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7224 0 \
7225 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7226 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7227 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7228 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7229 -c "NamedGroup: secp384r1 ( 18 )" \
7230 -c "Verifying peer X.509 certificate... ok" \
7231 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7232
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7233requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7234requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7235requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7236requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7237requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7238requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7239run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7240 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7241 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7242 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7243 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7244 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7245 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7246 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7247 -c "NamedGroup: secp384r1 ( 18 )" \
7248 -c "Verifying peer X.509 certificate... ok" \
7249 -C "received HelloRetryRequest message"
7250
7251requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7252requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7253requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7254requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7255requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7256requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7257run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7258 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7259 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7260 0 \
7261 -c "HTTP/1.0 200 ok" \
7262 -c "Protocol is TLSv1.3" \
7263 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7264 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7265 -c "NamedGroup: secp384r1 ( 18 )" \
7266 -c "Verifying peer X.509 certificate... ok" \
7267 -C "received HelloRetryRequest message"
7268
7269requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7270requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7271requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7272requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7273requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7274requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7275requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7276run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7277 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7278 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7279 0 \
7280 -c "HTTP/1.0 200 ok" \
7281 -c "Protocol is TLSv1.3" \
7282 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7283 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7284 -c "NamedGroup: secp384r1 ( 18 )" \
7285 -c "Verifying peer X.509 certificate... ok" \
7286 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7287
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7288requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7289requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7290requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7291requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7292requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7293requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7294run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7295 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7296 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7297 0 \
7298 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7299 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7300 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7301 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7302 -c "NamedGroup: secp521r1 ( 19 )" \
7303 -c "Verifying peer X.509 certificate... ok" \
7304 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7305
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7306requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7307requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7308requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7309requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7310requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7311requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7312run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7313 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7314 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7315 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7316 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7317 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7318 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7319 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7320 -c "NamedGroup: secp521r1 ( 19 )" \
7321 -c "Verifying peer X.509 certificate... ok" \
7322 -C "received HelloRetryRequest message"
7323
7324requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7325requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7326requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7327requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7328requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7329requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7330run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7331 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7332 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7333 0 \
7334 -c "HTTP/1.0 200 ok" \
7335 -c "Protocol is TLSv1.3" \
7336 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7337 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7338 -c "NamedGroup: secp521r1 ( 19 )" \
7339 -c "Verifying peer X.509 certificate... ok" \
7340 -C "received HelloRetryRequest message"
7341
7342requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7343requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7344requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7345requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7346requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7347requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7348requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7349run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7350 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7351 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7352 0 \
7353 -c "HTTP/1.0 200 ok" \
7354 -c "Protocol is TLSv1.3" \
7355 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7356 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7357 -c "NamedGroup: secp521r1 ( 19 )" \
7358 -c "Verifying peer X.509 certificate... ok" \
7359 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7360
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7361requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7362requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7363requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7364requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7365requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7366requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7367run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7368 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7369 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7370 0 \
7371 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7372 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7373 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7374 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7375 -c "NamedGroup: x25519 ( 1d )" \
7376 -c "Verifying peer X.509 certificate... ok" \
7377 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7378
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7379requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7380requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7381requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7382requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7383requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7384requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7385run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7386 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7387 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7388 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7389 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7390 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7391 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7392 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7393 -c "NamedGroup: x25519 ( 1d )" \
7394 -c "Verifying peer X.509 certificate... ok" \
7395 -C "received HelloRetryRequest message"
7396
7397requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7398requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7399requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7400requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7401requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7402requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7403run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7404 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7405 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7406 0 \
7407 -c "HTTP/1.0 200 ok" \
7408 -c "Protocol is TLSv1.3" \
7409 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7410 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7411 -c "NamedGroup: x25519 ( 1d )" \
7412 -c "Verifying peer X.509 certificate... ok" \
7413 -C "received HelloRetryRequest message"
7414
7415requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7416requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7417requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7418requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7419requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7420requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7421requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7422run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7423 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7424 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7425 0 \
7426 -c "HTTP/1.0 200 ok" \
7427 -c "Protocol is TLSv1.3" \
7428 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7429 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7430 -c "NamedGroup: x25519 ( 1d )" \
7431 -c "Verifying peer X.509 certificate... ok" \
7432 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7433
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7434requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7435requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7436requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7437requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7438requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7439requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7440run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7441 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7442 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7443 0 \
7444 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7445 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7446 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7447 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7448 -c "NamedGroup: x448 ( 1e )" \
7449 -c "Verifying peer X.509 certificate... ok" \
7450 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7451
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7452requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7453requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7454requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7455requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7456requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7457requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7458run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7459 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7460 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7461 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7462 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7463 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7464 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7465 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7466 -c "NamedGroup: x448 ( 1e )" \
7467 -c "Verifying peer X.509 certificate... ok" \
7468 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7469
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7470requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7471requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7472requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7473requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7474requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7475requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7476run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7477 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7478 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7479 0 \
7480 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7481 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7482 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7483 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7484 -c "NamedGroup: x448 ( 1e )" \
7485 -c "Verifying peer X.509 certificate... ok" \
7486 -C "received HelloRetryRequest message"
7487
7488requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7489requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7490requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7491requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7492requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7493requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7494requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7495run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7496 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7497 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7498 0 \
7499 -c "HTTP/1.0 200 ok" \
7500 -c "Protocol is TLSv1.3" \
7501 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7502 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7503 -c "NamedGroup: x448 ( 1e )" \
7504 -c "Verifying peer X.509 certificate... ok" \
7505 -C "received HelloRetryRequest message"
7506
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7507requires_openssl_tls1_3
7508requires_openssl_3_x
7509requires_config_enabled MBEDTLS_SSL_CLI_C
7510requires_config_enabled MBEDTLS_DEBUG_C
7511requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7512requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7513run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
7514 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7515 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
7516 0 \
7517 -c "HTTP/1.0 200 ok" \
7518 -c "Protocol is TLSv1.3" \
7519 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7520 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7521 -c "NamedGroup: ffdhe2048 ( 100 )" \
7522 -c "Verifying peer X.509 certificate... ok" \
7523 -C "received HelloRetryRequest message"
7524
7525requires_openssl_tls1_3
7526requires_openssl_3_x
7527requires_config_enabled MBEDTLS_SSL_CLI_C
7528requires_config_enabled MBEDTLS_DEBUG_C
7529requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7530requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7531run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
7532 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7533 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
7534 0 \
7535 -c "HTTP/1.0 200 ok" \
7536 -c "Protocol is TLSv1.3" \
7537 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7538 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7539 -c "NamedGroup: ffdhe2048 ( 100 )" \
7540 -c "Verifying peer X.509 certificate... ok" \
7541 -C "received HelloRetryRequest message"
7542
7543requires_openssl_tls1_3
7544requires_openssl_3_x
7545requires_config_enabled MBEDTLS_SSL_CLI_C
7546requires_config_enabled MBEDTLS_DEBUG_C
7547requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7548requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7549run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
7550 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7551 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
7552 0 \
7553 -c "HTTP/1.0 200 ok" \
7554 -c "Protocol is TLSv1.3" \
7555 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7556 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7557 -c "NamedGroup: ffdhe2048 ( 100 )" \
7558 -c "Verifying peer X.509 certificate... ok" \
7559 -C "received HelloRetryRequest message"
7560
7561requires_openssl_tls1_3
7562requires_openssl_3_x
7563requires_config_enabled MBEDTLS_SSL_CLI_C
7564requires_config_enabled MBEDTLS_DEBUG_C
7565requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7566requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7567requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7568run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
7569 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7570 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
7571 0 \
7572 -c "HTTP/1.0 200 ok" \
7573 -c "Protocol is TLSv1.3" \
7574 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7575 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7576 -c "NamedGroup: ffdhe2048 ( 100 )" \
7577 -c "Verifying peer X.509 certificate... ok" \
7578 -C "received HelloRetryRequest message"
7579
7580requires_openssl_tls1_3
7581requires_openssl_3_x
7582requires_config_enabled MBEDTLS_SSL_CLI_C
7583requires_config_enabled MBEDTLS_DEBUG_C
7584requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7585requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7586run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
7587 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7588 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
7589 0 \
7590 -c "HTTP/1.0 200 ok" \
7591 -c "Protocol is TLSv1.3" \
7592 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7593 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7594 -c "NamedGroup: ffdhe8192 ( 104 )" \
7595 -c "Verifying peer X.509 certificate... ok" \
7596 -C "received HelloRetryRequest message"
7597
7598requires_openssl_tls1_3
7599requires_openssl_3_x
7600requires_config_enabled MBEDTLS_SSL_CLI_C
7601requires_config_enabled MBEDTLS_DEBUG_C
7602requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7603requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7604run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
7605 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7606 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
7607 0 \
7608 -c "HTTP/1.0 200 ok" \
7609 -c "Protocol is TLSv1.3" \
7610 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7611 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7612 -c "NamedGroup: ffdhe8192 ( 104 )" \
7613 -c "Verifying peer X.509 certificate... ok" \
7614 -C "received HelloRetryRequest message"
7615
7616requires_openssl_tls1_3
7617requires_openssl_3_x
7618requires_config_enabled MBEDTLS_SSL_CLI_C
7619requires_config_enabled MBEDTLS_DEBUG_C
7620requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7621requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7622run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
7623 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7624 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
7625 0 \
7626 -c "HTTP/1.0 200 ok" \
7627 -c "Protocol is TLSv1.3" \
7628 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7629 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7630 -c "NamedGroup: ffdhe8192 ( 104 )" \
7631 -c "Verifying peer X.509 certificate... ok" \
7632 -C "received HelloRetryRequest message"
7633
7634requires_openssl_tls1_3
7635requires_openssl_3_x
7636requires_config_enabled MBEDTLS_SSL_CLI_C
7637requires_config_enabled MBEDTLS_DEBUG_C
7638requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7639requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7640requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7641run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
7642 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7643 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
7644 0 \
7645 -c "HTTP/1.0 200 ok" \
7646 -c "Protocol is TLSv1.3" \
7647 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7648 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7649 -c "NamedGroup: ffdhe8192 ( 104 )" \
7650 -c "Verifying peer X.509 certificate... ok" \
7651 -C "received HelloRetryRequest message"
7652
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7653requires_gnutls_tls1_3
7654requires_gnutls_next_no_ticket
7655requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7656requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7657requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7658requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7659requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7660requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7661run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7662 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7663 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7664 0 \
7665 -c "HTTP/1.0 200 OK" \
7666 -c "Protocol is TLSv1.3" \
7667 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7668 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7669 -c "NamedGroup: secp256r1 ( 17 )" \
7670 -c "Verifying peer X.509 certificate... ok" \
7671 -C "received HelloRetryRequest message"
7672
7673requires_gnutls_tls1_3
7674requires_gnutls_next_no_ticket
7675requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7676requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7677requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7678requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7679requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7680requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7681run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7682 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7683 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7684 0 \
7685 -c "HTTP/1.0 200 OK" \
7686 -c "Protocol is TLSv1.3" \
7687 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7688 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7689 -c "NamedGroup: secp256r1 ( 17 )" \
7690 -c "Verifying peer X.509 certificate... ok" \
7691 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7692
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7693requires_gnutls_tls1_3
7694requires_gnutls_next_no_ticket
7695requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7696requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7697requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7698requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7699requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7700requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7701run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7702 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7703 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7704 0 \
7705 -c "HTTP/1.0 200 OK" \
7706 -c "Protocol is TLSv1.3" \
7707 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7708 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7709 -c "NamedGroup: secp256r1 ( 17 )" \
7710 -c "Verifying peer X.509 certificate... ok" \
7711 -C "received HelloRetryRequest message"
7712
7713requires_gnutls_tls1_3
7714requires_gnutls_next_no_ticket
7715requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7716requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7717requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7718requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7719requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7720requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7721requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7722run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7723 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7724 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7725 0 \
7726 -c "HTTP/1.0 200 OK" \
7727 -c "Protocol is TLSv1.3" \
7728 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7729 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7730 -c "NamedGroup: secp256r1 ( 17 )" \
7731 -c "Verifying peer X.509 certificate... ok" \
7732 -C "received HelloRetryRequest message"
7733
7734requires_gnutls_tls1_3
7735requires_gnutls_next_no_ticket
7736requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7737requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7738requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7739requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7740requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7741requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7742run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7743 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7744 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7745 0 \
7746 -c "HTTP/1.0 200 OK" \
7747 -c "Protocol is TLSv1.3" \
7748 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7749 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7750 -c "NamedGroup: secp384r1 ( 18 )" \
7751 -c "Verifying peer X.509 certificate... ok" \
7752 -C "received HelloRetryRequest message"
7753
7754requires_gnutls_tls1_3
7755requires_gnutls_next_no_ticket
7756requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7757requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7758requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7759requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7760requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7761requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7762run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7763 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7764 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7765 0 \
7766 -c "HTTP/1.0 200 OK" \
7767 -c "Protocol is TLSv1.3" \
7768 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7769 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7770 -c "NamedGroup: secp384r1 ( 18 )" \
7771 -c "Verifying peer X.509 certificate... ok" \
7772 -C "received HelloRetryRequest message"
7773
7774requires_gnutls_tls1_3
7775requires_gnutls_next_no_ticket
7776requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7777requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7778requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7779requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7780requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7781requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7782run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7783 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7784 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7785 0 \
7786 -c "HTTP/1.0 200 OK" \
7787 -c "Protocol is TLSv1.3" \
7788 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7789 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7790 -c "NamedGroup: secp384r1 ( 18 )" \
7791 -c "Verifying peer X.509 certificate... ok" \
7792 -C "received HelloRetryRequest message"
7793
7794requires_gnutls_tls1_3
7795requires_gnutls_next_no_ticket
7796requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7797requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7798requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7799requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7800requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7801requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7802requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7803run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7804 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7805 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7806 0 \
7807 -c "HTTP/1.0 200 OK" \
7808 -c "Protocol is TLSv1.3" \
7809 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7810 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7811 -c "NamedGroup: secp384r1 ( 18 )" \
7812 -c "Verifying peer X.509 certificate... ok" \
7813 -C "received HelloRetryRequest message"
7814
7815requires_gnutls_tls1_3
7816requires_gnutls_next_no_ticket
7817requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7818requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7819requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7820requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7821requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7822requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7823run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7824 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7825 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7826 0 \
7827 -c "HTTP/1.0 200 OK" \
7828 -c "Protocol is TLSv1.3" \
7829 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7830 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7831 -c "NamedGroup: secp521r1 ( 19 )" \
7832 -c "Verifying peer X.509 certificate... ok" \
7833 -C "received HelloRetryRequest message"
7834
7835requires_gnutls_tls1_3
7836requires_gnutls_next_no_ticket
7837requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7838requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7839requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7840requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7841requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7842requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7843run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7844 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7845 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7846 0 \
7847 -c "HTTP/1.0 200 OK" \
7848 -c "Protocol is TLSv1.3" \
7849 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7850 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7851 -c "NamedGroup: secp521r1 ( 19 )" \
7852 -c "Verifying peer X.509 certificate... ok" \
7853 -C "received HelloRetryRequest message"
7854
7855requires_gnutls_tls1_3
7856requires_gnutls_next_no_ticket
7857requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7858requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7859requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7860requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7861requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7862requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7863run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7864 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7865 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7866 0 \
7867 -c "HTTP/1.0 200 OK" \
7868 -c "Protocol is TLSv1.3" \
7869 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7870 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7871 -c "NamedGroup: secp521r1 ( 19 )" \
7872 -c "Verifying peer X.509 certificate... ok" \
7873 -C "received HelloRetryRequest message"
7874
7875requires_gnutls_tls1_3
7876requires_gnutls_next_no_ticket
7877requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7878requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7879requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7880requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7881requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7882requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7883requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7884run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7885 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7886 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7887 0 \
7888 -c "HTTP/1.0 200 OK" \
7889 -c "Protocol is TLSv1.3" \
7890 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7891 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7892 -c "NamedGroup: secp521r1 ( 19 )" \
7893 -c "Verifying peer X.509 certificate... ok" \
7894 -C "received HelloRetryRequest message"
7895
7896requires_gnutls_tls1_3
7897requires_gnutls_next_no_ticket
7898requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7899requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7900requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7901requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7902requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7903requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7904run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7905 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7906 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7907 0 \
7908 -c "HTTP/1.0 200 OK" \
7909 -c "Protocol is TLSv1.3" \
7910 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7911 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7912 -c "NamedGroup: x25519 ( 1d )" \
7913 -c "Verifying peer X.509 certificate... ok" \
7914 -C "received HelloRetryRequest message"
7915
7916requires_gnutls_tls1_3
7917requires_gnutls_next_no_ticket
7918requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7919requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7920requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7921requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7922requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7923requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7924run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7925 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7926 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7927 0 \
7928 -c "HTTP/1.0 200 OK" \
7929 -c "Protocol is TLSv1.3" \
7930 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7931 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7932 -c "NamedGroup: x25519 ( 1d )" \
7933 -c "Verifying peer X.509 certificate... ok" \
7934 -C "received HelloRetryRequest message"
7935
7936requires_gnutls_tls1_3
7937requires_gnutls_next_no_ticket
7938requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7939requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7940requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7941requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7942requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7943requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7944run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7945 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7946 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7947 0 \
7948 -c "HTTP/1.0 200 OK" \
7949 -c "Protocol is TLSv1.3" \
7950 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7951 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7952 -c "NamedGroup: x25519 ( 1d )" \
7953 -c "Verifying peer X.509 certificate... ok" \
7954 -C "received HelloRetryRequest message"
7955
7956requires_gnutls_tls1_3
7957requires_gnutls_next_no_ticket
7958requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7959requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7960requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7961requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7962requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7963requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7964requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7965run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7966 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7967 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7968 0 \
7969 -c "HTTP/1.0 200 OK" \
7970 -c "Protocol is TLSv1.3" \
7971 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7972 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7973 -c "NamedGroup: x25519 ( 1d )" \
7974 -c "Verifying peer X.509 certificate... ok" \
7975 -C "received HelloRetryRequest message"
7976
7977requires_gnutls_tls1_3
7978requires_gnutls_next_no_ticket
7979requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7980requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7981requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7982requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7983requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]7984requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7985run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7986 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7987 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7988 0 \
7989 -c "HTTP/1.0 200 OK" \
7990 -c "Protocol is TLSv1.3" \
7991 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7992 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7993 -c "NamedGroup: x448 ( 1e )" \
7994 -c "Verifying peer X.509 certificate... ok" \
7995 -C "received HelloRetryRequest message"
7996
7997requires_gnutls_tls1_3
7998requires_gnutls_next_no_ticket
7999requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8000requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8001requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8002requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8003requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8004requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8005run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8006 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8007 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8008 0 \
8009 -c "HTTP/1.0 200 OK" \
8010 -c "Protocol is TLSv1.3" \
8011 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
8012 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8013 -c "NamedGroup: x448 ( 1e )" \
8014 -c "Verifying peer X.509 certificate... ok" \
8015 -C "received HelloRetryRequest message"
8016
8017requires_gnutls_tls1_3
8018requires_gnutls_next_no_ticket
8019requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8020requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8021requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8022requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8023requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8024requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8025run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8026 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8027 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8028 0 \
8029 -c "HTTP/1.0 200 OK" \
8030 -c "Protocol is TLSv1.3" \
8031 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
8032 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8033 -c "NamedGroup: x448 ( 1e )" \
8034 -c "Verifying peer X.509 certificate... ok" \
8035 -C "received HelloRetryRequest message"
8036
8037requires_gnutls_tls1_3
8038requires_gnutls_next_no_ticket
8039requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8040requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8041requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8042requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8043requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8044requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8045requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8046run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8047 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8048 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8049 0 \
8050 -c "HTTP/1.0 200 OK" \
8051 -c "Protocol is TLSv1.3" \
8052 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
8053 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8054 -c "NamedGroup: x448 ( 1e )" \
8055 -c "Verifying peer X.509 certificate... ok" \
8056 -C "received HelloRetryRequest message"
8057
8058requires_gnutls_tls1_3
8059requires_gnutls_next_no_ticket
8060requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8061requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8062requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8063requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8064requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8065run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
8066 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8067 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
8068 0 \
8069 -c "HTTP/1.0 200 OK" \
8070 -c "Protocol is TLSv1.3" \
8071 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
8072 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8073 -c "NamedGroup: ffdhe2048 ( 100 )" \
8074 -c "Verifying peer X.509 certificate... ok" \
8075 -C "received HelloRetryRequest message"
8076
8077requires_gnutls_tls1_3
8078requires_gnutls_next_no_ticket
8079requires_gnutls_next_disable_tls13_compat
8080requires_config_enabled MBEDTLS_SSL_CLI_C
8081requires_config_enabled MBEDTLS_DEBUG_C
8082requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8083requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8084run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
8085 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8086 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
8087 0 \
8088 -c "HTTP/1.0 200 OK" \
8089 -c "Protocol is TLSv1.3" \
8090 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
8091 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8092 -c "NamedGroup: ffdhe2048 ( 100 )" \
8093 -c "Verifying peer X.509 certificate... ok" \
8094 -C "received HelloRetryRequest message"
8095
8096requires_gnutls_tls1_3
8097requires_gnutls_next_no_ticket
8098requires_gnutls_next_disable_tls13_compat
8099requires_config_enabled MBEDTLS_SSL_CLI_C
8100requires_config_enabled MBEDTLS_DEBUG_C
8101requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8102requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8103run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
8104 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8105 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
8106 0 \
8107 -c "HTTP/1.0 200 OK" \
8108 -c "Protocol is TLSv1.3" \
8109 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
8110 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8111 -c "NamedGroup: ffdhe2048 ( 100 )" \
8112 -c "Verifying peer X.509 certificate... ok" \
8113 -C "received HelloRetryRequest message"
8114
8115requires_gnutls_tls1_3
8116requires_gnutls_next_no_ticket
8117requires_gnutls_next_disable_tls13_compat
8118requires_config_enabled MBEDTLS_SSL_CLI_C
8119requires_config_enabled MBEDTLS_DEBUG_C
8120requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8121requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8122requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8123run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
8124 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8125 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
8126 0 \
8127 -c "HTTP/1.0 200 OK" \
8128 -c "Protocol is TLSv1.3" \
8129 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
8130 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8131 -c "NamedGroup: ffdhe2048 ( 100 )" \
8132 -c "Verifying peer X.509 certificate... ok" \
8133 -C "received HelloRetryRequest message"
8134
8135requires_gnutls_tls1_3
8136requires_gnutls_next_no_ticket
8137requires_gnutls_next_disable_tls13_compat
8138requires_config_enabled MBEDTLS_SSL_CLI_C
8139requires_config_enabled MBEDTLS_DEBUG_C
8140requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8141requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8142run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
8143 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
8144 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
8145 0 \
8146 -c "HTTP/1.0 200 OK" \
8147 -c "Protocol is TLSv1.3" \
8148 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
8149 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8150 -c "NamedGroup: ffdhe8192 ( 104 )" \
8151 -c "Verifying peer X.509 certificate... ok" \
8152 -C "received HelloRetryRequest message"
8153
8154requires_gnutls_tls1_3
8155requires_gnutls_next_no_ticket
8156requires_gnutls_next_disable_tls13_compat
8157requires_config_enabled MBEDTLS_SSL_CLI_C
8158requires_config_enabled MBEDTLS_DEBUG_C
8159requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8160requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8161run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
8162 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
8163 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
8164 0 \
8165 -c "HTTP/1.0 200 OK" \
8166 -c "Protocol is TLSv1.3" \
8167 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
8168 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8169 -c "NamedGroup: ffdhe8192 ( 104 )" \
8170 -c "Verifying peer X.509 certificate... ok" \
8171 -C "received HelloRetryRequest message"
8172
8173requires_gnutls_tls1_3
8174requires_gnutls_next_no_ticket
8175requires_gnutls_next_disable_tls13_compat
8176requires_config_enabled MBEDTLS_SSL_CLI_C
8177requires_config_enabled MBEDTLS_DEBUG_C
8178requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8179requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8180run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
8181 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
8182 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
8183 0 \
8184 -c "HTTP/1.0 200 OK" \
8185 -c "Protocol is TLSv1.3" \
8186 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
8187 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8188 -c "NamedGroup: ffdhe8192 ( 104 )" \
8189 -c "Verifying peer X.509 certificate... ok" \
8190 -C "received HelloRetryRequest message"
8191
8192requires_gnutls_tls1_3
8193requires_gnutls_next_no_ticket
8194requires_gnutls_next_disable_tls13_compat
8195requires_config_enabled MBEDTLS_SSL_CLI_C
8196requires_config_enabled MBEDTLS_DEBUG_C
8197requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8198requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8199requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8200run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
8201 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
8202 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
8203 0 \
8204 -c "HTTP/1.0 200 OK" \
8205 -c "Protocol is TLSv1.3" \
8206 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
8207 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8208 -c "NamedGroup: ffdhe8192 ( 104 )" \
8209 -c "Verifying peer X.509 certificate... ok" \
8210 -C "received HelloRetryRequest message"
8211
8212requires_gnutls_tls1_3
8213requires_gnutls_next_no_ticket
8214requires_gnutls_next_disable_tls13_compat
8215requires_config_enabled MBEDTLS_SSL_CLI_C
8216requires_config_enabled MBEDTLS_DEBUG_C
8217requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8218requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8219requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8220run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8221 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8222 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8223 0 \
8224 -c "HTTP/1.0 200 OK" \
8225 -c "Protocol is TLSv1.3" \
8226 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8227 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8228 -c "NamedGroup: secp256r1 ( 17 )" \
8229 -c "Verifying peer X.509 certificate... ok" \
8230 -C "received HelloRetryRequest message"
8231
8232requires_gnutls_tls1_3
8233requires_gnutls_next_no_ticket
8234requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8235requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8236requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8237requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8238requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8239requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8240run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8241 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8242 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8243 0 \
8244 -c "HTTP/1.0 200 OK" \
8245 -c "Protocol is TLSv1.3" \
8246 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8247 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8248 -c "NamedGroup: secp256r1 ( 17 )" \
8249 -c "Verifying peer X.509 certificate... ok" \
8250 -C "received HelloRetryRequest message"
8251
8252requires_gnutls_tls1_3
8253requires_gnutls_next_no_ticket
8254requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8255requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8256requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8257requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8258requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8259requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8260run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8261 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8262 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8263 0 \
8264 -c "HTTP/1.0 200 OK" \
8265 -c "Protocol is TLSv1.3" \
8266 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8267 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8268 -c "NamedGroup: secp256r1 ( 17 )" \
8269 -c "Verifying peer X.509 certificate... ok" \
8270 -C "received HelloRetryRequest message"
8271
8272requires_gnutls_tls1_3
8273requires_gnutls_next_no_ticket
8274requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8275requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8276requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8277requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8278requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8279requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8280requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8281run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8282 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8283 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8284 0 \
8285 -c "HTTP/1.0 200 OK" \
8286 -c "Protocol is TLSv1.3" \
8287 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8288 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8289 -c "NamedGroup: secp256r1 ( 17 )" \
8290 -c "Verifying peer X.509 certificate... ok" \
8291 -C "received HelloRetryRequest message"
8292
8293requires_gnutls_tls1_3
8294requires_gnutls_next_no_ticket
8295requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8296requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8297requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8298requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8299requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8300requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8301run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8302 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8303 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8304 0 \
8305 -c "HTTP/1.0 200 OK" \
8306 -c "Protocol is TLSv1.3" \
8307 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8308 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8309 -c "NamedGroup: secp384r1 ( 18 )" \
8310 -c "Verifying peer X.509 certificate... ok" \
8311 -C "received HelloRetryRequest message"
8312
8313requires_gnutls_tls1_3
8314requires_gnutls_next_no_ticket
8315requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8316requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8317requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8318requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8319requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8320requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8321run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8322 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8323 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8324 0 \
8325 -c "HTTP/1.0 200 OK" \
8326 -c "Protocol is TLSv1.3" \
8327 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8328 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8329 -c "NamedGroup: secp384r1 ( 18 )" \
8330 -c "Verifying peer X.509 certificate... ok" \
8331 -C "received HelloRetryRequest message"
8332
8333requires_gnutls_tls1_3
8334requires_gnutls_next_no_ticket
8335requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8336requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8337requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8338requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8339requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8340requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8341run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8342 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8343 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8344 0 \
8345 -c "HTTP/1.0 200 OK" \
8346 -c "Protocol is TLSv1.3" \
8347 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8348 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8349 -c "NamedGroup: secp384r1 ( 18 )" \
8350 -c "Verifying peer X.509 certificate... ok" \
8351 -C "received HelloRetryRequest message"
8352
8353requires_gnutls_tls1_3
8354requires_gnutls_next_no_ticket
8355requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8356requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8357requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8358requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8359requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8360requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8361requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8362run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8363 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8364 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8365 0 \
8366 -c "HTTP/1.0 200 OK" \
8367 -c "Protocol is TLSv1.3" \
8368 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8369 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8370 -c "NamedGroup: secp384r1 ( 18 )" \
8371 -c "Verifying peer X.509 certificate... ok" \
8372 -C "received HelloRetryRequest message"
8373
8374requires_gnutls_tls1_3
8375requires_gnutls_next_no_ticket
8376requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8377requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8378requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8379requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8380requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8381requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8382run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8383 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8384 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8385 0 \
8386 -c "HTTP/1.0 200 OK" \
8387 -c "Protocol is TLSv1.3" \
8388 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8389 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8390 -c "NamedGroup: secp521r1 ( 19 )" \
8391 -c "Verifying peer X.509 certificate... ok" \
8392 -C "received HelloRetryRequest message"
8393
8394requires_gnutls_tls1_3
8395requires_gnutls_next_no_ticket
8396requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8397requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8398requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8399requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8400requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8401requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8402run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8403 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8404 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8405 0 \
8406 -c "HTTP/1.0 200 OK" \
8407 -c "Protocol is TLSv1.3" \
8408 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8409 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8410 -c "NamedGroup: secp521r1 ( 19 )" \
8411 -c "Verifying peer X.509 certificate... ok" \
8412 -C "received HelloRetryRequest message"
8413
8414requires_gnutls_tls1_3
8415requires_gnutls_next_no_ticket
8416requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8417requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8418requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8419requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8420requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8421requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8422run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8423 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8424 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8425 0 \
8426 -c "HTTP/1.0 200 OK" \
8427 -c "Protocol is TLSv1.3" \
8428 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8429 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8430 -c "NamedGroup: secp521r1 ( 19 )" \
8431 -c "Verifying peer X.509 certificate... ok" \
8432 -C "received HelloRetryRequest message"
8433
8434requires_gnutls_tls1_3
8435requires_gnutls_next_no_ticket
8436requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8437requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8438requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8439requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8440requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8441requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8442requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8443run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8444 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8445 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8446 0 \
8447 -c "HTTP/1.0 200 OK" \
8448 -c "Protocol is TLSv1.3" \
8449 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8450 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8451 -c "NamedGroup: secp521r1 ( 19 )" \
8452 -c "Verifying peer X.509 certificate... ok" \
8453 -C "received HelloRetryRequest message"
8454
8455requires_gnutls_tls1_3
8456requires_gnutls_next_no_ticket
8457requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8458requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8459requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8460requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8461requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8462requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8463run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8464 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8465 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8466 0 \
8467 -c "HTTP/1.0 200 OK" \
8468 -c "Protocol is TLSv1.3" \
8469 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8470 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8471 -c "NamedGroup: x25519 ( 1d )" \
8472 -c "Verifying peer X.509 certificate... ok" \
8473 -C "received HelloRetryRequest message"
8474
8475requires_gnutls_tls1_3
8476requires_gnutls_next_no_ticket
8477requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8478requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8479requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8480requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8481requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8482requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8483run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8484 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8485 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8486 0 \
8487 -c "HTTP/1.0 200 OK" \
8488 -c "Protocol is TLSv1.3" \
8489 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8490 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8491 -c "NamedGroup: x25519 ( 1d )" \
8492 -c "Verifying peer X.509 certificate... ok" \
8493 -C "received HelloRetryRequest message"
8494
8495requires_gnutls_tls1_3
8496requires_gnutls_next_no_ticket
8497requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8498requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8499requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8500requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8501requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8502requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8503run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8504 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8505 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8506 0 \
8507 -c "HTTP/1.0 200 OK" \
8508 -c "Protocol is TLSv1.3" \
8509 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8510 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8511 -c "NamedGroup: x25519 ( 1d )" \
8512 -c "Verifying peer X.509 certificate... ok" \
8513 -C "received HelloRetryRequest message"
8514
8515requires_gnutls_tls1_3
8516requires_gnutls_next_no_ticket
8517requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8518requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8519requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8520requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8521requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8522requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8523requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8524run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8525 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8526 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8527 0 \
8528 -c "HTTP/1.0 200 OK" \
8529 -c "Protocol is TLSv1.3" \
8530 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8531 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8532 -c "NamedGroup: x25519 ( 1d )" \
8533 -c "Verifying peer X.509 certificate... ok" \
8534 -C "received HelloRetryRequest message"
8535
8536requires_gnutls_tls1_3
8537requires_gnutls_next_no_ticket
8538requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8539requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8540requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8541requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8542requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8543requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8544run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8545 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8546 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8547 0 \
8548 -c "HTTP/1.0 200 OK" \
8549 -c "Protocol is TLSv1.3" \
8550 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8551 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8552 -c "NamedGroup: x448 ( 1e )" \
8553 -c "Verifying peer X.509 certificate... ok" \
8554 -C "received HelloRetryRequest message"
8555
8556requires_gnutls_tls1_3
8557requires_gnutls_next_no_ticket
8558requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8559requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8560requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8561requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8562requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8563requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8564run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8565 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8566 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8567 0 \
8568 -c "HTTP/1.0 200 OK" \
8569 -c "Protocol is TLSv1.3" \
8570 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8571 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8572 -c "NamedGroup: x448 ( 1e )" \
8573 -c "Verifying peer X.509 certificate... ok" \
8574 -C "received HelloRetryRequest message"
8575
8576requires_gnutls_tls1_3
8577requires_gnutls_next_no_ticket
8578requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8579requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8580requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8581requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8582requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8583requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8584run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8585 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8586 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8587 0 \
8588 -c "HTTP/1.0 200 OK" \
8589 -c "Protocol is TLSv1.3" \
8590 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8591 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8592 -c "NamedGroup: x448 ( 1e )" \
8593 -c "Verifying peer X.509 certificate... ok" \
8594 -C "received HelloRetryRequest message"
8595
8596requires_gnutls_tls1_3
8597requires_gnutls_next_no_ticket
8598requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8599requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8600requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8601requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8602requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8603requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8604requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8605run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8606 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8607 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8608 0 \
8609 -c "HTTP/1.0 200 OK" \
8610 -c "Protocol is TLSv1.3" \
8611 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8612 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8613 -c "NamedGroup: x448 ( 1e )" \
8614 -c "Verifying peer X.509 certificate... ok" \
8615 -C "received HelloRetryRequest message"
8616
8617requires_gnutls_tls1_3
8618requires_gnutls_next_no_ticket
8619requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8620requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8621requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8622requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8623requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8624run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
8625 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8626 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
8627 0 \
8628 -c "HTTP/1.0 200 OK" \
8629 -c "Protocol is TLSv1.3" \
8630 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8631 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8632 -c "NamedGroup: ffdhe2048 ( 100 )" \
8633 -c "Verifying peer X.509 certificate... ok" \
8634 -C "received HelloRetryRequest message"
8635
8636requires_gnutls_tls1_3
8637requires_gnutls_next_no_ticket
8638requires_gnutls_next_disable_tls13_compat
8639requires_config_enabled MBEDTLS_SSL_CLI_C
8640requires_config_enabled MBEDTLS_DEBUG_C
8641requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8642requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8643run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
8644 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8645 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
8646 0 \
8647 -c "HTTP/1.0 200 OK" \
8648 -c "Protocol is TLSv1.3" \
8649 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8650 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8651 -c "NamedGroup: ffdhe2048 ( 100 )" \
8652 -c "Verifying peer X.509 certificate... ok" \
8653 -C "received HelloRetryRequest message"
8654
8655requires_gnutls_tls1_3
8656requires_gnutls_next_no_ticket
8657requires_gnutls_next_disable_tls13_compat
8658requires_config_enabled MBEDTLS_SSL_CLI_C
8659requires_config_enabled MBEDTLS_DEBUG_C
8660requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8661requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8662run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
8663 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8664 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
8665 0 \
8666 -c "HTTP/1.0 200 OK" \
8667 -c "Protocol is TLSv1.3" \
8668 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8669 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8670 -c "NamedGroup: ffdhe2048 ( 100 )" \
8671 -c "Verifying peer X.509 certificate... ok" \
8672 -C "received HelloRetryRequest message"
8673
8674requires_gnutls_tls1_3
8675requires_gnutls_next_no_ticket
8676requires_gnutls_next_disable_tls13_compat
8677requires_config_enabled MBEDTLS_SSL_CLI_C
8678requires_config_enabled MBEDTLS_DEBUG_C
8679requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8680requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8681requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8682run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
8683 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8684 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
8685 0 \
8686 -c "HTTP/1.0 200 OK" \
8687 -c "Protocol is TLSv1.3" \
8688 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8689 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8690 -c "NamedGroup: ffdhe2048 ( 100 )" \
8691 -c "Verifying peer X.509 certificate... ok" \
8692 -C "received HelloRetryRequest message"
8693
8694requires_gnutls_tls1_3
8695requires_gnutls_next_no_ticket
8696requires_gnutls_next_disable_tls13_compat
8697requires_config_enabled MBEDTLS_SSL_CLI_C
8698requires_config_enabled MBEDTLS_DEBUG_C
8699requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8700requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8701run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
8702 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
8703 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
8704 0 \
8705 -c "HTTP/1.0 200 OK" \
8706 -c "Protocol is TLSv1.3" \
8707 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8708 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8709 -c "NamedGroup: ffdhe8192 ( 104 )" \
8710 -c "Verifying peer X.509 certificate... ok" \
8711 -C "received HelloRetryRequest message"
8712
8713requires_gnutls_tls1_3
8714requires_gnutls_next_no_ticket
8715requires_gnutls_next_disable_tls13_compat
8716requires_config_enabled MBEDTLS_SSL_CLI_C
8717requires_config_enabled MBEDTLS_DEBUG_C
8718requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8719requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8720run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
8721 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
8722 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
8723 0 \
8724 -c "HTTP/1.0 200 OK" \
8725 -c "Protocol is TLSv1.3" \
8726 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8727 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8728 -c "NamedGroup: ffdhe8192 ( 104 )" \
8729 -c "Verifying peer X.509 certificate... ok" \
8730 -C "received HelloRetryRequest message"
8731
8732requires_gnutls_tls1_3
8733requires_gnutls_next_no_ticket
8734requires_gnutls_next_disable_tls13_compat
8735requires_config_enabled MBEDTLS_SSL_CLI_C
8736requires_config_enabled MBEDTLS_DEBUG_C
8737requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8738requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8739run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
8740 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
8741 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
8742 0 \
8743 -c "HTTP/1.0 200 OK" \
8744 -c "Protocol is TLSv1.3" \
8745 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8746 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8747 -c "NamedGroup: ffdhe8192 ( 104 )" \
8748 -c "Verifying peer X.509 certificate... ok" \
8749 -C "received HelloRetryRequest message"
8750
8751requires_gnutls_tls1_3
8752requires_gnutls_next_no_ticket
8753requires_gnutls_next_disable_tls13_compat
8754requires_config_enabled MBEDTLS_SSL_CLI_C
8755requires_config_enabled MBEDTLS_DEBUG_C
8756requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8757requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8758requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8759run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
8760 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
8761 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
8762 0 \
8763 -c "HTTP/1.0 200 OK" \
8764 -c "Protocol is TLSv1.3" \
8765 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8766 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8767 -c "NamedGroup: ffdhe8192 ( 104 )" \
8768 -c "Verifying peer X.509 certificate... ok" \
8769 -C "received HelloRetryRequest message"
8770
8771requires_gnutls_tls1_3
8772requires_gnutls_next_no_ticket
8773requires_gnutls_next_disable_tls13_compat
8774requires_config_enabled MBEDTLS_SSL_CLI_C
8775requires_config_enabled MBEDTLS_DEBUG_C
8776requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8777requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8778requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8779run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8780 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8781 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8782 0 \
8783 -c "HTTP/1.0 200 OK" \
8784 -c "Protocol is TLSv1.3" \
8785 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8786 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8787 -c "NamedGroup: secp256r1 ( 17 )" \
8788 -c "Verifying peer X.509 certificate... ok" \
8789 -C "received HelloRetryRequest message"
8790
8791requires_gnutls_tls1_3
8792requires_gnutls_next_no_ticket
8793requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8794requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8795requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8796requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8797requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8798requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8799run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8800 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8801 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8802 0 \
8803 -c "HTTP/1.0 200 OK" \
8804 -c "Protocol is TLSv1.3" \
8805 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8806 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8807 -c "NamedGroup: secp256r1 ( 17 )" \
8808 -c "Verifying peer X.509 certificate... ok" \
8809 -C "received HelloRetryRequest message"
8810
8811requires_gnutls_tls1_3
8812requires_gnutls_next_no_ticket
8813requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8814requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8815requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8816requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8817requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8818requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8819run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8820 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8821 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8822 0 \
8823 -c "HTTP/1.0 200 OK" \
8824 -c "Protocol is TLSv1.3" \
8825 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8826 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8827 -c "NamedGroup: secp256r1 ( 17 )" \
8828 -c "Verifying peer X.509 certificate... ok" \
8829 -C "received HelloRetryRequest message"
8830
8831requires_gnutls_tls1_3
8832requires_gnutls_next_no_ticket
8833requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8834requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8835requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8836requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8837requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8838requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8839requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8840run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8841 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8842 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8843 0 \
8844 -c "HTTP/1.0 200 OK" \
8845 -c "Protocol is TLSv1.3" \
8846 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8847 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8848 -c "NamedGroup: secp256r1 ( 17 )" \
8849 -c "Verifying peer X.509 certificate... ok" \
8850 -C "received HelloRetryRequest message"
8851
8852requires_gnutls_tls1_3
8853requires_gnutls_next_no_ticket
8854requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8855requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8856requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8857requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8858requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8859requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8860run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8861 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8862 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8863 0 \
8864 -c "HTTP/1.0 200 OK" \
8865 -c "Protocol is TLSv1.3" \
8866 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8867 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8868 -c "NamedGroup: secp384r1 ( 18 )" \
8869 -c "Verifying peer X.509 certificate... ok" \
8870 -C "received HelloRetryRequest message"
8871
8872requires_gnutls_tls1_3
8873requires_gnutls_next_no_ticket
8874requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8875requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8876requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8877requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8878requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8879requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8880run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8881 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8882 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8883 0 \
8884 -c "HTTP/1.0 200 OK" \
8885 -c "Protocol is TLSv1.3" \
8886 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8887 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8888 -c "NamedGroup: secp384r1 ( 18 )" \
8889 -c "Verifying peer X.509 certificate... ok" \
8890 -C "received HelloRetryRequest message"
8891
8892requires_gnutls_tls1_3
8893requires_gnutls_next_no_ticket
8894requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8895requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8896requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8897requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8898requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8899requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8900run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8901 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8902 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8903 0 \
8904 -c "HTTP/1.0 200 OK" \
8905 -c "Protocol is TLSv1.3" \
8906 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8907 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8908 -c "NamedGroup: secp384r1 ( 18 )" \
8909 -c "Verifying peer X.509 certificate... ok" \
8910 -C "received HelloRetryRequest message"
8911
8912requires_gnutls_tls1_3
8913requires_gnutls_next_no_ticket
8914requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8915requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8916requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8917requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8918requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8919requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8920requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8921run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8922 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8923 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8924 0 \
8925 -c "HTTP/1.0 200 OK" \
8926 -c "Protocol is TLSv1.3" \
8927 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8928 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8929 -c "NamedGroup: secp384r1 ( 18 )" \
8930 -c "Verifying peer X.509 certificate... ok" \
8931 -C "received HelloRetryRequest message"
8932
8933requires_gnutls_tls1_3
8934requires_gnutls_next_no_ticket
8935requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8936requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8937requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8938requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8939requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8940requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8941run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8942 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8943 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8944 0 \
8945 -c "HTTP/1.0 200 OK" \
8946 -c "Protocol is TLSv1.3" \
8947 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8948 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8949 -c "NamedGroup: secp521r1 ( 19 )" \
8950 -c "Verifying peer X.509 certificate... ok" \
8951 -C "received HelloRetryRequest message"
8952
8953requires_gnutls_tls1_3
8954requires_gnutls_next_no_ticket
8955requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8956requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8957requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8958requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8959requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8960requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8961run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8962 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8963 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8964 0 \
8965 -c "HTTP/1.0 200 OK" \
8966 -c "Protocol is TLSv1.3" \
8967 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8968 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8969 -c "NamedGroup: secp521r1 ( 19 )" \
8970 -c "Verifying peer X.509 certificate... ok" \
8971 -C "received HelloRetryRequest message"
8972
8973requires_gnutls_tls1_3
8974requires_gnutls_next_no_ticket
8975requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8976requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8977requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8978requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8979requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]8980requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8981run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8982 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8983 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8984 0 \
8985 -c "HTTP/1.0 200 OK" \
8986 -c "Protocol is TLSv1.3" \
8987 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8988 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8989 -c "NamedGroup: secp521r1 ( 19 )" \
8990 -c "Verifying peer X.509 certificate... ok" \
8991 -C "received HelloRetryRequest message"
8992
8993requires_gnutls_tls1_3
8994requires_gnutls_next_no_ticket
8995requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8996requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8997requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8998requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8999requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9000requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9001requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9002run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9003 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9004 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9005 0 \
9006 -c "HTTP/1.0 200 OK" \
9007 -c "Protocol is TLSv1.3" \
9008 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9009 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9010 -c "NamedGroup: secp521r1 ( 19 )" \
9011 -c "Verifying peer X.509 certificate... ok" \
9012 -C "received HelloRetryRequest message"
9013
9014requires_gnutls_tls1_3
9015requires_gnutls_next_no_ticket
9016requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9017requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9018requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9019requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9020requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9021requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9022run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9023 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9024 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9025 0 \
9026 -c "HTTP/1.0 200 OK" \
9027 -c "Protocol is TLSv1.3" \
9028 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9029 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9030 -c "NamedGroup: x25519 ( 1d )" \
9031 -c "Verifying peer X.509 certificate... ok" \
9032 -C "received HelloRetryRequest message"
9033
9034requires_gnutls_tls1_3
9035requires_gnutls_next_no_ticket
9036requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9037requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9038requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9039requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9040requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9041requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9042run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9043 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9044 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9045 0 \
9046 -c "HTTP/1.0 200 OK" \
9047 -c "Protocol is TLSv1.3" \
9048 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9049 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9050 -c "NamedGroup: x25519 ( 1d )" \
9051 -c "Verifying peer X.509 certificate... ok" \
9052 -C "received HelloRetryRequest message"
9053
9054requires_gnutls_tls1_3
9055requires_gnutls_next_no_ticket
9056requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9057requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9058requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9059requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9060requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9061requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9062run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9063 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9064 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9065 0 \
9066 -c "HTTP/1.0 200 OK" \
9067 -c "Protocol is TLSv1.3" \
9068 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9069 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9070 -c "NamedGroup: x25519 ( 1d )" \
9071 -c "Verifying peer X.509 certificate... ok" \
9072 -C "received HelloRetryRequest message"
9073
9074requires_gnutls_tls1_3
9075requires_gnutls_next_no_ticket
9076requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9077requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9078requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9079requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9080requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9081requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9082requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9083run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9084 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9085 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9086 0 \
9087 -c "HTTP/1.0 200 OK" \
9088 -c "Protocol is TLSv1.3" \
9089 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9090 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9091 -c "NamedGroup: x25519 ( 1d )" \
9092 -c "Verifying peer X.509 certificate... ok" \
9093 -C "received HelloRetryRequest message"
9094
9095requires_gnutls_tls1_3
9096requires_gnutls_next_no_ticket
9097requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9098requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9099requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9100requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9101requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9102requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9103run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9104 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9105 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9106 0 \
9107 -c "HTTP/1.0 200 OK" \
9108 -c "Protocol is TLSv1.3" \
9109 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9110 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9111 -c "NamedGroup: x448 ( 1e )" \
9112 -c "Verifying peer X.509 certificate... ok" \
9113 -C "received HelloRetryRequest message"
9114
9115requires_gnutls_tls1_3
9116requires_gnutls_next_no_ticket
9117requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9118requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9119requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9120requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9121requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9122requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9123run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9124 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9125 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9126 0 \
9127 -c "HTTP/1.0 200 OK" \
9128 -c "Protocol is TLSv1.3" \
9129 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9130 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9131 -c "NamedGroup: x448 ( 1e )" \
9132 -c "Verifying peer X.509 certificate... ok" \
9133 -C "received HelloRetryRequest message"
9134
9135requires_gnutls_tls1_3
9136requires_gnutls_next_no_ticket
9137requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9138requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9139requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9140requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9141requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9142requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9143run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9144 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9145 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9146 0 \
9147 -c "HTTP/1.0 200 OK" \
9148 -c "Protocol is TLSv1.3" \
9149 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9150 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9151 -c "NamedGroup: x448 ( 1e )" \
9152 -c "Verifying peer X.509 certificate... ok" \
9153 -C "received HelloRetryRequest message"
9154
9155requires_gnutls_tls1_3
9156requires_gnutls_next_no_ticket
9157requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9158requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9159requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9160requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9161requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9162requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9163requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9164run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9165 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9166 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9167 0 \
9168 -c "HTTP/1.0 200 OK" \
9169 -c "Protocol is TLSv1.3" \
9170 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9171 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9172 -c "NamedGroup: x448 ( 1e )" \
9173 -c "Verifying peer X.509 certificate... ok" \
9174 -C "received HelloRetryRequest message"
9175
9176requires_gnutls_tls1_3
9177requires_gnutls_next_no_ticket
9178requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9179requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9180requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9181requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9182requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9183run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
9184 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9185 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
9186 0 \
9187 -c "HTTP/1.0 200 OK" \
9188 -c "Protocol is TLSv1.3" \
9189 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9190 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9191 -c "NamedGroup: ffdhe2048 ( 100 )" \
9192 -c "Verifying peer X.509 certificate... ok" \
9193 -C "received HelloRetryRequest message"
9194
9195requires_gnutls_tls1_3
9196requires_gnutls_next_no_ticket
9197requires_gnutls_next_disable_tls13_compat
9198requires_config_enabled MBEDTLS_SSL_CLI_C
9199requires_config_enabled MBEDTLS_DEBUG_C
9200requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9201requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9202run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
9203 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9204 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
9205 0 \
9206 -c "HTTP/1.0 200 OK" \
9207 -c "Protocol is TLSv1.3" \
9208 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9209 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9210 -c "NamedGroup: ffdhe2048 ( 100 )" \
9211 -c "Verifying peer X.509 certificate... ok" \
9212 -C "received HelloRetryRequest message"
9213
9214requires_gnutls_tls1_3
9215requires_gnutls_next_no_ticket
9216requires_gnutls_next_disable_tls13_compat
9217requires_config_enabled MBEDTLS_SSL_CLI_C
9218requires_config_enabled MBEDTLS_DEBUG_C
9219requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9220requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9221run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
9222 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9223 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
9224 0 \
9225 -c "HTTP/1.0 200 OK" \
9226 -c "Protocol is TLSv1.3" \
9227 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9228 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9229 -c "NamedGroup: ffdhe2048 ( 100 )" \
9230 -c "Verifying peer X.509 certificate... ok" \
9231 -C "received HelloRetryRequest message"
9232
9233requires_gnutls_tls1_3
9234requires_gnutls_next_no_ticket
9235requires_gnutls_next_disable_tls13_compat
9236requires_config_enabled MBEDTLS_SSL_CLI_C
9237requires_config_enabled MBEDTLS_DEBUG_C
9238requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9239requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9240requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9241run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
9242 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9243 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
9244 0 \
9245 -c "HTTP/1.0 200 OK" \
9246 -c "Protocol is TLSv1.3" \
9247 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9248 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9249 -c "NamedGroup: ffdhe2048 ( 100 )" \
9250 -c "Verifying peer X.509 certificate... ok" \
9251 -C "received HelloRetryRequest message"
9252
9253requires_gnutls_tls1_3
9254requires_gnutls_next_no_ticket
9255requires_gnutls_next_disable_tls13_compat
9256requires_config_enabled MBEDTLS_SSL_CLI_C
9257requires_config_enabled MBEDTLS_DEBUG_C
9258requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9259requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9260run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
9261 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
9262 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
9263 0 \
9264 -c "HTTP/1.0 200 OK" \
9265 -c "Protocol is TLSv1.3" \
9266 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9267 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9268 -c "NamedGroup: ffdhe8192 ( 104 )" \
9269 -c "Verifying peer X.509 certificate... ok" \
9270 -C "received HelloRetryRequest message"
9271
9272requires_gnutls_tls1_3
9273requires_gnutls_next_no_ticket
9274requires_gnutls_next_disable_tls13_compat
9275requires_config_enabled MBEDTLS_SSL_CLI_C
9276requires_config_enabled MBEDTLS_DEBUG_C
9277requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9278requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9279run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
9280 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
9281 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
9282 0 \
9283 -c "HTTP/1.0 200 OK" \
9284 -c "Protocol is TLSv1.3" \
9285 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9286 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9287 -c "NamedGroup: ffdhe8192 ( 104 )" \
9288 -c "Verifying peer X.509 certificate... ok" \
9289 -C "received HelloRetryRequest message"
9290
9291requires_gnutls_tls1_3
9292requires_gnutls_next_no_ticket
9293requires_gnutls_next_disable_tls13_compat
9294requires_config_enabled MBEDTLS_SSL_CLI_C
9295requires_config_enabled MBEDTLS_DEBUG_C
9296requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9297requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9298run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
9299 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
9300 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
9301 0 \
9302 -c "HTTP/1.0 200 OK" \
9303 -c "Protocol is TLSv1.3" \
9304 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9305 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9306 -c "NamedGroup: ffdhe8192 ( 104 )" \
9307 -c "Verifying peer X.509 certificate... ok" \
9308 -C "received HelloRetryRequest message"
9309
9310requires_gnutls_tls1_3
9311requires_gnutls_next_no_ticket
9312requires_gnutls_next_disable_tls13_compat
9313requires_config_enabled MBEDTLS_SSL_CLI_C
9314requires_config_enabled MBEDTLS_DEBUG_C
9315requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9316requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9317requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9318run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
9319 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
9320 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
9321 0 \
9322 -c "HTTP/1.0 200 OK" \
9323 -c "Protocol is TLSv1.3" \
9324 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9325 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9326 -c "NamedGroup: ffdhe8192 ( 104 )" \
9327 -c "Verifying peer X.509 certificate... ok" \
9328 -C "received HelloRetryRequest message"
9329
9330requires_gnutls_tls1_3
9331requires_gnutls_next_no_ticket
9332requires_gnutls_next_disable_tls13_compat
9333requires_config_enabled MBEDTLS_SSL_CLI_C
9334requires_config_enabled MBEDTLS_DEBUG_C
9335requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9336requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9337requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9338run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9339 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9340 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9341 0 \
9342 -c "HTTP/1.0 200 OK" \
9343 -c "Protocol is TLSv1.3" \
9344 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9345 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9346 -c "NamedGroup: secp256r1 ( 17 )" \
9347 -c "Verifying peer X.509 certificate... ok" \
9348 -C "received HelloRetryRequest message"
9349
9350requires_gnutls_tls1_3
9351requires_gnutls_next_no_ticket
9352requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9353requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9354requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9355requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9356requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9357requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9358run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9359 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9360 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9361 0 \
9362 -c "HTTP/1.0 200 OK" \
9363 -c "Protocol is TLSv1.3" \
9364 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9365 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9366 -c "NamedGroup: secp256r1 ( 17 )" \
9367 -c "Verifying peer X.509 certificate... ok" \
9368 -C "received HelloRetryRequest message"
9369
9370requires_gnutls_tls1_3
9371requires_gnutls_next_no_ticket
9372requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9373requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9374requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9375requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9376requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9377requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9378run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9379 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9380 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9381 0 \
9382 -c "HTTP/1.0 200 OK" \
9383 -c "Protocol is TLSv1.3" \
9384 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9385 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9386 -c "NamedGroup: secp256r1 ( 17 )" \
9387 -c "Verifying peer X.509 certificate... ok" \
9388 -C "received HelloRetryRequest message"
9389
9390requires_gnutls_tls1_3
9391requires_gnutls_next_no_ticket
9392requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9393requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9394requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9395requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9396requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9397requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9398requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9399run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9400 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9401 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9402 0 \
9403 -c "HTTP/1.0 200 OK" \
9404 -c "Protocol is TLSv1.3" \
9405 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9406 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9407 -c "NamedGroup: secp256r1 ( 17 )" \
9408 -c "Verifying peer X.509 certificate... ok" \
9409 -C "received HelloRetryRequest message"
9410
9411requires_gnutls_tls1_3
9412requires_gnutls_next_no_ticket
9413requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9414requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9415requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9416requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9417requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9418requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9419run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9420 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9421 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9422 0 \
9423 -c "HTTP/1.0 200 OK" \
9424 -c "Protocol is TLSv1.3" \
9425 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9426 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9427 -c "NamedGroup: secp384r1 ( 18 )" \
9428 -c "Verifying peer X.509 certificate... ok" \
9429 -C "received HelloRetryRequest message"
9430
9431requires_gnutls_tls1_3
9432requires_gnutls_next_no_ticket
9433requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9434requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9435requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9436requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9437requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9438requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9439run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9440 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9441 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9442 0 \
9443 -c "HTTP/1.0 200 OK" \
9444 -c "Protocol is TLSv1.3" \
9445 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9446 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9447 -c "NamedGroup: secp384r1 ( 18 )" \
9448 -c "Verifying peer X.509 certificate... ok" \
9449 -C "received HelloRetryRequest message"
9450
9451requires_gnutls_tls1_3
9452requires_gnutls_next_no_ticket
9453requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9454requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9455requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9456requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9457requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9458requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9459run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9460 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9461 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9462 0 \
9463 -c "HTTP/1.0 200 OK" \
9464 -c "Protocol is TLSv1.3" \
9465 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9466 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9467 -c "NamedGroup: secp384r1 ( 18 )" \
9468 -c "Verifying peer X.509 certificate... ok" \
9469 -C "received HelloRetryRequest message"
9470
9471requires_gnutls_tls1_3
9472requires_gnutls_next_no_ticket
9473requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9474requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9475requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9476requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9477requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9478requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9479requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9480run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9481 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9482 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9483 0 \
9484 -c "HTTP/1.0 200 OK" \
9485 -c "Protocol is TLSv1.3" \
9486 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9487 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9488 -c "NamedGroup: secp384r1 ( 18 )" \
9489 -c "Verifying peer X.509 certificate... ok" \
9490 -C "received HelloRetryRequest message"
9491
9492requires_gnutls_tls1_3
9493requires_gnutls_next_no_ticket
9494requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9495requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9496requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9497requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9498requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9499requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9500run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9501 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9502 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9503 0 \
9504 -c "HTTP/1.0 200 OK" \
9505 -c "Protocol is TLSv1.3" \
9506 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9507 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9508 -c "NamedGroup: secp521r1 ( 19 )" \
9509 -c "Verifying peer X.509 certificate... ok" \
9510 -C "received HelloRetryRequest message"
9511
9512requires_gnutls_tls1_3
9513requires_gnutls_next_no_ticket
9514requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9515requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9516requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9517requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9518requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9519requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9520run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9521 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9522 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9523 0 \
9524 -c "HTTP/1.0 200 OK" \
9525 -c "Protocol is TLSv1.3" \
9526 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9527 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9528 -c "NamedGroup: secp521r1 ( 19 )" \
9529 -c "Verifying peer X.509 certificate... ok" \
9530 -C "received HelloRetryRequest message"
9531
9532requires_gnutls_tls1_3
9533requires_gnutls_next_no_ticket
9534requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9535requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9536requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9537requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9538requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9539requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9540run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9541 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9542 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9543 0 \
9544 -c "HTTP/1.0 200 OK" \
9545 -c "Protocol is TLSv1.3" \
9546 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9547 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9548 -c "NamedGroup: secp521r1 ( 19 )" \
9549 -c "Verifying peer X.509 certificate... ok" \
9550 -C "received HelloRetryRequest message"
9551
9552requires_gnutls_tls1_3
9553requires_gnutls_next_no_ticket
9554requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9555requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9556requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9557requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9558requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9559requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9560requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9561run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9562 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9563 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9564 0 \
9565 -c "HTTP/1.0 200 OK" \
9566 -c "Protocol is TLSv1.3" \
9567 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9568 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9569 -c "NamedGroup: secp521r1 ( 19 )" \
9570 -c "Verifying peer X.509 certificate... ok" \
9571 -C "received HelloRetryRequest message"
9572
9573requires_gnutls_tls1_3
9574requires_gnutls_next_no_ticket
9575requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9576requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9577requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9578requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9579requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9580requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9581run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9582 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9583 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9584 0 \
9585 -c "HTTP/1.0 200 OK" \
9586 -c "Protocol is TLSv1.3" \
9587 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9588 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9589 -c "NamedGroup: x25519 ( 1d )" \
9590 -c "Verifying peer X.509 certificate... ok" \
9591 -C "received HelloRetryRequest message"
9592
9593requires_gnutls_tls1_3
9594requires_gnutls_next_no_ticket
9595requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9596requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9597requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9598requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9599requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9600requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9601run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9602 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9603 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9604 0 \
9605 -c "HTTP/1.0 200 OK" \
9606 -c "Protocol is TLSv1.3" \
9607 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9608 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9609 -c "NamedGroup: x25519 ( 1d )" \
9610 -c "Verifying peer X.509 certificate... ok" \
9611 -C "received HelloRetryRequest message"
9612
9613requires_gnutls_tls1_3
9614requires_gnutls_next_no_ticket
9615requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9616requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9617requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9618requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9619requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9620requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9621run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9622 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9623 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9624 0 \
9625 -c "HTTP/1.0 200 OK" \
9626 -c "Protocol is TLSv1.3" \
9627 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9628 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9629 -c "NamedGroup: x25519 ( 1d )" \
9630 -c "Verifying peer X.509 certificate... ok" \
9631 -C "received HelloRetryRequest message"
9632
9633requires_gnutls_tls1_3
9634requires_gnutls_next_no_ticket
9635requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9636requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9637requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9638requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9639requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9640requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9641requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9642run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9643 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9644 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9645 0 \
9646 -c "HTTP/1.0 200 OK" \
9647 -c "Protocol is TLSv1.3" \
9648 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9649 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9650 -c "NamedGroup: x25519 ( 1d )" \
9651 -c "Verifying peer X.509 certificate... ok" \
9652 -C "received HelloRetryRequest message"
9653
9654requires_gnutls_tls1_3
9655requires_gnutls_next_no_ticket
9656requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9657requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9658requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9659requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9660requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9661requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9662run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9663 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9664 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9665 0 \
9666 -c "HTTP/1.0 200 OK" \
9667 -c "Protocol is TLSv1.3" \
9668 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9669 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9670 -c "NamedGroup: x448 ( 1e )" \
9671 -c "Verifying peer X.509 certificate... ok" \
9672 -C "received HelloRetryRequest message"
9673
9674requires_gnutls_tls1_3
9675requires_gnutls_next_no_ticket
9676requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9677requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9678requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9679requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9680requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9681requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9682run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9683 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9684 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9685 0 \
9686 -c "HTTP/1.0 200 OK" \
9687 -c "Protocol is TLSv1.3" \
9688 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9689 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9690 -c "NamedGroup: x448 ( 1e )" \
9691 -c "Verifying peer X.509 certificate... ok" \
9692 -C "received HelloRetryRequest message"
9693
9694requires_gnutls_tls1_3
9695requires_gnutls_next_no_ticket
9696requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9697requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9698requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9699requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9700requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9701requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9702run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9703 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9704 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9705 0 \
9706 -c "HTTP/1.0 200 OK" \
9707 -c "Protocol is TLSv1.3" \
9708 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9709 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9710 -c "NamedGroup: x448 ( 1e )" \
9711 -c "Verifying peer X.509 certificate... ok" \
9712 -C "received HelloRetryRequest message"
9713
9714requires_gnutls_tls1_3
9715requires_gnutls_next_no_ticket
9716requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9717requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9718requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9719requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9720requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9721requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9722requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9723run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9724 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9725 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9726 0 \
9727 -c "HTTP/1.0 200 OK" \
9728 -c "Protocol is TLSv1.3" \
9729 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9730 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9731 -c "NamedGroup: x448 ( 1e )" \
9732 -c "Verifying peer X.509 certificate... ok" \
9733 -C "received HelloRetryRequest message"
9734
9735requires_gnutls_tls1_3
9736requires_gnutls_next_no_ticket
9737requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9738requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9739requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9740requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9741requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9742run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
9743 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9744 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
9745 0 \
9746 -c "HTTP/1.0 200 OK" \
9747 -c "Protocol is TLSv1.3" \
9748 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9749 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9750 -c "NamedGroup: ffdhe2048 ( 100 )" \
9751 -c "Verifying peer X.509 certificate... ok" \
9752 -C "received HelloRetryRequest message"
9753
9754requires_gnutls_tls1_3
9755requires_gnutls_next_no_ticket
9756requires_gnutls_next_disable_tls13_compat
9757requires_config_enabled MBEDTLS_SSL_CLI_C
9758requires_config_enabled MBEDTLS_DEBUG_C
9759requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9760requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9761run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
9762 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9763 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
9764 0 \
9765 -c "HTTP/1.0 200 OK" \
9766 -c "Protocol is TLSv1.3" \
9767 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9768 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9769 -c "NamedGroup: ffdhe2048 ( 100 )" \
9770 -c "Verifying peer X.509 certificate... ok" \
9771 -C "received HelloRetryRequest message"
9772
9773requires_gnutls_tls1_3
9774requires_gnutls_next_no_ticket
9775requires_gnutls_next_disable_tls13_compat
9776requires_config_enabled MBEDTLS_SSL_CLI_C
9777requires_config_enabled MBEDTLS_DEBUG_C
9778requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9779requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9780run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
9781 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9782 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
9783 0 \
9784 -c "HTTP/1.0 200 OK" \
9785 -c "Protocol is TLSv1.3" \
9786 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9787 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9788 -c "NamedGroup: ffdhe2048 ( 100 )" \
9789 -c "Verifying peer X.509 certificate... ok" \
9790 -C "received HelloRetryRequest message"
9791
9792requires_gnutls_tls1_3
9793requires_gnutls_next_no_ticket
9794requires_gnutls_next_disable_tls13_compat
9795requires_config_enabled MBEDTLS_SSL_CLI_C
9796requires_config_enabled MBEDTLS_DEBUG_C
9797requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9798requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9799requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9800run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
9801 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9802 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
9803 0 \
9804 -c "HTTP/1.0 200 OK" \
9805 -c "Protocol is TLSv1.3" \
9806 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9807 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9808 -c "NamedGroup: ffdhe2048 ( 100 )" \
9809 -c "Verifying peer X.509 certificate... ok" \
9810 -C "received HelloRetryRequest message"
9811
9812requires_gnutls_tls1_3
9813requires_gnutls_next_no_ticket
9814requires_gnutls_next_disable_tls13_compat
9815requires_config_enabled MBEDTLS_SSL_CLI_C
9816requires_config_enabled MBEDTLS_DEBUG_C
9817requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9818requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9819run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
9820 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
9821 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
9822 0 \
9823 -c "HTTP/1.0 200 OK" \
9824 -c "Protocol is TLSv1.3" \
9825 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9826 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9827 -c "NamedGroup: ffdhe8192 ( 104 )" \
9828 -c "Verifying peer X.509 certificate... ok" \
9829 -C "received HelloRetryRequest message"
9830
9831requires_gnutls_tls1_3
9832requires_gnutls_next_no_ticket
9833requires_gnutls_next_disable_tls13_compat
9834requires_config_enabled MBEDTLS_SSL_CLI_C
9835requires_config_enabled MBEDTLS_DEBUG_C
9836requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9837requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9838run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
9839 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
9840 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
9841 0 \
9842 -c "HTTP/1.0 200 OK" \
9843 -c "Protocol is TLSv1.3" \
9844 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9845 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9846 -c "NamedGroup: ffdhe8192 ( 104 )" \
9847 -c "Verifying peer X.509 certificate... ok" \
9848 -C "received HelloRetryRequest message"
9849
9850requires_gnutls_tls1_3
9851requires_gnutls_next_no_ticket
9852requires_gnutls_next_disable_tls13_compat
9853requires_config_enabled MBEDTLS_SSL_CLI_C
9854requires_config_enabled MBEDTLS_DEBUG_C
9855requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9856requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9857run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
9858 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
9859 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
9860 0 \
9861 -c "HTTP/1.0 200 OK" \
9862 -c "Protocol is TLSv1.3" \
9863 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9864 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9865 -c "NamedGroup: ffdhe8192 ( 104 )" \
9866 -c "Verifying peer X.509 certificate... ok" \
9867 -C "received HelloRetryRequest message"
9868
9869requires_gnutls_tls1_3
9870requires_gnutls_next_no_ticket
9871requires_gnutls_next_disable_tls13_compat
9872requires_config_enabled MBEDTLS_SSL_CLI_C
9873requires_config_enabled MBEDTLS_DEBUG_C
9874requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9875requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9876requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9877run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
9878 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
9879 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
9880 0 \
9881 -c "HTTP/1.0 200 OK" \
9882 -c "Protocol is TLSv1.3" \
9883 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9884 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9885 -c "NamedGroup: ffdhe8192 ( 104 )" \
9886 -c "Verifying peer X.509 certificate... ok" \
9887 -C "received HelloRetryRequest message"
9888
9889requires_gnutls_tls1_3
9890requires_gnutls_next_no_ticket
9891requires_gnutls_next_disable_tls13_compat
9892requires_config_enabled MBEDTLS_SSL_CLI_C
9893requires_config_enabled MBEDTLS_DEBUG_C
9894requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9895requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9896requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9897run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9898 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9899 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9900 0 \
9901 -c "HTTP/1.0 200 OK" \
9902 -c "Protocol is TLSv1.3" \
9903 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9904 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9905 -c "NamedGroup: secp256r1 ( 17 )" \
9906 -c "Verifying peer X.509 certificate... ok" \
9907 -C "received HelloRetryRequest message"
9908
9909requires_gnutls_tls1_3
9910requires_gnutls_next_no_ticket
9911requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9912requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9913requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9914requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9915requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9916requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9917run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9918 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9919 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9920 0 \
9921 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9922 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9923 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9924 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9925 -c "NamedGroup: secp256r1 ( 17 )" \
9926 -c "Verifying peer X.509 certificate... ok" \
9927 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9928
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9929requires_gnutls_tls1_3
9930requires_gnutls_next_no_ticket
9931requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9932requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9933requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9934requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9935requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9936requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9937run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9938 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9939 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9940 0 \
9941 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9942 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9943 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9944 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9945 -c "NamedGroup: secp256r1 ( 17 )" \
9946 -c "Verifying peer X.509 certificate... ok" \
9947 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9948
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9949requires_gnutls_tls1_3
9950requires_gnutls_next_no_ticket
9951requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9952requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9953requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9954requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9955requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9956requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9957requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9958run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9959 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9960 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9961 0 \
9962 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9963 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9964 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9965 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9966 -c "NamedGroup: secp256r1 ( 17 )" \
9967 -c "Verifying peer X.509 certificate... ok" \
9968 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9969
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9970requires_gnutls_tls1_3
9971requires_gnutls_next_no_ticket
9972requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9973requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9974requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9975requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9976requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9977requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9978run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9979 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9980 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9981 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9982 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9983 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9984 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9985 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9986 -c "NamedGroup: secp384r1 ( 18 )" \
9987 -c "Verifying peer X.509 certificate... ok" \
9988 -C "received HelloRetryRequest message"
9989
9990requires_gnutls_tls1_3
9991requires_gnutls_next_no_ticket
9992requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9993requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9994requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9995requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9996requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]9997requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9998run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9999 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10000 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10001 0 \
10002 -c "HTTP/1.0 200 OK" \
10003 -c "Protocol is TLSv1.3" \
10004 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10005 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10006 -c "NamedGroup: secp384r1 ( 18 )" \
10007 -c "Verifying peer X.509 certificate... ok" \
10008 -C "received HelloRetryRequest message"
10009
10010requires_gnutls_tls1_3
10011requires_gnutls_next_no_ticket
10012requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10013requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10014requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10015requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10016requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10017requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10018run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10019 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10020 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10021 0 \
10022 -c "HTTP/1.0 200 OK" \
10023 -c "Protocol is TLSv1.3" \
10024 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10025 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]10026 -c "NamedGroup: secp384r1 ( 18 )" \
10027 -c "Verifying peer X.509 certificate... ok" \
10028 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]10029
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10030requires_gnutls_tls1_3
10031requires_gnutls_next_no_ticket
10032requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10033requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10034requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10035requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]10036requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10037requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10038requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10039run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10040 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10041 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10042 0 \
10043 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]10044 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10045 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10046 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]10047 -c "NamedGroup: secp384r1 ( 18 )" \
10048 -c "Verifying peer X.509 certificate... ok" \
10049 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]10050
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10051requires_gnutls_tls1_3
10052requires_gnutls_next_no_ticket
10053requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10054requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10055requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10056requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]10057requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10058requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10059run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10060 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10061 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10062 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10063 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]10064 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10065 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10066 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10067 -c "NamedGroup: secp521r1 ( 19 )" \
10068 -c "Verifying peer X.509 certificate... ok" \
10069 -C "received HelloRetryRequest message"
10070
10071requires_gnutls_tls1_3
10072requires_gnutls_next_no_ticket
10073requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10074requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10075requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10076requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10077requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10078requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10079run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10080 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10081 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10082 0 \
10083 -c "HTTP/1.0 200 OK" \
10084 -c "Protocol is TLSv1.3" \
10085 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10086 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10087 -c "NamedGroup: secp521r1 ( 19 )" \
10088 -c "Verifying peer X.509 certificate... ok" \
10089 -C "received HelloRetryRequest message"
10090
10091requires_gnutls_tls1_3
10092requires_gnutls_next_no_ticket
10093requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10094requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10095requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10096requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10097requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10098requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10099run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10100 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10101 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10102 0 \
10103 -c "HTTP/1.0 200 OK" \
10104 -c "Protocol is TLSv1.3" \
10105 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10106 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]10107 -c "NamedGroup: secp521r1 ( 19 )" \
10108 -c "Verifying peer X.509 certificate... ok" \
10109 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]10110
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10111requires_gnutls_tls1_3
10112requires_gnutls_next_no_ticket
10113requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10114requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10115requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10116requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]10117requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10118requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10119requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10120run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10121 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10122 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10123 0 \
10124 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]10125 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10126 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10127 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]10128 -c "NamedGroup: secp521r1 ( 19 )" \
10129 -c "Verifying peer X.509 certificate... ok" \
10130 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]10131
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10132requires_gnutls_tls1_3
10133requires_gnutls_next_no_ticket
10134requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10135requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10136requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10137requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]10138requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10139requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10140run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10141 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10142 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10143 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10144 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]10145 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10146 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10147 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10148 -c "NamedGroup: x25519 ( 1d )" \
10149 -c "Verifying peer X.509 certificate... ok" \
10150 -C "received HelloRetryRequest message"
10151
10152requires_gnutls_tls1_3
10153requires_gnutls_next_no_ticket
10154requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10155requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10156requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10157requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10158requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10159requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10160run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10161 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10162 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10163 0 \
10164 -c "HTTP/1.0 200 OK" \
10165 -c "Protocol is TLSv1.3" \
10166 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10167 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10168 -c "NamedGroup: x25519 ( 1d )" \
10169 -c "Verifying peer X.509 certificate... ok" \
10170 -C "received HelloRetryRequest message"
10171
10172requires_gnutls_tls1_3
10173requires_gnutls_next_no_ticket
10174requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10175requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10176requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10177requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10178requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10179requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10180run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10181 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10182 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10183 0 \
10184 -c "HTTP/1.0 200 OK" \
10185 -c "Protocol is TLSv1.3" \
10186 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10187 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]10188 -c "NamedGroup: x25519 ( 1d )" \
10189 -c "Verifying peer X.509 certificate... ok" \
10190 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]10191
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10192requires_gnutls_tls1_3
10193requires_gnutls_next_no_ticket
10194requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10195requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10196requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10197requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]10198requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10199requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10200requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10201run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10202 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10203 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10204 0 \
10205 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]10206 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10207 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10208 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]10209 -c "NamedGroup: x25519 ( 1d )" \
10210 -c "Verifying peer X.509 certificate... ok" \
10211 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]10212
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10213requires_gnutls_tls1_3
10214requires_gnutls_next_no_ticket
10215requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10216requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10217requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10218requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]10219requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10220requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10221run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10222 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10223 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10224 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10225 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]10226 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10227 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10228 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10229 -c "NamedGroup: x448 ( 1e )" \
10230 -c "Verifying peer X.509 certificate... ok" \
10231 -C "received HelloRetryRequest message"
10232
10233requires_gnutls_tls1_3
10234requires_gnutls_next_no_ticket
10235requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10236requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10237requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10238requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10239requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10240requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10241run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10242 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10243 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10244 0 \
10245 -c "HTTP/1.0 200 OK" \
10246 -c "Protocol is TLSv1.3" \
10247 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10248 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10249 -c "NamedGroup: x448 ( 1e )" \
10250 -c "Verifying peer X.509 certificate... ok" \
10251 -C "received HelloRetryRequest message"
10252
10253requires_gnutls_tls1_3
10254requires_gnutls_next_no_ticket
10255requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10256requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10257requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10258requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10259requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10260requires_config_enabled MBEDTLS_ECDH_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10261run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10262 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10263 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10264 0 \
10265 -c "HTTP/1.0 200 OK" \
10266 -c "Protocol is TLSv1.3" \
10267 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10268 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]10269 -c "NamedGroup: x448 ( 1e )" \
10270 -c "Verifying peer X.509 certificate... ok" \
10271 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]10272
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10273requires_gnutls_tls1_3
10274requires_gnutls_next_no_ticket
10275requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10276requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10277requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10278requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]10279requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10280requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10281requires_config_enabled MBEDTLS_ECDH_C
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10282run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10283 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10284 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10285 0 \
10286 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]10287 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10288 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]10289 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]10290 -c "NamedGroup: x448 ( 1e )" \
10291 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]10292 -C "received HelloRetryRequest message"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10293
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10294requires_gnutls_tls1_3
10295requires_gnutls_next_no_ticket
10296requires_gnutls_next_disable_tls13_compat
10297requires_config_enabled MBEDTLS_SSL_CLI_C
10298requires_config_enabled MBEDTLS_DEBUG_C
10299requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10300requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10301run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
10302 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
10303 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
10304 0 \
10305 -c "HTTP/1.0 200 OK" \
10306 -c "Protocol is TLSv1.3" \
10307 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10308 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10309 -c "NamedGroup: ffdhe2048 ( 100 )" \
10310 -c "Verifying peer X.509 certificate... ok" \
10311 -C "received HelloRetryRequest message"
10312
10313requires_gnutls_tls1_3
10314requires_gnutls_next_no_ticket
10315requires_gnutls_next_disable_tls13_compat
10316requires_config_enabled MBEDTLS_SSL_CLI_C
10317requires_config_enabled MBEDTLS_DEBUG_C
10318requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10319requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10320run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
10321 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
10322 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
10323 0 \
10324 -c "HTTP/1.0 200 OK" \
10325 -c "Protocol is TLSv1.3" \
10326 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10327 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10328 -c "NamedGroup: ffdhe2048 ( 100 )" \
10329 -c "Verifying peer X.509 certificate... ok" \
10330 -C "received HelloRetryRequest message"
10331
10332requires_gnutls_tls1_3
10333requires_gnutls_next_no_ticket
10334requires_gnutls_next_disable_tls13_compat
10335requires_config_enabled MBEDTLS_SSL_CLI_C
10336requires_config_enabled MBEDTLS_DEBUG_C
10337requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10338requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10339run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
10340 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
10341 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
10342 0 \
10343 -c "HTTP/1.0 200 OK" \
10344 -c "Protocol is TLSv1.3" \
10345 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10346 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10347 -c "NamedGroup: ffdhe2048 ( 100 )" \
10348 -c "Verifying peer X.509 certificate... ok" \
10349 -C "received HelloRetryRequest message"
10350
10351requires_gnutls_tls1_3
10352requires_gnutls_next_no_ticket
10353requires_gnutls_next_disable_tls13_compat
10354requires_config_enabled MBEDTLS_SSL_CLI_C
10355requires_config_enabled MBEDTLS_DEBUG_C
10356requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10357requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10358requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10359run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
10360 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
10361 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
10362 0 \
10363 -c "HTTP/1.0 200 OK" \
10364 -c "Protocol is TLSv1.3" \
10365 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10366 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10367 -c "NamedGroup: ffdhe2048 ( 100 )" \
10368 -c "Verifying peer X.509 certificate... ok" \
10369 -C "received HelloRetryRequest message"
10370
10371requires_gnutls_tls1_3
10372requires_gnutls_next_no_ticket
10373requires_gnutls_next_disable_tls13_compat
10374requires_config_enabled MBEDTLS_SSL_CLI_C
10375requires_config_enabled MBEDTLS_DEBUG_C
10376requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10377requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10378run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
10379 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
10380 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
10381 0 \
10382 -c "HTTP/1.0 200 OK" \
10383 -c "Protocol is TLSv1.3" \
10384 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10385 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10386 -c "NamedGroup: ffdhe8192 ( 104 )" \
10387 -c "Verifying peer X.509 certificate... ok" \
10388 -C "received HelloRetryRequest message"
10389
10390requires_gnutls_tls1_3
10391requires_gnutls_next_no_ticket
10392requires_gnutls_next_disable_tls13_compat
10393requires_config_enabled MBEDTLS_SSL_CLI_C
10394requires_config_enabled MBEDTLS_DEBUG_C
10395requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10396requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10397run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
10398 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
10399 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
10400 0 \
10401 -c "HTTP/1.0 200 OK" \
10402 -c "Protocol is TLSv1.3" \
10403 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10404 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10405 -c "NamedGroup: ffdhe8192 ( 104 )" \
10406 -c "Verifying peer X.509 certificate... ok" \
10407 -C "received HelloRetryRequest message"
10408
10409requires_gnutls_tls1_3
10410requires_gnutls_next_no_ticket
10411requires_gnutls_next_disable_tls13_compat
10412requires_config_enabled MBEDTLS_SSL_CLI_C
10413requires_config_enabled MBEDTLS_DEBUG_C
10414requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10415requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10416run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
10417 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
10418 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
10419 0 \
10420 -c "HTTP/1.0 200 OK" \
10421 -c "Protocol is TLSv1.3" \
10422 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10423 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10424 -c "NamedGroup: ffdhe8192 ( 104 )" \
10425 -c "Verifying peer X.509 certificate... ok" \
10426 -C "received HelloRetryRequest message"
10427
10428requires_gnutls_tls1_3
10429requires_gnutls_next_no_ticket
10430requires_gnutls_next_disable_tls13_compat
10431requires_config_enabled MBEDTLS_SSL_CLI_C
10432requires_config_enabled MBEDTLS_DEBUG_C
10433requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10434requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10435requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10436run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
10437 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
10438 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
10439 0 \
10440 -c "HTTP/1.0 200 OK" \
10441 -c "Protocol is TLSv1.3" \
10442 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10443 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10444 -c "NamedGroup: ffdhe8192 ( 104 )" \
10445 -c "Verifying peer X.509 certificate... ok" \
10446 -C "received HelloRetryRequest message"
10447
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10448requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10449requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10450requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10451requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10452requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10453requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10454requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10455requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10456requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10457requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10458run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10459 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10460 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10461 0 \
10462 -s "Protocol is TLSv1.3" \
10463 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10464 -s "received signature algorithm: 0x403" \
10465 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10466 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10467 -c "Protocol is TLSv1.3" \
10468 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10469 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10470 -c "NamedGroup: secp256r1 ( 17 )" \
10471 -c "Verifying peer X.509 certificate... ok" \
10472 -C "received HelloRetryRequest message"
10473
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10474requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10475requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10476requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10477requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10478requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10479requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10480requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10481requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10482requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10483requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10484run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10485 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10486 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10487 0 \
10488 -s "Protocol is TLSv1.3" \
10489 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10490 -s "received signature algorithm: 0x503" \
10491 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10492 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10493 -c "Protocol is TLSv1.3" \
10494 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10495 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10496 -c "NamedGroup: secp256r1 ( 17 )" \
10497 -c "Verifying peer X.509 certificate... ok" \
10498 -C "received HelloRetryRequest message"
10499
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10500requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10501requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10502requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10503requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10504requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10505requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10506requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10507requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10508requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10509requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10510run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10511 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10512 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10513 0 \
10514 -s "Protocol is TLSv1.3" \
10515 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10516 -s "received signature algorithm: 0x603" \
10517 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10518 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10519 -c "Protocol is TLSv1.3" \
10520 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10521 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10522 -c "NamedGroup: secp256r1 ( 17 )" \
10523 -c "Verifying peer X.509 certificate... ok" \
10524 -C "received HelloRetryRequest message"
10525
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10526requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10527requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10528requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10529requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10530requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10531requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10532requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10533requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10534requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10535requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10536requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10537requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10538run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10539 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10540 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10541 0 \
10542 -s "Protocol is TLSv1.3" \
10543 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10544 -s "received signature algorithm: 0x804" \
10545 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10546 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10547 -c "Protocol is TLSv1.3" \
10548 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10549 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10550 -c "NamedGroup: secp256r1 ( 17 )" \
10551 -c "Verifying peer X.509 certificate... ok" \
10552 -C "received HelloRetryRequest message"
10553
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10554requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10555requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10556requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10557requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10558requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10559requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10560requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10561requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10562requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10563requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10564run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10565 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10566 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10567 0 \
10568 -s "Protocol is TLSv1.3" \
10569 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10570 -s "received signature algorithm: 0x403" \
10571 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10572 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10573 -c "Protocol is TLSv1.3" \
10574 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10575 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10576 -c "NamedGroup: secp384r1 ( 18 )" \
10577 -c "Verifying peer X.509 certificate... ok" \
10578 -C "received HelloRetryRequest message"
10579
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10580requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10581requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10582requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10583requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10584requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10585requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10586requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10587requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10588requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10589requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10590run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10591 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10592 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10593 0 \
10594 -s "Protocol is TLSv1.3" \
10595 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10596 -s "received signature algorithm: 0x503" \
10597 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10598 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10599 -c "Protocol is TLSv1.3" \
10600 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10601 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10602 -c "NamedGroup: secp384r1 ( 18 )" \
10603 -c "Verifying peer X.509 certificate... ok" \
10604 -C "received HelloRetryRequest message"
10605
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10606requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10607requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10608requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10609requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10610requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10611requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10612requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10613requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10614requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10615requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10616run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10617 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10618 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10619 0 \
10620 -s "Protocol is TLSv1.3" \
10621 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10622 -s "received signature algorithm: 0x603" \
10623 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10624 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10625 -c "Protocol is TLSv1.3" \
10626 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10627 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10628 -c "NamedGroup: secp384r1 ( 18 )" \
10629 -c "Verifying peer X.509 certificate... ok" \
10630 -C "received HelloRetryRequest message"
10631
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10632requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10633requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10634requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10635requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10636requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10637requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10638requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10639requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10640requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10641requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10642requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10643requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10644run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10645 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10646 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10647 0 \
10648 -s "Protocol is TLSv1.3" \
10649 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10650 -s "received signature algorithm: 0x804" \
10651 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10652 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10653 -c "Protocol is TLSv1.3" \
10654 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10655 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10656 -c "NamedGroup: secp384r1 ( 18 )" \
10657 -c "Verifying peer X.509 certificate... ok" \
10658 -C "received HelloRetryRequest message"
10659
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10660requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10661requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10662requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10663requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10664requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10665requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10666requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10667requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10668requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10669requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10670run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10671 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10672 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10673 0 \
10674 -s "Protocol is TLSv1.3" \
10675 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10676 -s "received signature algorithm: 0x403" \
10677 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10678 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10679 -c "Protocol is TLSv1.3" \
10680 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10681 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10682 -c "NamedGroup: secp521r1 ( 19 )" \
10683 -c "Verifying peer X.509 certificate... ok" \
10684 -C "received HelloRetryRequest message"
10685
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10686requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10687requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10688requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10689requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10690requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10691requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10692requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10693requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10694requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10695requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10696run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10697 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10698 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10699 0 \
10700 -s "Protocol is TLSv1.3" \
10701 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10702 -s "received signature algorithm: 0x503" \
10703 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10704 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10705 -c "Protocol is TLSv1.3" \
10706 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10707 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10708 -c "NamedGroup: secp521r1 ( 19 )" \
10709 -c "Verifying peer X.509 certificate... ok" \
10710 -C "received HelloRetryRequest message"
10711
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10712requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10713requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10714requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10715requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10716requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10717requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10718requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10719requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10720requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10721requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10722run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10723 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10724 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10725 0 \
10726 -s "Protocol is TLSv1.3" \
10727 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10728 -s "received signature algorithm: 0x603" \
10729 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10730 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10731 -c "Protocol is TLSv1.3" \
10732 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10733 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10734 -c "NamedGroup: secp521r1 ( 19 )" \
10735 -c "Verifying peer X.509 certificate... ok" \
10736 -C "received HelloRetryRequest message"
10737
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10738requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10739requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10740requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10741requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10742requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10743requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10744requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10745requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10746requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10747requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10748requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10749requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10750run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10751 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10752 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10753 0 \
10754 -s "Protocol is TLSv1.3" \
10755 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10756 -s "received signature algorithm: 0x804" \
10757 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10758 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10759 -c "Protocol is TLSv1.3" \
10760 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10761 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10762 -c "NamedGroup: secp521r1 ( 19 )" \
10763 -c "Verifying peer X.509 certificate... ok" \
10764 -C "received HelloRetryRequest message"
10765
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10766requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10767requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10768requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10769requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10770requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10771requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10772requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10773requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10774requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10775requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10776run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10777 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10778 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10779 0 \
10780 -s "Protocol is TLSv1.3" \
10781 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10782 -s "received signature algorithm: 0x403" \
10783 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10784 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10785 -c "Protocol is TLSv1.3" \
10786 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10787 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10788 -c "NamedGroup: x25519 ( 1d )" \
10789 -c "Verifying peer X.509 certificate... ok" \
10790 -C "received HelloRetryRequest message"
10791
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10792requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10793requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10794requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10795requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10796requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10797requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10798requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10799requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10800requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10801requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10802run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10803 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10804 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10805 0 \
10806 -s "Protocol is TLSv1.3" \
10807 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10808 -s "received signature algorithm: 0x503" \
10809 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10810 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10811 -c "Protocol is TLSv1.3" \
10812 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10813 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10814 -c "NamedGroup: x25519 ( 1d )" \
10815 -c "Verifying peer X.509 certificate... ok" \
10816 -C "received HelloRetryRequest message"
10817
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10818requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10819requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10820requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10821requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10822requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10823requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10824requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10825requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10826requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10827requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10828run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10829 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10830 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10831 0 \
10832 -s "Protocol is TLSv1.3" \
10833 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10834 -s "received signature algorithm: 0x603" \
10835 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10836 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10837 -c "Protocol is TLSv1.3" \
10838 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10839 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10840 -c "NamedGroup: x25519 ( 1d )" \
10841 -c "Verifying peer X.509 certificate... ok" \
10842 -C "received HelloRetryRequest message"
10843
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10844requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10845requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10846requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10847requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10848requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10849requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10850requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10851requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10852requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10853requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10854requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10855requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10856run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10857 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10858 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10859 0 \
10860 -s "Protocol is TLSv1.3" \
10861 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10862 -s "received signature algorithm: 0x804" \
10863 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10864 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10865 -c "Protocol is TLSv1.3" \
10866 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10867 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10868 -c "NamedGroup: x25519 ( 1d )" \
10869 -c "Verifying peer X.509 certificate... ok" \
10870 -C "received HelloRetryRequest message"
10871
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10872requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10873requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10874requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10875requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10876requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10877requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10878requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10879requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10880requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10881requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10882run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10883 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10884 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10885 0 \
10886 -s "Protocol is TLSv1.3" \
10887 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10888 -s "received signature algorithm: 0x403" \
10889 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10890 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10891 -c "Protocol is TLSv1.3" \
10892 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10893 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10894 -c "NamedGroup: x448 ( 1e )" \
10895 -c "Verifying peer X.509 certificate... ok" \
10896 -C "received HelloRetryRequest message"
10897
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10898requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10899requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10900requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10901requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10902requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10903requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10904requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10905requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10906requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10907requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10908run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10909 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10910 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10911 0 \
10912 -s "Protocol is TLSv1.3" \
10913 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10914 -s "received signature algorithm: 0x503" \
10915 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10916 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10917 -c "Protocol is TLSv1.3" \
10918 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10919 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10920 -c "NamedGroup: x448 ( 1e )" \
10921 -c "Verifying peer X.509 certificate... ok" \
10922 -C "received HelloRetryRequest message"
10923
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10924requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10925requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10926requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10927requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10928requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10929requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10930requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10931requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10932requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10933requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10934run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10935 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10936 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10937 0 \
10938 -s "Protocol is TLSv1.3" \
10939 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10940 -s "received signature algorithm: 0x603" \
10941 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10942 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10943 -c "Protocol is TLSv1.3" \
10944 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10945 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10946 -c "NamedGroup: x448 ( 1e )" \
10947 -c "Verifying peer X.509 certificate... ok" \
10948 -C "received HelloRetryRequest message"
10949
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10950requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10951requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10952requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10953requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10954requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10955requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10956requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10957requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10958requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10959requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10960requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]10961requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10962run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10963 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10964 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10965 0 \
10966 -s "Protocol is TLSv1.3" \
10967 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10968 -s "received signature algorithm: 0x804" \
10969 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10970 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10971 -c "Protocol is TLSv1.3" \
10972 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10973 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10974 -c "NamedGroup: x448 ( 1e )" \
10975 -c "Verifying peer X.509 certificate... ok" \
10976 -C "received HelloRetryRequest message"
10977
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10978requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10979requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10980requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10981requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10982requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10983requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10984requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10985requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10986run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
10987 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10988 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
10989 0 \
10990 -s "Protocol is TLSv1.3" \
10991 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
10992 -s "received signature algorithm: 0x403" \
10993 -s "got named group: ffdhe2048(0100)" \
10994 -s "Certificate verification was skipped" \
10995 -c "Protocol is TLSv1.3" \
10996 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10997 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10998 -c "NamedGroup: ffdhe2048 ( 100 )" \
10999 -c "Verifying peer X.509 certificate... ok" \
11000 -C "received HelloRetryRequest message"
11001
11002requires_config_enabled MBEDTLS_SSL_SRV_C
11003requires_config_enabled MBEDTLS_DEBUG_C
11004requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11005requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11006requires_config_enabled MBEDTLS_SSL_CLI_C
11007requires_config_enabled MBEDTLS_DEBUG_C
11008requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11009requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11010run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
11011 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11012 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
11013 0 \
11014 -s "Protocol is TLSv1.3" \
11015 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
11016 -s "received signature algorithm: 0x503" \
11017 -s "got named group: ffdhe2048(0100)" \
11018 -s "Certificate verification was skipped" \
11019 -c "Protocol is TLSv1.3" \
11020 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11021 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11022 -c "NamedGroup: ffdhe2048 ( 100 )" \
11023 -c "Verifying peer X.509 certificate... ok" \
11024 -C "received HelloRetryRequest message"
11025
11026requires_config_enabled MBEDTLS_SSL_SRV_C
11027requires_config_enabled MBEDTLS_DEBUG_C
11028requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11029requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11030requires_config_enabled MBEDTLS_SSL_CLI_C
11031requires_config_enabled MBEDTLS_DEBUG_C
11032requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11033requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11034run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
11035 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11036 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
11037 0 \
11038 -s "Protocol is TLSv1.3" \
11039 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
11040 -s "received signature algorithm: 0x603" \
11041 -s "got named group: ffdhe2048(0100)" \
11042 -s "Certificate verification was skipped" \
11043 -c "Protocol is TLSv1.3" \
11044 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11045 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11046 -c "NamedGroup: ffdhe2048 ( 100 )" \
11047 -c "Verifying peer X.509 certificate... ok" \
11048 -C "received HelloRetryRequest message"
11049
11050requires_config_enabled MBEDTLS_SSL_SRV_C
11051requires_config_enabled MBEDTLS_DEBUG_C
11052requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11053requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11054requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11055requires_config_enabled MBEDTLS_SSL_CLI_C
11056requires_config_enabled MBEDTLS_DEBUG_C
11057requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11058requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11059requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11060run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
11061 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11062 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
11063 0 \
11064 -s "Protocol is TLSv1.3" \
11065 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
11066 -s "received signature algorithm: 0x804" \
11067 -s "got named group: ffdhe2048(0100)" \
11068 -s "Certificate verification was skipped" \
11069 -c "Protocol is TLSv1.3" \
11070 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11071 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11072 -c "NamedGroup: ffdhe2048 ( 100 )" \
11073 -c "Verifying peer X.509 certificate... ok" \
11074 -C "received HelloRetryRequest message"
11075
11076requires_config_enabled MBEDTLS_SSL_SRV_C
11077requires_config_enabled MBEDTLS_DEBUG_C
11078requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11079requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11080requires_config_enabled MBEDTLS_SSL_CLI_C
11081requires_config_enabled MBEDTLS_DEBUG_C
11082requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11083requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11084run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
11085 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11086 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
11087 0 \
11088 -s "Protocol is TLSv1.3" \
11089 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
11090 -s "received signature algorithm: 0x403" \
11091 -s "got named group: ffdhe8192(0104)" \
11092 -s "Certificate verification was skipped" \
11093 -c "Protocol is TLSv1.3" \
11094 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11095 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11096 -c "NamedGroup: ffdhe8192 ( 104 )" \
11097 -c "Verifying peer X.509 certificate... ok" \
11098 -C "received HelloRetryRequest message"
11099
11100requires_config_enabled MBEDTLS_SSL_SRV_C
11101requires_config_enabled MBEDTLS_DEBUG_C
11102requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11103requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11104requires_config_enabled MBEDTLS_SSL_CLI_C
11105requires_config_enabled MBEDTLS_DEBUG_C
11106requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11107requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11108run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
11109 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11110 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
11111 0 \
11112 -s "Protocol is TLSv1.3" \
11113 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
11114 -s "received signature algorithm: 0x503" \
11115 -s "got named group: ffdhe8192(0104)" \
11116 -s "Certificate verification was skipped" \
11117 -c "Protocol is TLSv1.3" \
11118 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11119 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11120 -c "NamedGroup: ffdhe8192 ( 104 )" \
11121 -c "Verifying peer X.509 certificate... ok" \
11122 -C "received HelloRetryRequest message"
11123
11124requires_config_enabled MBEDTLS_SSL_SRV_C
11125requires_config_enabled MBEDTLS_DEBUG_C
11126requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11127requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11128requires_config_enabled MBEDTLS_SSL_CLI_C
11129requires_config_enabled MBEDTLS_DEBUG_C
11130requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11131requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11132run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
11133 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11134 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
11135 0 \
11136 -s "Protocol is TLSv1.3" \
11137 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
11138 -s "received signature algorithm: 0x603" \
11139 -s "got named group: ffdhe8192(0104)" \
11140 -s "Certificate verification was skipped" \
11141 -c "Protocol is TLSv1.3" \
11142 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11143 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11144 -c "NamedGroup: ffdhe8192 ( 104 )" \
11145 -c "Verifying peer X.509 certificate... ok" \
11146 -C "received HelloRetryRequest message"
11147
11148requires_config_enabled MBEDTLS_SSL_SRV_C
11149requires_config_enabled MBEDTLS_DEBUG_C
11150requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11151requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11152requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11153requires_config_enabled MBEDTLS_SSL_CLI_C
11154requires_config_enabled MBEDTLS_DEBUG_C
11155requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11156requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11157requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11158run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
11159 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11160 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
11161 0 \
11162 -s "Protocol is TLSv1.3" \
11163 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
11164 -s "received signature algorithm: 0x804" \
11165 -s "got named group: ffdhe8192(0104)" \
11166 -s "Certificate verification was skipped" \
11167 -c "Protocol is TLSv1.3" \
11168 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11169 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11170 -c "NamedGroup: ffdhe8192 ( 104 )" \
11171 -c "Verifying peer X.509 certificate... ok" \
11172 -C "received HelloRetryRequest message"
11173
11174requires_config_enabled MBEDTLS_SSL_SRV_C
11175requires_config_enabled MBEDTLS_DEBUG_C
11176requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11177requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11178requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11179requires_config_enabled MBEDTLS_SSL_CLI_C
11180requires_config_enabled MBEDTLS_DEBUG_C
11181requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11182requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11183requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11184run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11185 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11186 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11187 0 \
11188 -s "Protocol is TLSv1.3" \
11189 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11190 -s "received signature algorithm: 0x403" \
11191 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11192 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11193 -c "Protocol is TLSv1.3" \
11194 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11195 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11196 -c "NamedGroup: secp256r1 ( 17 )" \
11197 -c "Verifying peer X.509 certificate... ok" \
11198 -C "received HelloRetryRequest message"
11199
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11200requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11201requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11202requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11203requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11204requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11205requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11206requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11207requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11208requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11209requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11210run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11211 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11212 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11213 0 \
11214 -s "Protocol is TLSv1.3" \
11215 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11216 -s "received signature algorithm: 0x503" \
11217 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11218 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11219 -c "Protocol is TLSv1.3" \
11220 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11221 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11222 -c "NamedGroup: secp256r1 ( 17 )" \
11223 -c "Verifying peer X.509 certificate... ok" \
11224 -C "received HelloRetryRequest message"
11225
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11226requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11227requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11228requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11229requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11230requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11231requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11232requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11233requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11234requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11235requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11236run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11237 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11238 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11239 0 \
11240 -s "Protocol is TLSv1.3" \
11241 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11242 -s "received signature algorithm: 0x603" \
11243 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11244 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11245 -c "Protocol is TLSv1.3" \
11246 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11247 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11248 -c "NamedGroup: secp256r1 ( 17 )" \
11249 -c "Verifying peer X.509 certificate... ok" \
11250 -C "received HelloRetryRequest message"
11251
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11252requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11253requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11254requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11255requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11256requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11257requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11258requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11259requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11260requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11261requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11262requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11263requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11264run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11265 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11266 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11267 0 \
11268 -s "Protocol is TLSv1.3" \
11269 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11270 -s "received signature algorithm: 0x804" \
11271 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11272 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11273 -c "Protocol is TLSv1.3" \
11274 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11275 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11276 -c "NamedGroup: secp256r1 ( 17 )" \
11277 -c "Verifying peer X.509 certificate... ok" \
11278 -C "received HelloRetryRequest message"
11279
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11280requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11281requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11282requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11283requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11284requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11285requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11286requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11287requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11288requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11289requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11290run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11291 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11292 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11293 0 \
11294 -s "Protocol is TLSv1.3" \
11295 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11296 -s "received signature algorithm: 0x403" \
11297 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11298 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11299 -c "Protocol is TLSv1.3" \
11300 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11301 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11302 -c "NamedGroup: secp384r1 ( 18 )" \
11303 -c "Verifying peer X.509 certificate... ok" \
11304 -C "received HelloRetryRequest message"
11305
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11306requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11307requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11308requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11309requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11310requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11311requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11312requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11313requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11314requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11315requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11316run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11317 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11318 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11319 0 \
11320 -s "Protocol is TLSv1.3" \
11321 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11322 -s "received signature algorithm: 0x503" \
11323 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11324 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11325 -c "Protocol is TLSv1.3" \
11326 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11327 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11328 -c "NamedGroup: secp384r1 ( 18 )" \
11329 -c "Verifying peer X.509 certificate... ok" \
11330 -C "received HelloRetryRequest message"
11331
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11332requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11333requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11334requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11335requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11336requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11337requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11338requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11339requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11340requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11341requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11342run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11343 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11344 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11345 0 \
11346 -s "Protocol is TLSv1.3" \
11347 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11348 -s "received signature algorithm: 0x603" \
11349 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11350 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11351 -c "Protocol is TLSv1.3" \
11352 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11353 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11354 -c "NamedGroup: secp384r1 ( 18 )" \
11355 -c "Verifying peer X.509 certificate... ok" \
11356 -C "received HelloRetryRequest message"
11357
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11358requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11359requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11360requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11361requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11362requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11363requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11364requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11365requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11366requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11367requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11368requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11369requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11370run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11371 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11372 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11373 0 \
11374 -s "Protocol is TLSv1.3" \
11375 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11376 -s "received signature algorithm: 0x804" \
11377 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11378 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11379 -c "Protocol is TLSv1.3" \
11380 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11381 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11382 -c "NamedGroup: secp384r1 ( 18 )" \
11383 -c "Verifying peer X.509 certificate... ok" \
11384 -C "received HelloRetryRequest message"
11385
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11386requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11387requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11388requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11389requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11390requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11391requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11392requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11393requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11394requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11395requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11396run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11397 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11398 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11399 0 \
11400 -s "Protocol is TLSv1.3" \
11401 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11402 -s "received signature algorithm: 0x403" \
11403 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11404 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11405 -c "Protocol is TLSv1.3" \
11406 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11407 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11408 -c "NamedGroup: secp521r1 ( 19 )" \
11409 -c "Verifying peer X.509 certificate... ok" \
11410 -C "received HelloRetryRequest message"
11411
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11412requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11413requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11414requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11415requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11416requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11417requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11418requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11419requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11420requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11421requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11422run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11423 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11424 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11425 0 \
11426 -s "Protocol is TLSv1.3" \
11427 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11428 -s "received signature algorithm: 0x503" \
11429 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11430 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11431 -c "Protocol is TLSv1.3" \
11432 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11433 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11434 -c "NamedGroup: secp521r1 ( 19 )" \
11435 -c "Verifying peer X.509 certificate... ok" \
11436 -C "received HelloRetryRequest message"
11437
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11438requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11439requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11440requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11441requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11442requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11443requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11444requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11445requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11446requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11447requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11448run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11449 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11450 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11451 0 \
11452 -s "Protocol is TLSv1.3" \
11453 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11454 -s "received signature algorithm: 0x603" \
11455 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11456 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11457 -c "Protocol is TLSv1.3" \
11458 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11459 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11460 -c "NamedGroup: secp521r1 ( 19 )" \
11461 -c "Verifying peer X.509 certificate... ok" \
11462 -C "received HelloRetryRequest message"
11463
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11464requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11465requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11466requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11467requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11468requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11469requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11470requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11471requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11472requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11473requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11474requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11475requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11476run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11477 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11478 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11479 0 \
11480 -s "Protocol is TLSv1.3" \
11481 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11482 -s "received signature algorithm: 0x804" \
11483 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11484 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11485 -c "Protocol is TLSv1.3" \
11486 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11487 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11488 -c "NamedGroup: secp521r1 ( 19 )" \
11489 -c "Verifying peer X.509 certificate... ok" \
11490 -C "received HelloRetryRequest message"
11491
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11492requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11493requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11494requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11495requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11496requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11497requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11498requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11499requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11500requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11501requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11502run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11503 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11504 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11505 0 \
11506 -s "Protocol is TLSv1.3" \
11507 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11508 -s "received signature algorithm: 0x403" \
11509 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11510 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11511 -c "Protocol is TLSv1.3" \
11512 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11513 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11514 -c "NamedGroup: x25519 ( 1d )" \
11515 -c "Verifying peer X.509 certificate... ok" \
11516 -C "received HelloRetryRequest message"
11517
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11518requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11519requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11520requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11521requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11522requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11523requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11524requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11525requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11526requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11527requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11528run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11529 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11530 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11531 0 \
11532 -s "Protocol is TLSv1.3" \
11533 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11534 -s "received signature algorithm: 0x503" \
11535 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11536 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11537 -c "Protocol is TLSv1.3" \
11538 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11539 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11540 -c "NamedGroup: x25519 ( 1d )" \
11541 -c "Verifying peer X.509 certificate... ok" \
11542 -C "received HelloRetryRequest message"
11543
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11544requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11545requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11546requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11547requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11548requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11549requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11550requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11551requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11552requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11553requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11554run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11555 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11556 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11557 0 \
11558 -s "Protocol is TLSv1.3" \
11559 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11560 -s "received signature algorithm: 0x603" \
11561 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11562 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11563 -c "Protocol is TLSv1.3" \
11564 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11565 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11566 -c "NamedGroup: x25519 ( 1d )" \
11567 -c "Verifying peer X.509 certificate... ok" \
11568 -C "received HelloRetryRequest message"
11569
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11570requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11571requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11572requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11573requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11574requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11575requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11576requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11577requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11578requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11579requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11580requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11581requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11582run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11583 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11584 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11585 0 \
11586 -s "Protocol is TLSv1.3" \
11587 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11588 -s "received signature algorithm: 0x804" \
11589 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11590 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11591 -c "Protocol is TLSv1.3" \
11592 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11593 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11594 -c "NamedGroup: x25519 ( 1d )" \
11595 -c "Verifying peer X.509 certificate... ok" \
11596 -C "received HelloRetryRequest message"
11597
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11598requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11599requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11600requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11601requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11602requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11603requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11604requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11605requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11606requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11607requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11608run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11609 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11610 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11611 0 \
11612 -s "Protocol is TLSv1.3" \
11613 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11614 -s "received signature algorithm: 0x403" \
11615 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11616 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11617 -c "Protocol is TLSv1.3" \
11618 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11619 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11620 -c "NamedGroup: x448 ( 1e )" \
11621 -c "Verifying peer X.509 certificate... ok" \
11622 -C "received HelloRetryRequest message"
11623
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11624requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11625requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11626requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11627requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11628requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11629requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11630requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11631requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11632requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11633requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11634run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11635 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11636 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11637 0 \
11638 -s "Protocol is TLSv1.3" \
11639 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11640 -s "received signature algorithm: 0x503" \
11641 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11642 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11643 -c "Protocol is TLSv1.3" \
11644 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11645 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11646 -c "NamedGroup: x448 ( 1e )" \
11647 -c "Verifying peer X.509 certificate... ok" \
11648 -C "received HelloRetryRequest message"
11649
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11650requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11651requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11652requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11653requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11654requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11655requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11656requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11657requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11658requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11659requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11660run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11661 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11662 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11663 0 \
11664 -s "Protocol is TLSv1.3" \
11665 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11666 -s "received signature algorithm: 0x603" \
11667 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11668 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11669 -c "Protocol is TLSv1.3" \
11670 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11671 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11672 -c "NamedGroup: x448 ( 1e )" \
11673 -c "Verifying peer X.509 certificate... ok" \
11674 -C "received HelloRetryRequest message"
11675
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11676requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11677requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11678requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11679requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11680requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11681requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11682requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11683requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11684requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11685requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11686requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11687requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11688run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11689 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11690 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11691 0 \
11692 -s "Protocol is TLSv1.3" \
11693 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11694 -s "received signature algorithm: 0x804" \
11695 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11696 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11697 -c "Protocol is TLSv1.3" \
11698 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11699 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11700 -c "NamedGroup: x448 ( 1e )" \
11701 -c "Verifying peer X.509 certificate... ok" \
11702 -C "received HelloRetryRequest message"
11703
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11704requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11705requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11706requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11707requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11708requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11709requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11710requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11711requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11712run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
11713 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11714 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
11715 0 \
11716 -s "Protocol is TLSv1.3" \
11717 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11718 -s "received signature algorithm: 0x403" \
11719 -s "got named group: ffdhe2048(0100)" \
11720 -s "Certificate verification was skipped" \
11721 -c "Protocol is TLSv1.3" \
11722 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11723 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11724 -c "NamedGroup: ffdhe2048 ( 100 )" \
11725 -c "Verifying peer X.509 certificate... ok" \
11726 -C "received HelloRetryRequest message"
11727
11728requires_config_enabled MBEDTLS_SSL_SRV_C
11729requires_config_enabled MBEDTLS_DEBUG_C
11730requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11731requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11732requires_config_enabled MBEDTLS_SSL_CLI_C
11733requires_config_enabled MBEDTLS_DEBUG_C
11734requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11735requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11736run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
11737 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11738 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
11739 0 \
11740 -s "Protocol is TLSv1.3" \
11741 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11742 -s "received signature algorithm: 0x503" \
11743 -s "got named group: ffdhe2048(0100)" \
11744 -s "Certificate verification was skipped" \
11745 -c "Protocol is TLSv1.3" \
11746 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11747 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11748 -c "NamedGroup: ffdhe2048 ( 100 )" \
11749 -c "Verifying peer X.509 certificate... ok" \
11750 -C "received HelloRetryRequest message"
11751
11752requires_config_enabled MBEDTLS_SSL_SRV_C
11753requires_config_enabled MBEDTLS_DEBUG_C
11754requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11755requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11756requires_config_enabled MBEDTLS_SSL_CLI_C
11757requires_config_enabled MBEDTLS_DEBUG_C
11758requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11759requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11760run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
11761 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11762 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
11763 0 \
11764 -s "Protocol is TLSv1.3" \
11765 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11766 -s "received signature algorithm: 0x603" \
11767 -s "got named group: ffdhe2048(0100)" \
11768 -s "Certificate verification was skipped" \
11769 -c "Protocol is TLSv1.3" \
11770 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11771 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11772 -c "NamedGroup: ffdhe2048 ( 100 )" \
11773 -c "Verifying peer X.509 certificate... ok" \
11774 -C "received HelloRetryRequest message"
11775
11776requires_config_enabled MBEDTLS_SSL_SRV_C
11777requires_config_enabled MBEDTLS_DEBUG_C
11778requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11779requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11780requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11781requires_config_enabled MBEDTLS_SSL_CLI_C
11782requires_config_enabled MBEDTLS_DEBUG_C
11783requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11784requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11785requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11786run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
11787 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11788 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
11789 0 \
11790 -s "Protocol is TLSv1.3" \
11791 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11792 -s "received signature algorithm: 0x804" \
11793 -s "got named group: ffdhe2048(0100)" \
11794 -s "Certificate verification was skipped" \
11795 -c "Protocol is TLSv1.3" \
11796 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11797 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11798 -c "NamedGroup: ffdhe2048 ( 100 )" \
11799 -c "Verifying peer X.509 certificate... ok" \
11800 -C "received HelloRetryRequest message"
11801
11802requires_config_enabled MBEDTLS_SSL_SRV_C
11803requires_config_enabled MBEDTLS_DEBUG_C
11804requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11805requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11806requires_config_enabled MBEDTLS_SSL_CLI_C
11807requires_config_enabled MBEDTLS_DEBUG_C
11808requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11809requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11810run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
11811 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11812 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
11813 0 \
11814 -s "Protocol is TLSv1.3" \
11815 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11816 -s "received signature algorithm: 0x403" \
11817 -s "got named group: ffdhe8192(0104)" \
11818 -s "Certificate verification was skipped" \
11819 -c "Protocol is TLSv1.3" \
11820 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11821 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11822 -c "NamedGroup: ffdhe8192 ( 104 )" \
11823 -c "Verifying peer X.509 certificate... ok" \
11824 -C "received HelloRetryRequest message"
11825
11826requires_config_enabled MBEDTLS_SSL_SRV_C
11827requires_config_enabled MBEDTLS_DEBUG_C
11828requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11829requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11830requires_config_enabled MBEDTLS_SSL_CLI_C
11831requires_config_enabled MBEDTLS_DEBUG_C
11832requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11833requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11834run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
11835 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11836 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
11837 0 \
11838 -s "Protocol is TLSv1.3" \
11839 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11840 -s "received signature algorithm: 0x503" \
11841 -s "got named group: ffdhe8192(0104)" \
11842 -s "Certificate verification was skipped" \
11843 -c "Protocol is TLSv1.3" \
11844 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11845 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11846 -c "NamedGroup: ffdhe8192 ( 104 )" \
11847 -c "Verifying peer X.509 certificate... ok" \
11848 -C "received HelloRetryRequest message"
11849
11850requires_config_enabled MBEDTLS_SSL_SRV_C
11851requires_config_enabled MBEDTLS_DEBUG_C
11852requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11853requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11854requires_config_enabled MBEDTLS_SSL_CLI_C
11855requires_config_enabled MBEDTLS_DEBUG_C
11856requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11857requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11858run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
11859 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11860 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
11861 0 \
11862 -s "Protocol is TLSv1.3" \
11863 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11864 -s "received signature algorithm: 0x603" \
11865 -s "got named group: ffdhe8192(0104)" \
11866 -s "Certificate verification was skipped" \
11867 -c "Protocol is TLSv1.3" \
11868 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11869 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11870 -c "NamedGroup: ffdhe8192 ( 104 )" \
11871 -c "Verifying peer X.509 certificate... ok" \
11872 -C "received HelloRetryRequest message"
11873
11874requires_config_enabled MBEDTLS_SSL_SRV_C
11875requires_config_enabled MBEDTLS_DEBUG_C
11876requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11877requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11878requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11879requires_config_enabled MBEDTLS_SSL_CLI_C
11880requires_config_enabled MBEDTLS_DEBUG_C
11881requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11882requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11883requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11884run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
11885 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11886 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
11887 0 \
11888 -s "Protocol is TLSv1.3" \
11889 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
11890 -s "received signature algorithm: 0x804" \
11891 -s "got named group: ffdhe8192(0104)" \
11892 -s "Certificate verification was skipped" \
11893 -c "Protocol is TLSv1.3" \
11894 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11895 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11896 -c "NamedGroup: ffdhe8192 ( 104 )" \
11897 -c "Verifying peer X.509 certificate... ok" \
11898 -C "received HelloRetryRequest message"
11899
11900requires_config_enabled MBEDTLS_SSL_SRV_C
11901requires_config_enabled MBEDTLS_DEBUG_C
11902requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11903requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11904requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11905requires_config_enabled MBEDTLS_SSL_CLI_C
11906requires_config_enabled MBEDTLS_DEBUG_C
11907requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11908requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11909requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11910run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11911 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11912 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11913 0 \
11914 -s "Protocol is TLSv1.3" \
11915 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11916 -s "received signature algorithm: 0x403" \
11917 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11918 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11919 -c "Protocol is TLSv1.3" \
11920 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11921 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11922 -c "NamedGroup: secp256r1 ( 17 )" \
11923 -c "Verifying peer X.509 certificate... ok" \
11924 -C "received HelloRetryRequest message"
11925
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11926requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11927requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11928requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11929requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11930requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11931requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11932requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11933requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11934requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11935requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11936run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11937 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11938 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11939 0 \
11940 -s "Protocol is TLSv1.3" \
11941 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11942 -s "received signature algorithm: 0x503" \
11943 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11944 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11945 -c "Protocol is TLSv1.3" \
11946 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11947 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11948 -c "NamedGroup: secp256r1 ( 17 )" \
11949 -c "Verifying peer X.509 certificate... ok" \
11950 -C "received HelloRetryRequest message"
11951
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11952requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11953requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11954requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11955requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11956requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11957requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11958requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11959requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11960requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11961requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11962run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11963 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11964 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11965 0 \
11966 -s "Protocol is TLSv1.3" \
11967 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11968 -s "received signature algorithm: 0x603" \
11969 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11970 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11971 -c "Protocol is TLSv1.3" \
11972 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11973 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11974 -c "NamedGroup: secp256r1 ( 17 )" \
11975 -c "Verifying peer X.509 certificate... ok" \
11976 -C "received HelloRetryRequest message"
11977
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11978requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11979requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11980requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11981requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11982requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11983requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11984requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11985requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11986requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11987requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11988requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]11989requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11990run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11991 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11992 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11993 0 \
11994 -s "Protocol is TLSv1.3" \
11995 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11996 -s "received signature algorithm: 0x804" \
11997 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11998 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11999 -c "Protocol is TLSv1.3" \
12000 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12001 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12002 -c "NamedGroup: secp256r1 ( 17 )" \
12003 -c "Verifying peer X.509 certificate... ok" \
12004 -C "received HelloRetryRequest message"
12005
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12006requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12007requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12008requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12009requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12010requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12011requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12012requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12013requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12014requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12015requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12016run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12017 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12018 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12019 0 \
12020 -s "Protocol is TLSv1.3" \
12021 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12022 -s "received signature algorithm: 0x403" \
12023 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12024 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12025 -c "Protocol is TLSv1.3" \
12026 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12027 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12028 -c "NamedGroup: secp384r1 ( 18 )" \
12029 -c "Verifying peer X.509 certificate... ok" \
12030 -C "received HelloRetryRequest message"
12031
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12032requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12033requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12034requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12035requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12036requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12037requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12038requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12039requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12040requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12041requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12042run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12043 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12044 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12045 0 \
12046 -s "Protocol is TLSv1.3" \
12047 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12048 -s "received signature algorithm: 0x503" \
12049 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12050 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12051 -c "Protocol is TLSv1.3" \
12052 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12053 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12054 -c "NamedGroup: secp384r1 ( 18 )" \
12055 -c "Verifying peer X.509 certificate... ok" \
12056 -C "received HelloRetryRequest message"
12057
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12058requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12059requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12060requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12061requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12062requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12063requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12064requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12065requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12066requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12067requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12068run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12069 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12070 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12071 0 \
12072 -s "Protocol is TLSv1.3" \
12073 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12074 -s "received signature algorithm: 0x603" \
12075 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12076 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12077 -c "Protocol is TLSv1.3" \
12078 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12079 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12080 -c "NamedGroup: secp384r1 ( 18 )" \
12081 -c "Verifying peer X.509 certificate... ok" \
12082 -C "received HelloRetryRequest message"
12083
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12084requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12085requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12086requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12087requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12088requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12089requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12090requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12091requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12092requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12093requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12094requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12095requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12096run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12097 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12098 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12099 0 \
12100 -s "Protocol is TLSv1.3" \
12101 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12102 -s "received signature algorithm: 0x804" \
12103 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12104 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12105 -c "Protocol is TLSv1.3" \
12106 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12107 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12108 -c "NamedGroup: secp384r1 ( 18 )" \
12109 -c "Verifying peer X.509 certificate... ok" \
12110 -C "received HelloRetryRequest message"
12111
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12112requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12113requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12114requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12115requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12116requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12117requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12118requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12119requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12120requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12121requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12122run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12123 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12124 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12125 0 \
12126 -s "Protocol is TLSv1.3" \
12127 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12128 -s "received signature algorithm: 0x403" \
12129 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12130 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12131 -c "Protocol is TLSv1.3" \
12132 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12133 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12134 -c "NamedGroup: secp521r1 ( 19 )" \
12135 -c "Verifying peer X.509 certificate... ok" \
12136 -C "received HelloRetryRequest message"
12137
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12138requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12139requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12140requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12141requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12142requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12143requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12144requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12145requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12146requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12147requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12148run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12149 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12150 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12151 0 \
12152 -s "Protocol is TLSv1.3" \
12153 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12154 -s "received signature algorithm: 0x503" \
12155 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12156 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12157 -c "Protocol is TLSv1.3" \
12158 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12159 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12160 -c "NamedGroup: secp521r1 ( 19 )" \
12161 -c "Verifying peer X.509 certificate... ok" \
12162 -C "received HelloRetryRequest message"
12163
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12164requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12165requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12166requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12167requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12168requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12169requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12170requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12171requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12172requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12173requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12174run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12175 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12176 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12177 0 \
12178 -s "Protocol is TLSv1.3" \
12179 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12180 -s "received signature algorithm: 0x603" \
12181 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12182 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12183 -c "Protocol is TLSv1.3" \
12184 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12185 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12186 -c "NamedGroup: secp521r1 ( 19 )" \
12187 -c "Verifying peer X.509 certificate... ok" \
12188 -C "received HelloRetryRequest message"
12189
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12190requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12191requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12192requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12193requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12194requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12195requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12196requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12197requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12198requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12199requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12200requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12201requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12202run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12203 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12204 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12205 0 \
12206 -s "Protocol is TLSv1.3" \
12207 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12208 -s "received signature algorithm: 0x804" \
12209 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12210 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12211 -c "Protocol is TLSv1.3" \
12212 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12213 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12214 -c "NamedGroup: secp521r1 ( 19 )" \
12215 -c "Verifying peer X.509 certificate... ok" \
12216 -C "received HelloRetryRequest message"
12217
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12218requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12219requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12220requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12221requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12222requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12223requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12224requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12225requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12226requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12227requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12228run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12229 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12230 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12231 0 \
12232 -s "Protocol is TLSv1.3" \
12233 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12234 -s "received signature algorithm: 0x403" \
12235 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12236 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12237 -c "Protocol is TLSv1.3" \
12238 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12239 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12240 -c "NamedGroup: x25519 ( 1d )" \
12241 -c "Verifying peer X.509 certificate... ok" \
12242 -C "received HelloRetryRequest message"
12243
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12244requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12245requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12246requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12247requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12248requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12249requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12250requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12251requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12252requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12253requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12254run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12255 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12256 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12257 0 \
12258 -s "Protocol is TLSv1.3" \
12259 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12260 -s "received signature algorithm: 0x503" \
12261 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12262 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12263 -c "Protocol is TLSv1.3" \
12264 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12265 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12266 -c "NamedGroup: x25519 ( 1d )" \
12267 -c "Verifying peer X.509 certificate... ok" \
12268 -C "received HelloRetryRequest message"
12269
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12270requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12271requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12272requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12273requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12274requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12275requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12276requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12277requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12278requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12279requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12280run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12281 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12282 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12283 0 \
12284 -s "Protocol is TLSv1.3" \
12285 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12286 -s "received signature algorithm: 0x603" \
12287 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12288 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12289 -c "Protocol is TLSv1.3" \
12290 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12291 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12292 -c "NamedGroup: x25519 ( 1d )" \
12293 -c "Verifying peer X.509 certificate... ok" \
12294 -C "received HelloRetryRequest message"
12295
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12296requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12297requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12298requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12299requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12300requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12301requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12302requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12303requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12304requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12305requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12306requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12307requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12308run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12309 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12310 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12311 0 \
12312 -s "Protocol is TLSv1.3" \
12313 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12314 -s "received signature algorithm: 0x804" \
12315 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12316 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12317 -c "Protocol is TLSv1.3" \
12318 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12319 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12320 -c "NamedGroup: x25519 ( 1d )" \
12321 -c "Verifying peer X.509 certificate... ok" \
12322 -C "received HelloRetryRequest message"
12323
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12324requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12325requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12326requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12327requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12328requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12329requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12330requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12331requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12332requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12333requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12334run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12335 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12336 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12337 0 \
12338 -s "Protocol is TLSv1.3" \
12339 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12340 -s "received signature algorithm: 0x403" \
12341 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12342 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12343 -c "Protocol is TLSv1.3" \
12344 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12345 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12346 -c "NamedGroup: x448 ( 1e )" \
12347 -c "Verifying peer X.509 certificate... ok" \
12348 -C "received HelloRetryRequest message"
12349
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12350requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12351requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12352requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12353requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12354requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12355requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12356requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12357requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12358requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12359requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12360run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12361 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12362 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12363 0 \
12364 -s "Protocol is TLSv1.3" \
12365 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12366 -s "received signature algorithm: 0x503" \
12367 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12368 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12369 -c "Protocol is TLSv1.3" \
12370 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12371 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12372 -c "NamedGroup: x448 ( 1e )" \
12373 -c "Verifying peer X.509 certificate... ok" \
12374 -C "received HelloRetryRequest message"
12375
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12376requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12377requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12378requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12379requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12380requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12381requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12382requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12383requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12384requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12385requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12386run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12387 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12388 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12389 0 \
12390 -s "Protocol is TLSv1.3" \
12391 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12392 -s "received signature algorithm: 0x603" \
12393 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12394 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12395 -c "Protocol is TLSv1.3" \
12396 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12397 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12398 -c "NamedGroup: x448 ( 1e )" \
12399 -c "Verifying peer X.509 certificate... ok" \
12400 -C "received HelloRetryRequest message"
12401
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12402requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12403requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12404requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12405requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12406requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12407requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12408requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12409requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12410requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12411requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12412requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12413requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12414run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12415 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12416 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12417 0 \
12418 -s "Protocol is TLSv1.3" \
12419 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12420 -s "received signature algorithm: 0x804" \
12421 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12422 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12423 -c "Protocol is TLSv1.3" \
12424 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12425 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12426 -c "NamedGroup: x448 ( 1e )" \
12427 -c "Verifying peer X.509 certificate... ok" \
12428 -C "received HelloRetryRequest message"
12429
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12430requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12431requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12432requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12433requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12434requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12435requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12436requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12437requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12438run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
12439 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12440 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
12441 0 \
12442 -s "Protocol is TLSv1.3" \
12443 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12444 -s "received signature algorithm: 0x403" \
12445 -s "got named group: ffdhe2048(0100)" \
12446 -s "Certificate verification was skipped" \
12447 -c "Protocol is TLSv1.3" \
12448 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12449 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12450 -c "NamedGroup: ffdhe2048 ( 100 )" \
12451 -c "Verifying peer X.509 certificate... ok" \
12452 -C "received HelloRetryRequest message"
12453
12454requires_config_enabled MBEDTLS_SSL_SRV_C
12455requires_config_enabled MBEDTLS_DEBUG_C
12456requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12457requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12458requires_config_enabled MBEDTLS_SSL_CLI_C
12459requires_config_enabled MBEDTLS_DEBUG_C
12460requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12461requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12462run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
12463 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12464 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
12465 0 \
12466 -s "Protocol is TLSv1.3" \
12467 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12468 -s "received signature algorithm: 0x503" \
12469 -s "got named group: ffdhe2048(0100)" \
12470 -s "Certificate verification was skipped" \
12471 -c "Protocol is TLSv1.3" \
12472 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12473 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12474 -c "NamedGroup: ffdhe2048 ( 100 )" \
12475 -c "Verifying peer X.509 certificate... ok" \
12476 -C "received HelloRetryRequest message"
12477
12478requires_config_enabled MBEDTLS_SSL_SRV_C
12479requires_config_enabled MBEDTLS_DEBUG_C
12480requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12481requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12482requires_config_enabled MBEDTLS_SSL_CLI_C
12483requires_config_enabled MBEDTLS_DEBUG_C
12484requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12485requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12486run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
12487 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12488 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
12489 0 \
12490 -s "Protocol is TLSv1.3" \
12491 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12492 -s "received signature algorithm: 0x603" \
12493 -s "got named group: ffdhe2048(0100)" \
12494 -s "Certificate verification was skipped" \
12495 -c "Protocol is TLSv1.3" \
12496 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12497 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12498 -c "NamedGroup: ffdhe2048 ( 100 )" \
12499 -c "Verifying peer X.509 certificate... ok" \
12500 -C "received HelloRetryRequest message"
12501
12502requires_config_enabled MBEDTLS_SSL_SRV_C
12503requires_config_enabled MBEDTLS_DEBUG_C
12504requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12505requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12506requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12507requires_config_enabled MBEDTLS_SSL_CLI_C
12508requires_config_enabled MBEDTLS_DEBUG_C
12509requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12510requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12511requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12512run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
12513 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12514 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
12515 0 \
12516 -s "Protocol is TLSv1.3" \
12517 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12518 -s "received signature algorithm: 0x804" \
12519 -s "got named group: ffdhe2048(0100)" \
12520 -s "Certificate verification was skipped" \
12521 -c "Protocol is TLSv1.3" \
12522 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12523 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12524 -c "NamedGroup: ffdhe2048 ( 100 )" \
12525 -c "Verifying peer X.509 certificate... ok" \
12526 -C "received HelloRetryRequest message"
12527
12528requires_config_enabled MBEDTLS_SSL_SRV_C
12529requires_config_enabled MBEDTLS_DEBUG_C
12530requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12531requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12532requires_config_enabled MBEDTLS_SSL_CLI_C
12533requires_config_enabled MBEDTLS_DEBUG_C
12534requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12535requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12536run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
12537 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12538 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
12539 0 \
12540 -s "Protocol is TLSv1.3" \
12541 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12542 -s "received signature algorithm: 0x403" \
12543 -s "got named group: ffdhe8192(0104)" \
12544 -s "Certificate verification was skipped" \
12545 -c "Protocol is TLSv1.3" \
12546 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12547 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12548 -c "NamedGroup: ffdhe8192 ( 104 )" \
12549 -c "Verifying peer X.509 certificate... ok" \
12550 -C "received HelloRetryRequest message"
12551
12552requires_config_enabled MBEDTLS_SSL_SRV_C
12553requires_config_enabled MBEDTLS_DEBUG_C
12554requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12555requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12556requires_config_enabled MBEDTLS_SSL_CLI_C
12557requires_config_enabled MBEDTLS_DEBUG_C
12558requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12559requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12560run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
12561 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12562 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
12563 0 \
12564 -s "Protocol is TLSv1.3" \
12565 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12566 -s "received signature algorithm: 0x503" \
12567 -s "got named group: ffdhe8192(0104)" \
12568 -s "Certificate verification was skipped" \
12569 -c "Protocol is TLSv1.3" \
12570 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12571 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12572 -c "NamedGroup: ffdhe8192 ( 104 )" \
12573 -c "Verifying peer X.509 certificate... ok" \
12574 -C "received HelloRetryRequest message"
12575
12576requires_config_enabled MBEDTLS_SSL_SRV_C
12577requires_config_enabled MBEDTLS_DEBUG_C
12578requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12579requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12580requires_config_enabled MBEDTLS_SSL_CLI_C
12581requires_config_enabled MBEDTLS_DEBUG_C
12582requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12583requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12584run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
12585 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12586 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
12587 0 \
12588 -s "Protocol is TLSv1.3" \
12589 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12590 -s "received signature algorithm: 0x603" \
12591 -s "got named group: ffdhe8192(0104)" \
12592 -s "Certificate verification was skipped" \
12593 -c "Protocol is TLSv1.3" \
12594 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12595 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12596 -c "NamedGroup: ffdhe8192 ( 104 )" \
12597 -c "Verifying peer X.509 certificate... ok" \
12598 -C "received HelloRetryRequest message"
12599
12600requires_config_enabled MBEDTLS_SSL_SRV_C
12601requires_config_enabled MBEDTLS_DEBUG_C
12602requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12603requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12604requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12605requires_config_enabled MBEDTLS_SSL_CLI_C
12606requires_config_enabled MBEDTLS_DEBUG_C
12607requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12608requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12609requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12610run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
12611 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12612 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
12613 0 \
12614 -s "Protocol is TLSv1.3" \
12615 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
12616 -s "received signature algorithm: 0x804" \
12617 -s "got named group: ffdhe8192(0104)" \
12618 -s "Certificate verification was skipped" \
12619 -c "Protocol is TLSv1.3" \
12620 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12621 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12622 -c "NamedGroup: ffdhe8192 ( 104 )" \
12623 -c "Verifying peer X.509 certificate... ok" \
12624 -C "received HelloRetryRequest message"
12625
12626requires_config_enabled MBEDTLS_SSL_SRV_C
12627requires_config_enabled MBEDTLS_DEBUG_C
12628requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12629requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12630requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12631requires_config_enabled MBEDTLS_SSL_CLI_C
12632requires_config_enabled MBEDTLS_DEBUG_C
12633requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12634requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12635requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12636run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12637 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12638 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12639 0 \
12640 -s "Protocol is TLSv1.3" \
12641 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12642 -s "received signature algorithm: 0x403" \
12643 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12644 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12645 -c "Protocol is TLSv1.3" \
12646 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12647 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12648 -c "NamedGroup: secp256r1 ( 17 )" \
12649 -c "Verifying peer X.509 certificate... ok" \
12650 -C "received HelloRetryRequest message"
12651
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12652requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12653requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12654requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12655requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12656requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12657requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12658requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12659requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12660requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12661requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12662run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12663 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12664 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12665 0 \
12666 -s "Protocol is TLSv1.3" \
12667 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12668 -s "received signature algorithm: 0x503" \
12669 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12670 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12671 -c "Protocol is TLSv1.3" \
12672 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12673 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12674 -c "NamedGroup: secp256r1 ( 17 )" \
12675 -c "Verifying peer X.509 certificate... ok" \
12676 -C "received HelloRetryRequest message"
12677
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12678requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12679requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12680requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12681requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12682requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12683requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12684requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12685requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12686requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12687requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12688run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12689 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12690 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12691 0 \
12692 -s "Protocol is TLSv1.3" \
12693 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12694 -s "received signature algorithm: 0x603" \
12695 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12696 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12697 -c "Protocol is TLSv1.3" \
12698 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12699 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12700 -c "NamedGroup: secp256r1 ( 17 )" \
12701 -c "Verifying peer X.509 certificate... ok" \
12702 -C "received HelloRetryRequest message"
12703
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12704requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12705requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12706requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12707requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12708requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12709requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12710requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12711requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12712requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12713requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12714requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12715requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12716run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12717 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12718 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12719 0 \
12720 -s "Protocol is TLSv1.3" \
12721 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12722 -s "received signature algorithm: 0x804" \
12723 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12724 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12725 -c "Protocol is TLSv1.3" \
12726 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12727 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12728 -c "NamedGroup: secp256r1 ( 17 )" \
12729 -c "Verifying peer X.509 certificate... ok" \
12730 -C "received HelloRetryRequest message"
12731
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12732requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12733requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12734requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12735requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12736requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12737requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12738requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12739requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12740requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12741requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12742run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12743 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12744 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12745 0 \
12746 -s "Protocol is TLSv1.3" \
12747 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12748 -s "received signature algorithm: 0x403" \
12749 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12750 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12751 -c "Protocol is TLSv1.3" \
12752 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12753 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12754 -c "NamedGroup: secp384r1 ( 18 )" \
12755 -c "Verifying peer X.509 certificate... ok" \
12756 -C "received HelloRetryRequest message"
12757
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12758requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12759requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12760requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12761requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12762requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12763requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12764requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12765requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12766requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12767requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12768run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12769 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12770 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12771 0 \
12772 -s "Protocol is TLSv1.3" \
12773 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12774 -s "received signature algorithm: 0x503" \
12775 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12776 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12777 -c "Protocol is TLSv1.3" \
12778 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12779 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12780 -c "NamedGroup: secp384r1 ( 18 )" \
12781 -c "Verifying peer X.509 certificate... ok" \
12782 -C "received HelloRetryRequest message"
12783
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12784requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12785requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12786requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12787requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12788requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12789requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12790requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12791requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12792requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12793requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12794run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12795 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12796 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12797 0 \
12798 -s "Protocol is TLSv1.3" \
12799 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12800 -s "received signature algorithm: 0x603" \
12801 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12802 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12803 -c "Protocol is TLSv1.3" \
12804 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12805 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12806 -c "NamedGroup: secp384r1 ( 18 )" \
12807 -c "Verifying peer X.509 certificate... ok" \
12808 -C "received HelloRetryRequest message"
12809
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12810requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12811requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12812requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12813requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12814requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12815requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12816requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12817requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12818requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12819requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12820requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12821requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12822run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12823 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12824 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12825 0 \
12826 -s "Protocol is TLSv1.3" \
12827 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12828 -s "received signature algorithm: 0x804" \
12829 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12830 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12831 -c "Protocol is TLSv1.3" \
12832 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12833 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12834 -c "NamedGroup: secp384r1 ( 18 )" \
12835 -c "Verifying peer X.509 certificate... ok" \
12836 -C "received HelloRetryRequest message"
12837
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12838requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12839requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12840requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12841requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12842requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12843requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12844requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12845requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12846requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12847requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12848run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12849 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12850 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12851 0 \
12852 -s "Protocol is TLSv1.3" \
12853 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12854 -s "received signature algorithm: 0x403" \
12855 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12856 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12857 -c "Protocol is TLSv1.3" \
12858 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12859 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12860 -c "NamedGroup: secp521r1 ( 19 )" \
12861 -c "Verifying peer X.509 certificate... ok" \
12862 -C "received HelloRetryRequest message"
12863
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12864requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12865requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12866requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12867requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12868requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12869requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12870requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12871requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12872requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12873requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12874run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12875 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12876 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12877 0 \
12878 -s "Protocol is TLSv1.3" \
12879 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12880 -s "received signature algorithm: 0x503" \
12881 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12882 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12883 -c "Protocol is TLSv1.3" \
12884 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12885 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12886 -c "NamedGroup: secp521r1 ( 19 )" \
12887 -c "Verifying peer X.509 certificate... ok" \
12888 -C "received HelloRetryRequest message"
12889
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12890requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12891requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12892requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12893requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12894requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12895requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12896requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12897requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12898requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12899requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12900run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12901 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12902 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12903 0 \
12904 -s "Protocol is TLSv1.3" \
12905 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12906 -s "received signature algorithm: 0x603" \
12907 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12908 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12909 -c "Protocol is TLSv1.3" \
12910 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12911 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12912 -c "NamedGroup: secp521r1 ( 19 )" \
12913 -c "Verifying peer X.509 certificate... ok" \
12914 -C "received HelloRetryRequest message"
12915
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12916requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12917requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12918requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12919requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12920requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12921requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12922requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12923requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12924requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12925requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12926requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12927requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12928run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12929 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12930 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12931 0 \
12932 -s "Protocol is TLSv1.3" \
12933 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12934 -s "received signature algorithm: 0x804" \
12935 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12936 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12937 -c "Protocol is TLSv1.3" \
12938 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12939 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12940 -c "NamedGroup: secp521r1 ( 19 )" \
12941 -c "Verifying peer X.509 certificate... ok" \
12942 -C "received HelloRetryRequest message"
12943
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12944requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12945requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12946requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12947requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12948requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12949requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12950requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12951requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12952requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12953requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12954run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12955 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12956 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12957 0 \
12958 -s "Protocol is TLSv1.3" \
12959 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12960 -s "received signature algorithm: 0x403" \
12961 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12962 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12963 -c "Protocol is TLSv1.3" \
12964 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12965 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12966 -c "NamedGroup: x25519 ( 1d )" \
12967 -c "Verifying peer X.509 certificate... ok" \
12968 -C "received HelloRetryRequest message"
12969
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12970requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12971requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12972requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12973requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12974requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12975requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12976requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12977requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12978requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]12979requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12980run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12981 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12982 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12983 0 \
12984 -s "Protocol is TLSv1.3" \
12985 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
12986 -s "received signature algorithm: 0x503" \
12987 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12988 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12989 -c "Protocol is TLSv1.3" \
12990 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12991 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12992 -c "NamedGroup: x25519 ( 1d )" \
12993 -c "Verifying peer X.509 certificate... ok" \
12994 -C "received HelloRetryRequest message"
12995
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12996requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12997requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12998requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12999requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13000requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13001requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13002requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13003requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13004requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13005requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13006run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13007 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13008 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13009 0 \
13010 -s "Protocol is TLSv1.3" \
13011 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
13012 -s "received signature algorithm: 0x603" \
13013 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13014 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13015 -c "Protocol is TLSv1.3" \
13016 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13017 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13018 -c "NamedGroup: x25519 ( 1d )" \
13019 -c "Verifying peer X.509 certificate... ok" \
13020 -C "received HelloRetryRequest message"
13021
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13022requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13023requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13024requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13025requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13026requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13027requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13028requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13029requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13030requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13031requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13032requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13033requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13034run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13035 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13036 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13037 0 \
13038 -s "Protocol is TLSv1.3" \
13039 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
13040 -s "received signature algorithm: 0x804" \
13041 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13042 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13043 -c "Protocol is TLSv1.3" \
13044 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13045 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13046 -c "NamedGroup: x25519 ( 1d )" \
13047 -c "Verifying peer X.509 certificate... ok" \
13048 -C "received HelloRetryRequest message"
13049
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13050requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13051requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13052requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13053requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13054requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13055requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13056requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13057requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13058requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13059requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13060run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13061 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13062 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13063 0 \
13064 -s "Protocol is TLSv1.3" \
13065 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
13066 -s "received signature algorithm: 0x403" \
13067 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13068 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13069 -c "Protocol is TLSv1.3" \
13070 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13071 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13072 -c "NamedGroup: x448 ( 1e )" \
13073 -c "Verifying peer X.509 certificate... ok" \
13074 -C "received HelloRetryRequest message"
13075
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13076requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13077requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13078requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13079requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13080requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13081requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13082requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13083requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13084requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13085requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13086run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13087 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13088 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13089 0 \
13090 -s "Protocol is TLSv1.3" \
13091 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
13092 -s "received signature algorithm: 0x503" \
13093 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13094 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13095 -c "Protocol is TLSv1.3" \
13096 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13097 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13098 -c "NamedGroup: x448 ( 1e )" \
13099 -c "Verifying peer X.509 certificate... ok" \
13100 -C "received HelloRetryRequest message"
13101
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13102requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13103requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13104requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13105requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13106requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13107requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13108requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13109requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13110requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13111requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13112run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13113 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13114 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13115 0 \
13116 -s "Protocol is TLSv1.3" \
13117 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
13118 -s "received signature algorithm: 0x603" \
13119 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13120 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13121 -c "Protocol is TLSv1.3" \
13122 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13123 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13124 -c "NamedGroup: x448 ( 1e )" \
13125 -c "Verifying peer X.509 certificate... ok" \
13126 -C "received HelloRetryRequest message"
13127
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13128requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13129requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13130requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13131requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13132requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13133requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13134requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13135requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13136requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13137requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13138requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13139requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13140run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13141 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13142 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13143 0 \
13144 -s "Protocol is TLSv1.3" \
13145 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
13146 -s "received signature algorithm: 0x804" \
13147 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13148 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13149 -c "Protocol is TLSv1.3" \
13150 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13151 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13152 -c "NamedGroup: x448 ( 1e )" \
13153 -c "Verifying peer X.509 certificate... ok" \
13154 -C "received HelloRetryRequest message"
13155
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13156requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13157requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13158requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13159requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13160requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13161requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13162requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13163requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13164run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
13165 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13166 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
13167 0 \
13168 -s "Protocol is TLSv1.3" \
13169 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
13170 -s "received signature algorithm: 0x403" \
13171 -s "got named group: ffdhe2048(0100)" \
13172 -s "Certificate verification was skipped" \
13173 -c "Protocol is TLSv1.3" \
13174 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13175 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13176 -c "NamedGroup: ffdhe2048 ( 100 )" \
13177 -c "Verifying peer X.509 certificate... ok" \
13178 -C "received HelloRetryRequest message"
13179
13180requires_config_enabled MBEDTLS_SSL_SRV_C
13181requires_config_enabled MBEDTLS_DEBUG_C
13182requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13183requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13184requires_config_enabled MBEDTLS_SSL_CLI_C
13185requires_config_enabled MBEDTLS_DEBUG_C
13186requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13187requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13188run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
13189 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13190 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
13191 0 \
13192 -s "Protocol is TLSv1.3" \
13193 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
13194 -s "received signature algorithm: 0x503" \
13195 -s "got named group: ffdhe2048(0100)" \
13196 -s "Certificate verification was skipped" \
13197 -c "Protocol is TLSv1.3" \
13198 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13199 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13200 -c "NamedGroup: ffdhe2048 ( 100 )" \
13201 -c "Verifying peer X.509 certificate... ok" \
13202 -C "received HelloRetryRequest message"
13203
13204requires_config_enabled MBEDTLS_SSL_SRV_C
13205requires_config_enabled MBEDTLS_DEBUG_C
13206requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13207requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13208requires_config_enabled MBEDTLS_SSL_CLI_C
13209requires_config_enabled MBEDTLS_DEBUG_C
13210requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13211requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13212run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
13213 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13214 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
13215 0 \
13216 -s "Protocol is TLSv1.3" \
13217 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
13218 -s "received signature algorithm: 0x603" \
13219 -s "got named group: ffdhe2048(0100)" \
13220 -s "Certificate verification was skipped" \
13221 -c "Protocol is TLSv1.3" \
13222 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13223 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13224 -c "NamedGroup: ffdhe2048 ( 100 )" \
13225 -c "Verifying peer X.509 certificate... ok" \
13226 -C "received HelloRetryRequest message"
13227
13228requires_config_enabled MBEDTLS_SSL_SRV_C
13229requires_config_enabled MBEDTLS_DEBUG_C
13230requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13231requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13232requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13233requires_config_enabled MBEDTLS_SSL_CLI_C
13234requires_config_enabled MBEDTLS_DEBUG_C
13235requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13236requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13237requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13238run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
13239 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13240 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
13241 0 \
13242 -s "Protocol is TLSv1.3" \
13243 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
13244 -s "received signature algorithm: 0x804" \
13245 -s "got named group: ffdhe2048(0100)" \
13246 -s "Certificate verification was skipped" \
13247 -c "Protocol is TLSv1.3" \
13248 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13249 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13250 -c "NamedGroup: ffdhe2048 ( 100 )" \
13251 -c "Verifying peer X.509 certificate... ok" \
13252 -C "received HelloRetryRequest message"
13253
13254requires_config_enabled MBEDTLS_SSL_SRV_C
13255requires_config_enabled MBEDTLS_DEBUG_C
13256requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13257requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13258requires_config_enabled MBEDTLS_SSL_CLI_C
13259requires_config_enabled MBEDTLS_DEBUG_C
13260requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13261requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13262run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
13263 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13264 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
13265 0 \
13266 -s "Protocol is TLSv1.3" \
13267 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
13268 -s "received signature algorithm: 0x403" \
13269 -s "got named group: ffdhe8192(0104)" \
13270 -s "Certificate verification was skipped" \
13271 -c "Protocol is TLSv1.3" \
13272 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13273 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13274 -c "NamedGroup: ffdhe8192 ( 104 )" \
13275 -c "Verifying peer X.509 certificate... ok" \
13276 -C "received HelloRetryRequest message"
13277
13278requires_config_enabled MBEDTLS_SSL_SRV_C
13279requires_config_enabled MBEDTLS_DEBUG_C
13280requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13281requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13282requires_config_enabled MBEDTLS_SSL_CLI_C
13283requires_config_enabled MBEDTLS_DEBUG_C
13284requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13285requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13286run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
13287 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13288 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
13289 0 \
13290 -s "Protocol is TLSv1.3" \
13291 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
13292 -s "received signature algorithm: 0x503" \
13293 -s "got named group: ffdhe8192(0104)" \
13294 -s "Certificate verification was skipped" \
13295 -c "Protocol is TLSv1.3" \
13296 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13297 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13298 -c "NamedGroup: ffdhe8192 ( 104 )" \
13299 -c "Verifying peer X.509 certificate... ok" \
13300 -C "received HelloRetryRequest message"
13301
13302requires_config_enabled MBEDTLS_SSL_SRV_C
13303requires_config_enabled MBEDTLS_DEBUG_C
13304requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13305requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13306requires_config_enabled MBEDTLS_SSL_CLI_C
13307requires_config_enabled MBEDTLS_DEBUG_C
13308requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13309requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13310run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
13311 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13312 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
13313 0 \
13314 -s "Protocol is TLSv1.3" \
13315 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
13316 -s "received signature algorithm: 0x603" \
13317 -s "got named group: ffdhe8192(0104)" \
13318 -s "Certificate verification was skipped" \
13319 -c "Protocol is TLSv1.3" \
13320 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13321 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13322 -c "NamedGroup: ffdhe8192 ( 104 )" \
13323 -c "Verifying peer X.509 certificate... ok" \
13324 -C "received HelloRetryRequest message"
13325
13326requires_config_enabled MBEDTLS_SSL_SRV_C
13327requires_config_enabled MBEDTLS_DEBUG_C
13328requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13329requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13330requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13331requires_config_enabled MBEDTLS_SSL_CLI_C
13332requires_config_enabled MBEDTLS_DEBUG_C
13333requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13334requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13335requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13336run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
13337 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13338 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
13339 0 \
13340 -s "Protocol is TLSv1.3" \
13341 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
13342 -s "received signature algorithm: 0x804" \
13343 -s "got named group: ffdhe8192(0104)" \
13344 -s "Certificate verification was skipped" \
13345 -c "Protocol is TLSv1.3" \
13346 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13347 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13348 -c "NamedGroup: ffdhe8192 ( 104 )" \
13349 -c "Verifying peer X.509 certificate... ok" \
13350 -C "received HelloRetryRequest message"
13351
13352requires_config_enabled MBEDTLS_SSL_SRV_C
13353requires_config_enabled MBEDTLS_DEBUG_C
13354requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13355requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13356requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13357requires_config_enabled MBEDTLS_SSL_CLI_C
13358requires_config_enabled MBEDTLS_DEBUG_C
13359requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13360requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13361requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13362run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13363 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13364 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13365 0 \
13366 -s "Protocol is TLSv1.3" \
13367 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13368 -s "received signature algorithm: 0x403" \
13369 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13370 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13371 -c "Protocol is TLSv1.3" \
13372 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13373 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13374 -c "NamedGroup: secp256r1 ( 17 )" \
13375 -c "Verifying peer X.509 certificate... ok" \
13376 -C "received HelloRetryRequest message"
13377
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13378requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13379requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13380requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13381requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13382requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13383requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13384requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13385requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13386requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13387requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13388run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13389 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13390 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13391 0 \
13392 -s "Protocol is TLSv1.3" \
13393 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13394 -s "received signature algorithm: 0x503" \
13395 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13396 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13397 -c "Protocol is TLSv1.3" \
13398 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13399 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13400 -c "NamedGroup: secp256r1 ( 17 )" \
13401 -c "Verifying peer X.509 certificate... ok" \
13402 -C "received HelloRetryRequest message"
13403
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13404requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13405requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13406requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13407requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13408requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13409requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13410requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13411requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13412requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13413requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13414run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13415 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13416 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13417 0 \
13418 -s "Protocol is TLSv1.3" \
13419 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13420 -s "received signature algorithm: 0x603" \
13421 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13422 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13423 -c "Protocol is TLSv1.3" \
13424 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13425 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13426 -c "NamedGroup: secp256r1 ( 17 )" \
13427 -c "Verifying peer X.509 certificate... ok" \
13428 -C "received HelloRetryRequest message"
13429
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13430requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13431requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13432requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13433requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13434requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13435requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13436requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13437requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13438requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13439requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13440requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13441requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13442run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13443 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13444 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13445 0 \
13446 -s "Protocol is TLSv1.3" \
13447 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13448 -s "received signature algorithm: 0x804" \
13449 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13450 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13451 -c "Protocol is TLSv1.3" \
13452 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13453 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13454 -c "NamedGroup: secp256r1 ( 17 )" \
13455 -c "Verifying peer X.509 certificate... ok" \
13456 -C "received HelloRetryRequest message"
13457
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13458requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13459requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13460requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13461requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13462requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13463requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13464requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13465requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13466requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13467requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13468run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13469 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13470 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13471 0 \
13472 -s "Protocol is TLSv1.3" \
13473 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13474 -s "received signature algorithm: 0x403" \
13475 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13476 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13477 -c "Protocol is TLSv1.3" \
13478 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13479 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13480 -c "NamedGroup: secp384r1 ( 18 )" \
13481 -c "Verifying peer X.509 certificate... ok" \
13482 -C "received HelloRetryRequest message"
13483
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13484requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13485requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13486requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13487requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13488requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13489requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13490requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13491requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13492requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13493requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13494run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13495 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13496 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13497 0 \
13498 -s "Protocol is TLSv1.3" \
13499 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13500 -s "received signature algorithm: 0x503" \
13501 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13502 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13503 -c "Protocol is TLSv1.3" \
13504 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13505 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13506 -c "NamedGroup: secp384r1 ( 18 )" \
13507 -c "Verifying peer X.509 certificate... ok" \
13508 -C "received HelloRetryRequest message"
13509
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13510requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13511requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13512requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13513requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13514requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13515requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13516requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13517requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13518requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13519requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13520run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13521 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13522 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13523 0 \
13524 -s "Protocol is TLSv1.3" \
13525 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13526 -s "received signature algorithm: 0x603" \
13527 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13528 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13529 -c "Protocol is TLSv1.3" \
13530 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13531 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13532 -c "NamedGroup: secp384r1 ( 18 )" \
13533 -c "Verifying peer X.509 certificate... ok" \
13534 -C "received HelloRetryRequest message"
13535
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13536requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13537requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13538requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13539requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13540requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13541requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13542requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13543requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13544requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13545requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13546requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13547requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13548run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13549 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13550 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13551 0 \
13552 -s "Protocol is TLSv1.3" \
13553 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13554 -s "received signature algorithm: 0x804" \
13555 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13556 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13557 -c "Protocol is TLSv1.3" \
13558 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13559 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13560 -c "NamedGroup: secp384r1 ( 18 )" \
13561 -c "Verifying peer X.509 certificate... ok" \
13562 -C "received HelloRetryRequest message"
13563
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13564requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13565requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13566requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13567requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13568requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13569requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13570requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13571requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13572requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13573requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13574run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13575 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13576 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13577 0 \
13578 -s "Protocol is TLSv1.3" \
13579 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13580 -s "received signature algorithm: 0x403" \
13581 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13582 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13583 -c "Protocol is TLSv1.3" \
13584 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13585 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13586 -c "NamedGroup: secp521r1 ( 19 )" \
13587 -c "Verifying peer X.509 certificate... ok" \
13588 -C "received HelloRetryRequest message"
13589
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13590requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13591requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13592requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13593requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13594requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13595requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13596requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13597requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13598requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13599requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13600run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13601 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13602 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13603 0 \
13604 -s "Protocol is TLSv1.3" \
13605 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13606 -s "received signature algorithm: 0x503" \
13607 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13608 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13609 -c "Protocol is TLSv1.3" \
13610 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13611 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13612 -c "NamedGroup: secp521r1 ( 19 )" \
13613 -c "Verifying peer X.509 certificate... ok" \
13614 -C "received HelloRetryRequest message"
13615
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13616requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13617requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13618requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13619requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13620requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13621requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13622requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13623requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13624requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13625requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13626run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13627 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13628 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13629 0 \
13630 -s "Protocol is TLSv1.3" \
13631 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13632 -s "received signature algorithm: 0x603" \
13633 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13634 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13635 -c "Protocol is TLSv1.3" \
13636 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13637 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13638 -c "NamedGroup: secp521r1 ( 19 )" \
13639 -c "Verifying peer X.509 certificate... ok" \
13640 -C "received HelloRetryRequest message"
13641
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13642requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13643requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13644requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13645requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13646requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13647requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13648requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13649requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13650requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13651requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13652requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13653requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13654run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13655 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13656 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13657 0 \
13658 -s "Protocol is TLSv1.3" \
13659 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13660 -s "received signature algorithm: 0x804" \
13661 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13662 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13663 -c "Protocol is TLSv1.3" \
13664 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13665 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13666 -c "NamedGroup: secp521r1 ( 19 )" \
13667 -c "Verifying peer X.509 certificate... ok" \
13668 -C "received HelloRetryRequest message"
13669
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13670requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13671requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13672requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13673requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13674requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13675requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13676requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13677requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13678requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13679requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13680run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13681 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13682 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13683 0 \
13684 -s "Protocol is TLSv1.3" \
13685 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13686 -s "received signature algorithm: 0x403" \
13687 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13688 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13689 -c "Protocol is TLSv1.3" \
13690 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13691 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13692 -c "NamedGroup: x25519 ( 1d )" \
13693 -c "Verifying peer X.509 certificate... ok" \
13694 -C "received HelloRetryRequest message"
13695
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13696requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13697requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13698requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13699requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13700requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13701requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13702requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13703requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13704requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13705requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13706run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13707 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13708 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13709 0 \
13710 -s "Protocol is TLSv1.3" \
13711 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13712 -s "received signature algorithm: 0x503" \
13713 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13714 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13715 -c "Protocol is TLSv1.3" \
13716 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13717 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13718 -c "NamedGroup: x25519 ( 1d )" \
13719 -c "Verifying peer X.509 certificate... ok" \
13720 -C "received HelloRetryRequest message"
13721
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13722requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13723requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13724requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13725requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13726requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13727requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13728requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13729requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13730requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13731requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13732run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13733 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13734 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13735 0 \
13736 -s "Protocol is TLSv1.3" \
13737 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13738 -s "received signature algorithm: 0x603" \
13739 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13740 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13741 -c "Protocol is TLSv1.3" \
13742 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13743 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13744 -c "NamedGroup: x25519 ( 1d )" \
13745 -c "Verifying peer X.509 certificate... ok" \
13746 -C "received HelloRetryRequest message"
13747
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13748requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13749requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13750requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13751requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13752requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13753requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13754requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13755requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13756requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13757requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13758requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13759requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13760run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13761 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13762 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13763 0 \
13764 -s "Protocol is TLSv1.3" \
13765 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13766 -s "received signature algorithm: 0x804" \
13767 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13768 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13769 -c "Protocol is TLSv1.3" \
13770 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13771 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13772 -c "NamedGroup: x25519 ( 1d )" \
13773 -c "Verifying peer X.509 certificate... ok" \
13774 -C "received HelloRetryRequest message"
13775
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13776requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13777requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13778requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13779requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13780requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13781requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13782requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13783requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13784requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13785requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13786run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13787 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13788 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13789 0 \
13790 -s "Protocol is TLSv1.3" \
13791 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13792 -s "received signature algorithm: 0x403" \
13793 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13794 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13795 -c "Protocol is TLSv1.3" \
13796 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13797 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13798 -c "NamedGroup: x448 ( 1e )" \
13799 -c "Verifying peer X.509 certificate... ok" \
13800 -C "received HelloRetryRequest message"
13801
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13802requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13803requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13804requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13805requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13806requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13807requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13808requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13809requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13810requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13811requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13812run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13813 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13814 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13815 0 \
13816 -s "Protocol is TLSv1.3" \
13817 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13818 -s "received signature algorithm: 0x503" \
13819 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13820 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13821 -c "Protocol is TLSv1.3" \
13822 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13823 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13824 -c "NamedGroup: x448 ( 1e )" \
13825 -c "Verifying peer X.509 certificate... ok" \
13826 -C "received HelloRetryRequest message"
13827
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13828requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13829requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13830requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13831requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13832requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13833requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13834requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13835requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13836requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13837requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13838run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13839 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13840 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13841 0 \
13842 -s "Protocol is TLSv1.3" \
13843 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13844 -s "received signature algorithm: 0x603" \
13845 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13846 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13847 -c "Protocol is TLSv1.3" \
13848 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13849 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13850 -c "NamedGroup: x448 ( 1e )" \
13851 -c "Verifying peer X.509 certificate... ok" \
13852 -C "received HelloRetryRequest message"
13853
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13854requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13855requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13856requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13857requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13858requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13859requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13860requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13861requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13862requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13863requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13864requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]13865requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13866run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13867 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13868 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13869 0 \
13870 -s "Protocol is TLSv1.3" \
13871 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13872 -s "received signature algorithm: 0x804" \
13873 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13874 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]13875 -c "Protocol is TLSv1.3" \
13876 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13877 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13878 -c "NamedGroup: x448 ( 1e )" \
13879 -c "Verifying peer X.509 certificate... ok" \
13880 -C "received HelloRetryRequest message"
13881
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13882requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13883requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13885requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13886requires_config_enabled MBEDTLS_SSL_CLI_C
13887requires_config_enabled MBEDTLS_DEBUG_C
13888requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13889requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13890run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
13891 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13892 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
13893 0 \
13894 -s "Protocol is TLSv1.3" \
13895 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13896 -s "received signature algorithm: 0x403" \
13897 -s "got named group: ffdhe2048(0100)" \
13898 -s "Certificate verification was skipped" \
13899 -c "Protocol is TLSv1.3" \
13900 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13901 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13902 -c "NamedGroup: ffdhe2048 ( 100 )" \
13903 -c "Verifying peer X.509 certificate... ok" \
13904 -C "received HelloRetryRequest message"
13905
13906requires_config_enabled MBEDTLS_SSL_SRV_C
13907requires_config_enabled MBEDTLS_DEBUG_C
13908requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13909requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13910requires_config_enabled MBEDTLS_SSL_CLI_C
13911requires_config_enabled MBEDTLS_DEBUG_C
13912requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13913requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13914run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
13915 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13916 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
13917 0 \
13918 -s "Protocol is TLSv1.3" \
13919 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13920 -s "received signature algorithm: 0x503" \
13921 -s "got named group: ffdhe2048(0100)" \
13922 -s "Certificate verification was skipped" \
13923 -c "Protocol is TLSv1.3" \
13924 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13925 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13926 -c "NamedGroup: ffdhe2048 ( 100 )" \
13927 -c "Verifying peer X.509 certificate... ok" \
13928 -C "received HelloRetryRequest message"
13929
13930requires_config_enabled MBEDTLS_SSL_SRV_C
13931requires_config_enabled MBEDTLS_DEBUG_C
13932requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13933requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13934requires_config_enabled MBEDTLS_SSL_CLI_C
13935requires_config_enabled MBEDTLS_DEBUG_C
13936requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13937requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13938run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
13939 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13940 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
13941 0 \
13942 -s "Protocol is TLSv1.3" \
13943 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13944 -s "received signature algorithm: 0x603" \
13945 -s "got named group: ffdhe2048(0100)" \
13946 -s "Certificate verification was skipped" \
13947 -c "Protocol is TLSv1.3" \
13948 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13949 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13950 -c "NamedGroup: ffdhe2048 ( 100 )" \
13951 -c "Verifying peer X.509 certificate... ok" \
13952 -C "received HelloRetryRequest message"
13953
13954requires_config_enabled MBEDTLS_SSL_SRV_C
13955requires_config_enabled MBEDTLS_DEBUG_C
13956requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13957requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13958requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13959requires_config_enabled MBEDTLS_SSL_CLI_C
13960requires_config_enabled MBEDTLS_DEBUG_C
13961requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13962requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13963requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13964run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
13965 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13966 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
13967 0 \
13968 -s "Protocol is TLSv1.3" \
13969 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13970 -s "received signature algorithm: 0x804" \
13971 -s "got named group: ffdhe2048(0100)" \
13972 -s "Certificate verification was skipped" \
13973 -c "Protocol is TLSv1.3" \
13974 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13975 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13976 -c "NamedGroup: ffdhe2048 ( 100 )" \
13977 -c "Verifying peer X.509 certificate... ok" \
13978 -C "received HelloRetryRequest message"
13979
13980requires_config_enabled MBEDTLS_SSL_SRV_C
13981requires_config_enabled MBEDTLS_DEBUG_C
13982requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13983requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13984requires_config_enabled MBEDTLS_SSL_CLI_C
13985requires_config_enabled MBEDTLS_DEBUG_C
13986requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13987requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13988run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
13989 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13990 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
13991 0 \
13992 -s "Protocol is TLSv1.3" \
13993 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
13994 -s "received signature algorithm: 0x403" \
13995 -s "got named group: ffdhe8192(0104)" \
13996 -s "Certificate verification was skipped" \
13997 -c "Protocol is TLSv1.3" \
13998 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13999 -c "Certificate Verify: Signature algorithm ( 0403 )" \
14000 -c "NamedGroup: ffdhe8192 ( 104 )" \
14001 -c "Verifying peer X.509 certificate... ok" \
14002 -C "received HelloRetryRequest message"
14003
14004requires_config_enabled MBEDTLS_SSL_SRV_C
14005requires_config_enabled MBEDTLS_DEBUG_C
14006requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14007requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14008requires_config_enabled MBEDTLS_SSL_CLI_C
14009requires_config_enabled MBEDTLS_DEBUG_C
14010requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14011requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14012run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
14013 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14014 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
14015 0 \
14016 -s "Protocol is TLSv1.3" \
14017 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
14018 -s "received signature algorithm: 0x503" \
14019 -s "got named group: ffdhe8192(0104)" \
14020 -s "Certificate verification was skipped" \
14021 -c "Protocol is TLSv1.3" \
14022 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14023 -c "Certificate Verify: Signature algorithm ( 0503 )" \
14024 -c "NamedGroup: ffdhe8192 ( 104 )" \
14025 -c "Verifying peer X.509 certificate... ok" \
14026 -C "received HelloRetryRequest message"
14027
14028requires_config_enabled MBEDTLS_SSL_SRV_C
14029requires_config_enabled MBEDTLS_DEBUG_C
14030requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14031requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14032requires_config_enabled MBEDTLS_SSL_CLI_C
14033requires_config_enabled MBEDTLS_DEBUG_C
14034requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14035requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14036run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
14037 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14038 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
14039 0 \
14040 -s "Protocol is TLSv1.3" \
14041 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
14042 -s "received signature algorithm: 0x603" \
14043 -s "got named group: ffdhe8192(0104)" \
14044 -s "Certificate verification was skipped" \
14045 -c "Protocol is TLSv1.3" \
14046 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14047 -c "Certificate Verify: Signature algorithm ( 0603 )" \
14048 -c "NamedGroup: ffdhe8192 ( 104 )" \
14049 -c "Verifying peer X.509 certificate... ok" \
14050 -C "received HelloRetryRequest message"
14051
14052requires_config_enabled MBEDTLS_SSL_SRV_C
14053requires_config_enabled MBEDTLS_DEBUG_C
14054requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14055requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14056requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
14057requires_config_enabled MBEDTLS_SSL_CLI_C
14058requires_config_enabled MBEDTLS_DEBUG_C
14059requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14060requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14061requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
14062run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
14063 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14064 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
14065 0 \
14066 -s "Protocol is TLSv1.3" \
14067 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
14068 -s "received signature algorithm: 0x804" \
14069 -s "got named group: ffdhe8192(0104)" \
14070 -s "Certificate verification was skipped" \
14071 -c "Protocol is TLSv1.3" \
14072 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14073 -c "Certificate Verify: Signature algorithm ( 0804 )" \
14074 -c "NamedGroup: ffdhe8192 ( 104 )" \
14075 -c "Verifying peer X.509 certificate... ok" \
14076 -C "received HelloRetryRequest message"
14077
14078requires_config_enabled MBEDTLS_SSL_SRV_C
14079requires_config_enabled MBEDTLS_DEBUG_C
14080requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14081requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14082requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14083requires_openssl_tls1_3
14084run_test "TLS 1.3 O->m: HRR secp256r1 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14085 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14086 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14087 0 \
14088 -s "Protocol is TLSv1.3" \
14089 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14090 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14091 -s "HRR selected_group: secp384r1"
14092
14093requires_config_enabled MBEDTLS_SSL_SRV_C
14094requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14095requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14096requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14097requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14098requires_openssl_tls1_3
14099run_test "TLS 1.3 O->m: HRR secp256r1 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14100 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14101 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14102 0 \
14103 -s "Protocol is TLSv1.3" \
14104 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14105 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14106 -s "HRR selected_group: secp521r1"
14107
14108requires_config_enabled MBEDTLS_SSL_SRV_C
14109requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14110requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14111requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14112requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14113requires_openssl_tls1_3
14114run_test "TLS 1.3 O->m: HRR secp256r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14115 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14116 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14117 0 \
14118 -s "Protocol is TLSv1.3" \
14119 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14120 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14121 -s "HRR selected_group: x25519"
14122
14123requires_config_enabled MBEDTLS_SSL_SRV_C
14124requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14125requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14126requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14127requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14128requires_openssl_tls1_3
14129run_test "TLS 1.3 O->m: HRR secp256r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14130 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14131 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14132 0 \
14133 -s "Protocol is TLSv1.3" \
14134 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14135 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14136 -s "HRR selected_group: x448"
14137
14138requires_config_enabled MBEDTLS_SSL_SRV_C
14139requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14140requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14141requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14142requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14143requires_openssl_3_x
14144run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe2048" \
14145 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14146 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:ffdhe2048 -msg -tls1_3" \
14147 0 \
14148 -s "Protocol is TLSv1.3" \
14149 -s "got named group: ffdhe2048(0100)" \
14150 -s "Certificate verification was skipped" \
14151 -s "HRR selected_group: ffdhe2048"
14152
14153requires_config_enabled MBEDTLS_SSL_SRV_C
14154requires_config_enabled MBEDTLS_DEBUG_C
14155requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14156requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14157requires_openssl_tls1_3
14158requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14159run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe8192" \
14160 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14161 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:ffdhe8192 -msg -tls1_3" \
14162 0 \
14163 -s "Protocol is TLSv1.3" \
14164 -s "got named group: ffdhe8192(0104)" \
14165 -s "Certificate verification was skipped" \
14166 -s "HRR selected_group: ffdhe8192"
14167
14168requires_config_enabled MBEDTLS_SSL_SRV_C
14169requires_config_enabled MBEDTLS_DEBUG_C
14170requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14171requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14172requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14173requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14174run_test "TLS 1.3 O->m: HRR secp384r1 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14175 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14176 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14177 0 \
14178 -s "Protocol is TLSv1.3" \
14179 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14180 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14181 -s "HRR selected_group: secp256r1"
14182
14183requires_config_enabled MBEDTLS_SSL_SRV_C
14184requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14185requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14186requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14187requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14188requires_openssl_tls1_3
14189run_test "TLS 1.3 O->m: HRR secp384r1 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14190 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14191 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14192 0 \
14193 -s "Protocol is TLSv1.3" \
14194 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14195 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14196 -s "HRR selected_group: secp521r1"
14197
14198requires_config_enabled MBEDTLS_SSL_SRV_C
14199requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14200requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14201requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14202requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14203requires_openssl_tls1_3
14204run_test "TLS 1.3 O->m: HRR secp384r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14205 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14206 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14207 0 \
14208 -s "Protocol is TLSv1.3" \
14209 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14210 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14211 -s "HRR selected_group: x25519"
14212
14213requires_config_enabled MBEDTLS_SSL_SRV_C
14214requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14215requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14216requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14217requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14218requires_openssl_tls1_3
14219run_test "TLS 1.3 O->m: HRR secp384r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14220 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14221 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14222 0 \
14223 -s "Protocol is TLSv1.3" \
14224 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14225 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14226 -s "HRR selected_group: x448"
14227
14228requires_config_enabled MBEDTLS_SSL_SRV_C
14229requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14230requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14231requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14232requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14233requires_openssl_3_x
14234run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe2048" \
14235 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14236 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:ffdhe2048 -msg -tls1_3" \
14237 0 \
14238 -s "Protocol is TLSv1.3" \
14239 -s "got named group: ffdhe2048(0100)" \
14240 -s "Certificate verification was skipped" \
14241 -s "HRR selected_group: ffdhe2048"
14242
14243requires_config_enabled MBEDTLS_SSL_SRV_C
14244requires_config_enabled MBEDTLS_DEBUG_C
14245requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14246requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14247requires_openssl_tls1_3
14248requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14249run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe8192" \
14250 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14251 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:ffdhe8192 -msg -tls1_3" \
14252 0 \
14253 -s "Protocol is TLSv1.3" \
14254 -s "got named group: ffdhe8192(0104)" \
14255 -s "Certificate verification was skipped" \
14256 -s "HRR selected_group: ffdhe8192"
14257
14258requires_config_enabled MBEDTLS_SSL_SRV_C
14259requires_config_enabled MBEDTLS_DEBUG_C
14260requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14261requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14262requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14263requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14264run_test "TLS 1.3 O->m: HRR secp521r1 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14265 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14266 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14267 0 \
14268 -s "Protocol is TLSv1.3" \
14269 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14270 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14271 -s "HRR selected_group: secp256r1"
14272
14273requires_config_enabled MBEDTLS_SSL_SRV_C
14274requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14275requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14276requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14277requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14278requires_openssl_tls1_3
14279run_test "TLS 1.3 O->m: HRR secp521r1 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14280 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14281 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14282 0 \
14283 -s "Protocol is TLSv1.3" \
14284 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14285 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14286 -s "HRR selected_group: secp384r1"
14287
14288requires_config_enabled MBEDTLS_SSL_SRV_C
14289requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14290requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14291requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14292requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14293requires_openssl_tls1_3
14294run_test "TLS 1.3 O->m: HRR secp521r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14295 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14296 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14297 0 \
14298 -s "Protocol is TLSv1.3" \
14299 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14300 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14301 -s "HRR selected_group: x25519"
14302
14303requires_config_enabled MBEDTLS_SSL_SRV_C
14304requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14305requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14306requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14307requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14308requires_openssl_tls1_3
14309run_test "TLS 1.3 O->m: HRR secp521r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14310 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14311 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14312 0 \
14313 -s "Protocol is TLSv1.3" \
14314 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14315 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14316 -s "HRR selected_group: x448"
14317
14318requires_config_enabled MBEDTLS_SSL_SRV_C
14319requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14320requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14321requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14322requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14323requires_openssl_3_x
14324run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe2048" \
14325 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14326 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:ffdhe2048 -msg -tls1_3" \
14327 0 \
14328 -s "Protocol is TLSv1.3" \
14329 -s "got named group: ffdhe2048(0100)" \
14330 -s "Certificate verification was skipped" \
14331 -s "HRR selected_group: ffdhe2048"
14332
14333requires_config_enabled MBEDTLS_SSL_SRV_C
14334requires_config_enabled MBEDTLS_DEBUG_C
14335requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14336requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14337requires_openssl_tls1_3
14338requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14339run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe8192" \
14340 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14341 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:ffdhe8192 -msg -tls1_3" \
14342 0 \
14343 -s "Protocol is TLSv1.3" \
14344 -s "got named group: ffdhe8192(0104)" \
14345 -s "Certificate verification was skipped" \
14346 -s "HRR selected_group: ffdhe8192"
14347
14348requires_config_enabled MBEDTLS_SSL_SRV_C
14349requires_config_enabled MBEDTLS_DEBUG_C
14350requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14351requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14352requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14353requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14354run_test "TLS 1.3 O->m: HRR x25519 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14355 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14356 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14357 0 \
14358 -s "Protocol is TLSv1.3" \
14359 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14360 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14361 -s "HRR selected_group: secp256r1"
14362
14363requires_config_enabled MBEDTLS_SSL_SRV_C
14364requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14365requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14366requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14367requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14368requires_openssl_tls1_3
14369run_test "TLS 1.3 O->m: HRR x25519 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14370 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14371 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14372 0 \
14373 -s "Protocol is TLSv1.3" \
14374 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14375 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14376 -s "HRR selected_group: secp384r1"
14377
14378requires_config_enabled MBEDTLS_SSL_SRV_C
14379requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14380requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14381requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14382requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14383requires_openssl_tls1_3
14384run_test "TLS 1.3 O->m: HRR x25519 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14385 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14386 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14387 0 \
14388 -s "Protocol is TLSv1.3" \
14389 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14390 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14391 -s "HRR selected_group: secp521r1"
14392
14393requires_config_enabled MBEDTLS_SSL_SRV_C
14394requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14395requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14396requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14397requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14398requires_openssl_tls1_3
14399run_test "TLS 1.3 O->m: HRR x25519 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14400 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14401 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14402 0 \
14403 -s "Protocol is TLSv1.3" \
14404 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14405 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14406 -s "HRR selected_group: x448"
14407
14408requires_config_enabled MBEDTLS_SSL_SRV_C
14409requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14410requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14411requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14412requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14413requires_openssl_3_x
14414run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe2048" \
14415 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14416 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:ffdhe2048 -msg -tls1_3" \
14417 0 \
14418 -s "Protocol is TLSv1.3" \
14419 -s "got named group: ffdhe2048(0100)" \
14420 -s "Certificate verification was skipped" \
14421 -s "HRR selected_group: ffdhe2048"
14422
14423requires_config_enabled MBEDTLS_SSL_SRV_C
14424requires_config_enabled MBEDTLS_DEBUG_C
14425requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14426requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14427requires_openssl_tls1_3
14428requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14429run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe8192" \
14430 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14431 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:ffdhe8192 -msg -tls1_3" \
14432 0 \
14433 -s "Protocol is TLSv1.3" \
14434 -s "got named group: ffdhe8192(0104)" \
14435 -s "Certificate verification was skipped" \
14436 -s "HRR selected_group: ffdhe8192"
14437
14438requires_config_enabled MBEDTLS_SSL_SRV_C
14439requires_config_enabled MBEDTLS_DEBUG_C
14440requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14441requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14442requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14443requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14444run_test "TLS 1.3 O->m: HRR x448 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14445 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14446 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14447 0 \
14448 -s "Protocol is TLSv1.3" \
14449 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14450 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14451 -s "HRR selected_group: secp256r1"
14452
14453requires_config_enabled MBEDTLS_SSL_SRV_C
14454requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14455requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14456requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14457requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14458requires_openssl_tls1_3
14459run_test "TLS 1.3 O->m: HRR x448 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14460 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14461 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14462 0 \
14463 -s "Protocol is TLSv1.3" \
14464 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14465 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14466 -s "HRR selected_group: secp384r1"
14467
14468requires_config_enabled MBEDTLS_SSL_SRV_C
14469requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14470requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14471requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14472requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14473requires_openssl_tls1_3
14474run_test "TLS 1.3 O->m: HRR x448 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14475 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14476 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14477 0 \
14478 -s "Protocol is TLSv1.3" \
14479 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14480 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14481 -s "HRR selected_group: secp521r1"
14482
14483requires_config_enabled MBEDTLS_SSL_SRV_C
14484requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14485requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14486requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14487requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14488requires_openssl_tls1_3
14489run_test "TLS 1.3 O->m: HRR x448 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14490 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14491 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14492 0 \
14493 -s "Protocol is TLSv1.3" \
14494 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14495 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14496 -s "HRR selected_group: x25519"
14497
14498requires_config_enabled MBEDTLS_SSL_SRV_C
14499requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14500requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14501requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14502requires_openssl_tls1_3
14503requires_openssl_3_x
14504run_test "TLS 1.3 O->m: HRR x448 -> ffdhe2048" \
14505 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14506 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:ffdhe2048 -msg -tls1_3" \
14507 0 \
14508 -s "Protocol is TLSv1.3" \
14509 -s "got named group: ffdhe2048(0100)" \
14510 -s "Certificate verification was skipped" \
14511 -s "HRR selected_group: ffdhe2048"
14512
14513requires_config_enabled MBEDTLS_SSL_SRV_C
14514requires_config_enabled MBEDTLS_DEBUG_C
14515requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14516requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14517requires_openssl_tls1_3
14518requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14519run_test "TLS 1.3 O->m: HRR x448 -> ffdhe8192" \
14520 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14521 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:ffdhe8192 -msg -tls1_3" \
14522 0 \
14523 -s "Protocol is TLSv1.3" \
14524 -s "got named group: ffdhe8192(0104)" \
14525 -s "Certificate verification was skipped" \
14526 -s "HRR selected_group: ffdhe8192"
14527
14528requires_config_enabled MBEDTLS_SSL_SRV_C
14529requires_config_enabled MBEDTLS_DEBUG_C
14530requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14531requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14532requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14533requires_openssl_tls1_3
14534requires_openssl_3_x
14535run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp256r1" \
14536 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14537 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:P-256 -msg -tls1_3" \
14538 0 \
14539 -s "Protocol is TLSv1.3" \
14540 -s "got named group: secp256r1(0017)" \
14541 -s "Certificate verification was skipped" \
14542 -s "HRR selected_group: secp256r1"
14543
14544requires_config_enabled MBEDTLS_SSL_SRV_C
14545requires_config_enabled MBEDTLS_DEBUG_C
14546requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14547requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14548requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14549requires_openssl_tls1_3
14550requires_openssl_3_x
14551run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp384r1" \
14552 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14553 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:P-384 -msg -tls1_3" \
14554 0 \
14555 -s "Protocol is TLSv1.3" \
14556 -s "got named group: secp384r1(0018)" \
14557 -s "Certificate verification was skipped" \
14558 -s "HRR selected_group: secp384r1"
14559
14560requires_config_enabled MBEDTLS_SSL_SRV_C
14561requires_config_enabled MBEDTLS_DEBUG_C
14562requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14563requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14564requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14565requires_openssl_tls1_3
14566requires_openssl_3_x
14567run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp521r1" \
14568 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14569 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:P-521 -msg -tls1_3" \
14570 0 \
14571 -s "Protocol is TLSv1.3" \
14572 -s "got named group: secp521r1(0019)" \
14573 -s "Certificate verification was skipped" \
14574 -s "HRR selected_group: secp521r1"
14575
14576requires_config_enabled MBEDTLS_SSL_SRV_C
14577requires_config_enabled MBEDTLS_DEBUG_C
14578requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14579requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14580requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14581requires_openssl_tls1_3
14582requires_openssl_3_x
14583run_test "TLS 1.3 O->m: HRR ffdhe2048 -> x25519" \
14584 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14585 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:X25519 -msg -tls1_3" \
14586 0 \
14587 -s "Protocol is TLSv1.3" \
14588 -s "got named group: x25519(001d)" \
14589 -s "Certificate verification was skipped" \
14590 -s "HRR selected_group: x25519"
14591
14592requires_config_enabled MBEDTLS_SSL_SRV_C
14593requires_config_enabled MBEDTLS_DEBUG_C
14594requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14595requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14596requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14597requires_openssl_tls1_3
14598requires_openssl_3_x
14599run_test "TLS 1.3 O->m: HRR ffdhe2048 -> x448" \
14600 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14601 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:X448 -msg -tls1_3" \
14602 0 \
14603 -s "Protocol is TLSv1.3" \
14604 -s "got named group: x448(001e)" \
14605 -s "Certificate verification was skipped" \
14606 -s "HRR selected_group: x448"
14607
14608requires_config_enabled MBEDTLS_SSL_SRV_C
14609requires_config_enabled MBEDTLS_DEBUG_C
14610requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14611requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14612requires_openssl_tls1_3
14613requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14614run_test "TLS 1.3 O->m: HRR ffdhe2048 -> ffdhe8192" \
14615 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14616 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:ffdhe8192 -msg -tls1_3" \
14617 0 \
14618 -s "Protocol is TLSv1.3" \
14619 -s "got named group: ffdhe8192(0104)" \
14620 -s "Certificate verification was skipped" \
14621 -s "HRR selected_group: ffdhe8192"
14622
14623requires_config_enabled MBEDTLS_SSL_SRV_C
14624requires_config_enabled MBEDTLS_DEBUG_C
14625requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14626requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14627requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14628requires_openssl_tls1_3
14629requires_openssl_3_x
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14630run_test "TLS 1.3 O->m: HRR ffdhe8192 -> secp256r1" \
14631 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14632 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:P-256 -msg -tls1_3" \
14633 0 \
14634 -s "Protocol is TLSv1.3" \
14635 -s "got named group: secp256r1(0017)" \
14636 -s "Certificate verification was skipped" \
14637 -s "HRR selected_group: secp256r1"
14638
14639requires_config_enabled MBEDTLS_SSL_SRV_C
14640requires_config_enabled MBEDTLS_DEBUG_C
14641requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14642requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14643requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14644requires_openssl_tls1_3
14645requires_openssl_3_x
14646run_test "TLS 1.3 O->m: HRR ffdhe8192 -> secp384r1" \
14647 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14648 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:P-384 -msg -tls1_3" \
14649 0 \
14650 -s "Protocol is TLSv1.3" \
14651 -s "got named group: secp384r1(0018)" \
14652 -s "Certificate verification was skipped" \
14653 -s "HRR selected_group: secp384r1"
14654
14655requires_config_enabled MBEDTLS_SSL_SRV_C
14656requires_config_enabled MBEDTLS_DEBUG_C
14657requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14658requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14659requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14660requires_openssl_tls1_3
14661requires_openssl_3_x
14662run_test "TLS 1.3 O->m: HRR ffdhe8192 -> secp521r1" \
14663 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14664 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:P-521 -msg -tls1_3" \
14665 0 \
14666 -s "Protocol is TLSv1.3" \
14667 -s "got named group: secp521r1(0019)" \
14668 -s "Certificate verification was skipped" \
14669 -s "HRR selected_group: secp521r1"
14670
14671requires_config_enabled MBEDTLS_SSL_SRV_C
14672requires_config_enabled MBEDTLS_DEBUG_C
14673requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14674requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14675requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14676requires_openssl_tls1_3
14677requires_openssl_3_x
14678run_test "TLS 1.3 O->m: HRR ffdhe8192 -> x25519" \
14679 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14680 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:X25519 -msg -tls1_3" \
14681 0 \
14682 -s "Protocol is TLSv1.3" \
14683 -s "got named group: x25519(001d)" \
14684 -s "Certificate verification was skipped" \
14685 -s "HRR selected_group: x25519"
14686
14687requires_config_enabled MBEDTLS_SSL_SRV_C
14688requires_config_enabled MBEDTLS_DEBUG_C
14689requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14690requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14691requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14692requires_openssl_tls1_3
14693requires_openssl_3_x
14694run_test "TLS 1.3 O->m: HRR ffdhe8192 -> x448" \
14695 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14696 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:X448 -msg -tls1_3" \
14697 0 \
14698 -s "Protocol is TLSv1.3" \
14699 -s "got named group: x448(001e)" \
14700 -s "Certificate verification was skipped" \
14701 -s "HRR selected_group: x448"
14702
14703requires_config_enabled MBEDTLS_SSL_SRV_C
14704requires_config_enabled MBEDTLS_DEBUG_C
14705requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14706requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14707requires_openssl_tls1_3
14708requires_openssl_3_x
14709run_test "TLS 1.3 O->m: HRR ffdhe8192 -> ffdhe2048" \
14710 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14711 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:ffdhe2048 -msg -tls1_3" \
14712 0 \
14713 -s "Protocol is TLSv1.3" \
14714 -s "got named group: ffdhe2048(0100)" \
14715 -s "Certificate verification was skipped" \
14716 -s "HRR selected_group: ffdhe2048"
14717
14718requires_config_enabled MBEDTLS_SSL_SRV_C
14719requires_config_enabled MBEDTLS_DEBUG_C
14720requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14721requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14722requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14723requires_gnutls_tls1_3
14724requires_gnutls_next_no_ticket
14725requires_gnutls_next_disable_tls13_compat
14726run_test "TLS 1.3 G->m: HRR secp256r1 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14727 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14728 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14729 0 \
14730 -s "Protocol is TLSv1.3" \
14731 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14732 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14733 -s "HRR selected_group: secp384r1"
14734
14735requires_config_enabled MBEDTLS_SSL_SRV_C
14736requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14737requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14738requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14739requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14740requires_gnutls_tls1_3
14741requires_gnutls_next_no_ticket
14742requires_gnutls_next_disable_tls13_compat
14743run_test "TLS 1.3 G->m: HRR secp256r1 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14744 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14745 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14746 0 \
14747 -s "Protocol is TLSv1.3" \
14748 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14749 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14750 -s "HRR selected_group: secp521r1"
14751
14752requires_config_enabled MBEDTLS_SSL_SRV_C
14753requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14754requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14755requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14756requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14757requires_gnutls_tls1_3
14758requires_gnutls_next_no_ticket
14759requires_gnutls_next_disable_tls13_compat
14760run_test "TLS 1.3 G->m: HRR secp256r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14761 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14762 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14763 0 \
14764 -s "Protocol is TLSv1.3" \
14765 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14766 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14767 -s "HRR selected_group: x25519"
14768
14769requires_config_enabled MBEDTLS_SSL_SRV_C
14770requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14771requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14772requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14773requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14774requires_gnutls_tls1_3
14775requires_gnutls_next_no_ticket
14776requires_gnutls_next_disable_tls13_compat
14777run_test "TLS 1.3 G->m: HRR secp256r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14778 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14779 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14780 0 \
14781 -s "Protocol is TLSv1.3" \
14782 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14783 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14784 -s "HRR selected_group: x448"
14785
14786requires_config_enabled MBEDTLS_SSL_SRV_C
14787requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14788requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14789requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14790requires_gnutls_tls1_3
14791requires_gnutls_next_no_ticket
14792requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14793run_test "TLS 1.3 G->m: HRR secp256r1 -> ffdhe2048" \
14794 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14795 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14796 0 \
14797 -s "Protocol is TLSv1.3" \
14798 -s "got named group: ffdhe2048(0100)" \
14799 -s "Certificate verification was skipped" \
14800 -s "HRR selected_group: ffdhe2048"
14801
14802requires_config_enabled MBEDTLS_SSL_SRV_C
14803requires_config_enabled MBEDTLS_DEBUG_C
14804requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14805requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14806requires_gnutls_tls1_3
14807requires_gnutls_next_no_ticket
14808requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14809run_test "TLS 1.3 G->m: HRR secp256r1 -> ffdhe8192" \
14810 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14811 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
14812 0 \
14813 -s "Protocol is TLSv1.3" \
14814 -s "got named group: ffdhe8192(0104)" \
14815 -s "Certificate verification was skipped" \
14816 -s "HRR selected_group: ffdhe8192"
14817
14818requires_config_enabled MBEDTLS_SSL_SRV_C
14819requires_config_enabled MBEDTLS_DEBUG_C
14820requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14821requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14822requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14823requires_gnutls_tls1_3
14824requires_gnutls_next_no_ticket
14825requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14826run_test "TLS 1.3 G->m: HRR secp384r1 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14827 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14828 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14829 0 \
14830 -s "Protocol is TLSv1.3" \
14831 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14832 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14833 -s "HRR selected_group: secp256r1"
14834
14835requires_config_enabled MBEDTLS_SSL_SRV_C
14836requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14837requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14838requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14839requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14840requires_gnutls_tls1_3
14841requires_gnutls_next_no_ticket
14842requires_gnutls_next_disable_tls13_compat
14843run_test "TLS 1.3 G->m: HRR secp384r1 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14844 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14845 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14846 0 \
14847 -s "Protocol is TLSv1.3" \
14848 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14849 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14850 -s "HRR selected_group: secp521r1"
14851
14852requires_config_enabled MBEDTLS_SSL_SRV_C
14853requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14854requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14855requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14856requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14857requires_gnutls_tls1_3
14858requires_gnutls_next_no_ticket
14859requires_gnutls_next_disable_tls13_compat
14860run_test "TLS 1.3 G->m: HRR secp384r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14861 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14862 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14863 0 \
14864 -s "Protocol is TLSv1.3" \
14865 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14866 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14867 -s "HRR selected_group: x25519"
14868
14869requires_config_enabled MBEDTLS_SSL_SRV_C
14870requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14871requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14872requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14873requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14874requires_gnutls_tls1_3
14875requires_gnutls_next_no_ticket
14876requires_gnutls_next_disable_tls13_compat
14877run_test "TLS 1.3 G->m: HRR secp384r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14878 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14879 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14880 0 \
14881 -s "Protocol is TLSv1.3" \
14882 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14883 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14884 -s "HRR selected_group: x448"
14885
14886requires_config_enabled MBEDTLS_SSL_SRV_C
14887requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14888requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14889requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14890requires_gnutls_tls1_3
14891requires_gnutls_next_no_ticket
14892requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14893run_test "TLS 1.3 G->m: HRR secp384r1 -> ffdhe2048" \
14894 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14895 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14896 0 \
14897 -s "Protocol is TLSv1.3" \
14898 -s "got named group: ffdhe2048(0100)" \
14899 -s "Certificate verification was skipped" \
14900 -s "HRR selected_group: ffdhe2048"
14901
14902requires_config_enabled MBEDTLS_SSL_SRV_C
14903requires_config_enabled MBEDTLS_DEBUG_C
14904requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14905requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14906requires_gnutls_tls1_3
14907requires_gnutls_next_no_ticket
14908requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14909run_test "TLS 1.3 G->m: HRR secp384r1 -> ffdhe8192" \
14910 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14911 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
14912 0 \
14913 -s "Protocol is TLSv1.3" \
14914 -s "got named group: ffdhe8192(0104)" \
14915 -s "Certificate verification was skipped" \
14916 -s "HRR selected_group: ffdhe8192"
14917
14918requires_config_enabled MBEDTLS_SSL_SRV_C
14919requires_config_enabled MBEDTLS_DEBUG_C
14920requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14921requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14922requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14923requires_gnutls_tls1_3
14924requires_gnutls_next_no_ticket
14925requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14926run_test "TLS 1.3 G->m: HRR secp521r1 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14927 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14928 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14929 0 \
14930 -s "Protocol is TLSv1.3" \
14931 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14932 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14933 -s "HRR selected_group: secp256r1"
14934
14935requires_config_enabled MBEDTLS_SSL_SRV_C
14936requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14937requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14938requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14939requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14940requires_gnutls_tls1_3
14941requires_gnutls_next_no_ticket
14942requires_gnutls_next_disable_tls13_compat
14943run_test "TLS 1.3 G->m: HRR secp521r1 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14944 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14945 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14946 0 \
14947 -s "Protocol is TLSv1.3" \
14948 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14949 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14950 -s "HRR selected_group: secp384r1"
14951
14952requires_config_enabled MBEDTLS_SSL_SRV_C
14953requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14954requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14955requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14956requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14957requires_gnutls_tls1_3
14958requires_gnutls_next_no_ticket
14959requires_gnutls_next_disable_tls13_compat
14960run_test "TLS 1.3 G->m: HRR secp521r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14961 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14962 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14963 0 \
14964 -s "Protocol is TLSv1.3" \
14965 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14966 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14967 -s "HRR selected_group: x25519"
14968
14969requires_config_enabled MBEDTLS_SSL_SRV_C
14970requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14971requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14972requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]14973requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14974requires_gnutls_tls1_3
14975requires_gnutls_next_no_ticket
14976requires_gnutls_next_disable_tls13_compat
14977run_test "TLS 1.3 G->m: HRR secp521r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14978 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]14979 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14980 0 \
14981 -s "Protocol is TLSv1.3" \
14982 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14983 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14984 -s "HRR selected_group: x448"
14985
14986requires_config_enabled MBEDTLS_SSL_SRV_C
14987requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14988requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14989requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14990requires_gnutls_tls1_3
14991requires_gnutls_next_no_ticket
14992requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14993run_test "TLS 1.3 G->m: HRR secp521r1 -> ffdhe2048" \
14994 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14995 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14996 0 \
14997 -s "Protocol is TLSv1.3" \
14998 -s "got named group: ffdhe2048(0100)" \
14999 -s "Certificate verification was skipped" \
15000 -s "HRR selected_group: ffdhe2048"
15001
15002requires_config_enabled MBEDTLS_SSL_SRV_C
15003requires_config_enabled MBEDTLS_DEBUG_C
15004requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15005requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15006requires_gnutls_tls1_3
15007requires_gnutls_next_no_ticket
15008requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15009run_test "TLS 1.3 G->m: HRR secp521r1 -> ffdhe8192" \
15010 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15011 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
15012 0 \
15013 -s "Protocol is TLSv1.3" \
15014 -s "got named group: ffdhe8192(0104)" \
15015 -s "Certificate verification was skipped" \
15016 -s "HRR selected_group: ffdhe8192"
15017
15018requires_config_enabled MBEDTLS_SSL_SRV_C
15019requires_config_enabled MBEDTLS_DEBUG_C
15020requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15021requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15022requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15023requires_gnutls_tls1_3
15024requires_gnutls_next_no_ticket
15025requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15026run_test "TLS 1.3 G->m: HRR x25519 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15027 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15028 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15029 0 \
15030 -s "Protocol is TLSv1.3" \
15031 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15032 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15033 -s "HRR selected_group: secp256r1"
15034
15035requires_config_enabled MBEDTLS_SSL_SRV_C
15036requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15037requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15038requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15039requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15040requires_gnutls_tls1_3
15041requires_gnutls_next_no_ticket
15042requires_gnutls_next_disable_tls13_compat
15043run_test "TLS 1.3 G->m: HRR x25519 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15044 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15045 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15046 0 \
15047 -s "Protocol is TLSv1.3" \
15048 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15049 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15050 -s "HRR selected_group: secp384r1"
15051
15052requires_config_enabled MBEDTLS_SSL_SRV_C
15053requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15054requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15055requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15056requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15057requires_gnutls_tls1_3
15058requires_gnutls_next_no_ticket
15059requires_gnutls_next_disable_tls13_compat
15060run_test "TLS 1.3 G->m: HRR x25519 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15061 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15062 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15063 0 \
15064 -s "Protocol is TLSv1.3" \
15065 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15066 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15067 -s "HRR selected_group: secp521r1"
15068
15069requires_config_enabled MBEDTLS_SSL_SRV_C
15070requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15071requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15072requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15073requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15074requires_gnutls_tls1_3
15075requires_gnutls_next_no_ticket
15076requires_gnutls_next_disable_tls13_compat
15077run_test "TLS 1.3 G->m: HRR x25519 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15078 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15079 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15080 0 \
15081 -s "Protocol is TLSv1.3" \
15082 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15083 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15084 -s "HRR selected_group: x448"
15085
15086requires_config_enabled MBEDTLS_SSL_SRV_C
15087requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15088requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15089requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15090requires_gnutls_tls1_3
15091requires_gnutls_next_no_ticket
15092requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15093run_test "TLS 1.3 G->m: HRR x25519 -> ffdhe2048" \
15094 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15095 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
15096 0 \
15097 -s "Protocol is TLSv1.3" \
15098 -s "got named group: ffdhe2048(0100)" \
15099 -s "Certificate verification was skipped" \
15100 -s "HRR selected_group: ffdhe2048"
15101
15102requires_config_enabled MBEDTLS_SSL_SRV_C
15103requires_config_enabled MBEDTLS_DEBUG_C
15104requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15105requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15106requires_gnutls_tls1_3
15107requires_gnutls_next_no_ticket
15108requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15109run_test "TLS 1.3 G->m: HRR x25519 -> ffdhe8192" \
15110 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15111 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
15112 0 \
15113 -s "Protocol is TLSv1.3" \
15114 -s "got named group: ffdhe8192(0104)" \
15115 -s "Certificate verification was skipped" \
15116 -s "HRR selected_group: ffdhe8192"
15117
15118requires_config_enabled MBEDTLS_SSL_SRV_C
15119requires_config_enabled MBEDTLS_DEBUG_C
15120requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15121requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15122requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15123requires_gnutls_tls1_3
15124requires_gnutls_next_no_ticket
15125requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15126run_test "TLS 1.3 G->m: HRR x448 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15127 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15128 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15129 0 \
15130 -s "Protocol is TLSv1.3" \
15131 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15132 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15133 -s "HRR selected_group: secp256r1"
15134
15135requires_config_enabled MBEDTLS_SSL_SRV_C
15136requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15137requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15138requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15139requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15140requires_gnutls_tls1_3
15141requires_gnutls_next_no_ticket
15142requires_gnutls_next_disable_tls13_compat
15143run_test "TLS 1.3 G->m: HRR x448 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15144 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15145 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15146 0 \
15147 -s "Protocol is TLSv1.3" \
15148 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15149 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15150 -s "HRR selected_group: secp384r1"
15151
15152requires_config_enabled MBEDTLS_SSL_SRV_C
15153requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15154requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15155requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15156requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15157requires_gnutls_tls1_3
15158requires_gnutls_next_no_ticket
15159requires_gnutls_next_disable_tls13_compat
15160run_test "TLS 1.3 G->m: HRR x448 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15161 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15162 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15163 0 \
15164 -s "Protocol is TLSv1.3" \
15165 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15166 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15167 -s "HRR selected_group: secp521r1"
15168
15169requires_config_enabled MBEDTLS_SSL_SRV_C
15170requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15171requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15172requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15173requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15174requires_gnutls_tls1_3
15175requires_gnutls_next_no_ticket
15176requires_gnutls_next_disable_tls13_compat
15177run_test "TLS 1.3 G->m: HRR x448 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15178 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15179 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15180 0 \
15181 -s "Protocol is TLSv1.3" \
15182 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15183 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15184 -s "HRR selected_group: x25519"
15185
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15186requires_config_enabled MBEDTLS_SSL_SRV_C
15187requires_config_enabled MBEDTLS_DEBUG_C
15188requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15189requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15190requires_gnutls_tls1_3
15191requires_gnutls_next_no_ticket
15192requires_gnutls_next_disable_tls13_compat
15193run_test "TLS 1.3 G->m: HRR x448 -> ffdhe2048" \
15194 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15195 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
15196 0 \
15197 -s "Protocol is TLSv1.3" \
15198 -s "got named group: ffdhe2048(0100)" \
15199 -s "Certificate verification was skipped" \
15200 -s "HRR selected_group: ffdhe2048"
15201
15202requires_config_enabled MBEDTLS_SSL_SRV_C
15203requires_config_enabled MBEDTLS_DEBUG_C
15204requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15205requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15206requires_gnutls_tls1_3
15207requires_gnutls_next_no_ticket
15208requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15209run_test "TLS 1.3 G->m: HRR x448 -> ffdhe8192" \
15210 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15211 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
15212 0 \
15213 -s "Protocol is TLSv1.3" \
15214 -s "got named group: ffdhe8192(0104)" \
15215 -s "Certificate verification was skipped" \
15216 -s "HRR selected_group: ffdhe8192"
15217
15218requires_config_enabled MBEDTLS_SSL_SRV_C
15219requires_config_enabled MBEDTLS_DEBUG_C
15220requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15221requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15222requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15223requires_gnutls_tls1_3
15224requires_gnutls_next_no_ticket
15225requires_gnutls_next_disable_tls13_compat
15226run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp256r1" \
15227 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15228 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
15229 0 \
15230 -s "Protocol is TLSv1.3" \
15231 -s "got named group: secp256r1(0017)" \
15232 -s "Certificate verification was skipped" \
15233 -s "HRR selected_group: secp256r1"
15234
15235requires_config_enabled MBEDTLS_SSL_SRV_C
15236requires_config_enabled MBEDTLS_DEBUG_C
15237requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15238requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15239requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15240requires_gnutls_tls1_3
15241requires_gnutls_next_no_ticket
15242requires_gnutls_next_disable_tls13_compat
15243run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp384r1" \
15244 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15245 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
15246 0 \
15247 -s "Protocol is TLSv1.3" \
15248 -s "got named group: secp384r1(0018)" \
15249 -s "Certificate verification was skipped" \
15250 -s "HRR selected_group: secp384r1"
15251
15252requires_config_enabled MBEDTLS_SSL_SRV_C
15253requires_config_enabled MBEDTLS_DEBUG_C
15254requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15255requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15256requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15257requires_gnutls_tls1_3
15258requires_gnutls_next_no_ticket
15259requires_gnutls_next_disable_tls13_compat
15260run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp521r1" \
15261 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15262 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
15263 0 \
15264 -s "Protocol is TLSv1.3" \
15265 -s "got named group: secp521r1(0019)" \
15266 -s "Certificate verification was skipped" \
15267 -s "HRR selected_group: secp521r1"
15268
15269requires_config_enabled MBEDTLS_SSL_SRV_C
15270requires_config_enabled MBEDTLS_DEBUG_C
15271requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15272requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15273requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15274requires_gnutls_tls1_3
15275requires_gnutls_next_no_ticket
15276requires_gnutls_next_disable_tls13_compat
15277run_test "TLS 1.3 G->m: HRR ffdhe2048 -> x25519" \
15278 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15279 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
15280 0 \
15281 -s "Protocol is TLSv1.3" \
15282 -s "got named group: x25519(001d)" \
15283 -s "Certificate verification was skipped" \
15284 -s "HRR selected_group: x25519"
15285
15286requires_config_enabled MBEDTLS_SSL_SRV_C
15287requires_config_enabled MBEDTLS_DEBUG_C
15288requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15289requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15290requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15291requires_gnutls_tls1_3
15292requires_gnutls_next_no_ticket
15293requires_gnutls_next_disable_tls13_compat
15294run_test "TLS 1.3 G->m: HRR ffdhe2048 -> x448" \
15295 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15296 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
15297 0 \
15298 -s "Protocol is TLSv1.3" \
15299 -s "got named group: x448(001e)" \
15300 -s "Certificate verification was skipped" \
15301 -s "HRR selected_group: x448"
15302
15303requires_config_enabled MBEDTLS_SSL_SRV_C
15304requires_config_enabled MBEDTLS_DEBUG_C
15305requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15306requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15307requires_gnutls_tls1_3
15308requires_gnutls_next_no_ticket
15309requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15310run_test "TLS 1.3 G->m: HRR ffdhe2048 -> ffdhe8192" \
15311 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15312 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
15313 0 \
15314 -s "Protocol is TLSv1.3" \
15315 -s "got named group: ffdhe8192(0104)" \
15316 -s "Certificate verification was skipped" \
15317 -s "HRR selected_group: ffdhe8192"
15318
15319requires_config_enabled MBEDTLS_SSL_SRV_C
15320requires_config_enabled MBEDTLS_DEBUG_C
15321requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15322requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15323requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15324requires_gnutls_tls1_3
15325requires_gnutls_next_no_ticket
15326requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15327run_test "TLS 1.3 G->m: HRR ffdhe8192 -> secp256r1" \
15328 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15329 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
15330 0 \
15331 -s "Protocol is TLSv1.3" \
15332 -s "got named group: secp256r1(0017)" \
15333 -s "Certificate verification was skipped" \
15334 -s "HRR selected_group: secp256r1"
15335
15336requires_config_enabled MBEDTLS_SSL_SRV_C
15337requires_config_enabled MBEDTLS_DEBUG_C
15338requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15339requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15340requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15341requires_gnutls_tls1_3
15342requires_gnutls_next_no_ticket
15343requires_gnutls_next_disable_tls13_compat
15344run_test "TLS 1.3 G->m: HRR ffdhe8192 -> secp384r1" \
15345 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15346 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
15347 0 \
15348 -s "Protocol is TLSv1.3" \
15349 -s "got named group: secp384r1(0018)" \
15350 -s "Certificate verification was skipped" \
15351 -s "HRR selected_group: secp384r1"
15352
15353requires_config_enabled MBEDTLS_SSL_SRV_C
15354requires_config_enabled MBEDTLS_DEBUG_C
15355requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15356requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15357requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15358requires_gnutls_tls1_3
15359requires_gnutls_next_no_ticket
15360requires_gnutls_next_disable_tls13_compat
15361run_test "TLS 1.3 G->m: HRR ffdhe8192 -> secp521r1" \
15362 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15363 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
15364 0 \
15365 -s "Protocol is TLSv1.3" \
15366 -s "got named group: secp521r1(0019)" \
15367 -s "Certificate verification was skipped" \
15368 -s "HRR selected_group: secp521r1"
15369
15370requires_config_enabled MBEDTLS_SSL_SRV_C
15371requires_config_enabled MBEDTLS_DEBUG_C
15372requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15373requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15374requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15375requires_gnutls_tls1_3
15376requires_gnutls_next_no_ticket
15377requires_gnutls_next_disable_tls13_compat
15378run_test "TLS 1.3 G->m: HRR ffdhe8192 -> x25519" \
15379 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15380 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
15381 0 \
15382 -s "Protocol is TLSv1.3" \
15383 -s "got named group: x25519(001d)" \
15384 -s "Certificate verification was skipped" \
15385 -s "HRR selected_group: x25519"
15386
15387requires_config_enabled MBEDTLS_SSL_SRV_C
15388requires_config_enabled MBEDTLS_DEBUG_C
15389requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15390requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15391requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15392requires_gnutls_tls1_3
15393requires_gnutls_next_no_ticket
15394requires_gnutls_next_disable_tls13_compat
15395run_test "TLS 1.3 G->m: HRR ffdhe8192 -> x448" \
15396 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15397 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
15398 0 \
15399 -s "Protocol is TLSv1.3" \
15400 -s "got named group: x448(001e)" \
15401 -s "Certificate verification was skipped" \
15402 -s "HRR selected_group: x448"
15403
15404requires_config_enabled MBEDTLS_SSL_SRV_C
15405requires_config_enabled MBEDTLS_DEBUG_C
15406requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15407requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15408requires_gnutls_tls1_3
15409requires_gnutls_next_no_ticket
15410requires_gnutls_next_disable_tls13_compat
15411run_test "TLS 1.3 G->m: HRR ffdhe8192 -> ffdhe2048" \
15412 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15413 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
15414 0 \
15415 -s "Protocol is TLSv1.3" \
15416 -s "got named group: ffdhe2048(0100)" \
15417 -s "Certificate verification was skipped" \
15418 -s "HRR selected_group: ffdhe2048"
15419
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15420requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15421requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15422requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15423requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15424requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15425requires_config_enabled MBEDTLS_ECDH_C
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]15426run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15427 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15428 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]15429 0 \
15430 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15431 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]15432 -c "NamedGroup: secp256r1 ( 17 )" \
15433 -c "NamedGroup: secp384r1 ( 18 )" \
15434 -c "Verifying peer X.509 certificate... ok" \
15435 -c "received HelloRetryRequest message" \
15436 -c "selected_group ( 24 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15437
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15438requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15439requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15440requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15441requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15442requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15443requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]15444run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15445 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15446 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15447 0 \
15448 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15449 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]15450 -c "NamedGroup: secp256r1 ( 17 )" \
15451 -c "NamedGroup: secp521r1 ( 19 )" \
15452 -c "Verifying peer X.509 certificate... ok" \
15453 -c "received HelloRetryRequest message" \
15454 -c "selected_group ( 25 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15455
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15456requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15457requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15458requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15459requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15460requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15461requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]15462run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15463 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15464 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15465 0 \
15466 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15467 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]15468 -c "NamedGroup: secp256r1 ( 17 )" \
15469 -c "NamedGroup: x25519 ( 1d )" \
15470 -c "Verifying peer X.509 certificate... ok" \
15471 -c "received HelloRetryRequest message" \
15472 -c "selected_group ( 29 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15473
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15474requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15475requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15476requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15477requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15478requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15479requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]15480run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15481 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15482 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15483 0 \
15484 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15485 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]15486 -c "NamedGroup: secp256r1 ( 17 )" \
15487 -c "NamedGroup: x448 ( 1e )" \
15488 -c "Verifying peer X.509 certificate... ok" \
15489 -c "received HelloRetryRequest message" \
15490 -c "selected_group ( 30 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]15491
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15492requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15493requires_openssl_3_x
15494requires_config_enabled MBEDTLS_SSL_CLI_C
15495requires_config_enabled MBEDTLS_DEBUG_C
15496requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15497requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15498requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15499run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe2048" \
15500 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15501 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe2048" \
15502 0 \
15503 -c "HTTP/1.0 200 ok" \
15504 -c "Protocol is TLSv1.3" \
15505 -c "NamedGroup: secp256r1 ( 17 )" \
15506 -c "NamedGroup: ffdhe2048 ( 100 )" \
15507 -c "Verifying peer X.509 certificate... ok" \
15508 -c "received HelloRetryRequest message" \
15509 -c "selected_group ( 256 )"
15510
15511requires_openssl_tls1_3
15512requires_openssl_3_x
15513requires_config_enabled MBEDTLS_SSL_CLI_C
15514requires_config_enabled MBEDTLS_DEBUG_C
15515requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15516requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15517requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15518run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe8192" \
15519 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15520 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe8192" \
15521 0 \
15522 -c "HTTP/1.0 200 ok" \
15523 -c "Protocol is TLSv1.3" \
15524 -c "NamedGroup: secp256r1 ( 17 )" \
15525 -c "NamedGroup: ffdhe8192 ( 104 )" \
15526 -c "Verifying peer X.509 certificate... ok" \
15527 -c "received HelloRetryRequest message" \
15528 -c "selected_group ( 260 )"
15529
15530requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15531requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15532requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15533requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15534requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15535requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15536run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15537 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15538 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15539 0 \
15540 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15541 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15542 -c "NamedGroup: secp384r1 ( 18 )" \
15543 -c "NamedGroup: secp256r1 ( 17 )" \
15544 -c "Verifying peer X.509 certificate... ok" \
15545 -c "received HelloRetryRequest message" \
15546 -c "selected_group ( 23 )"
15547
15548requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15549requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15550requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15551requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15552requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15553requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15554run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15555 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15556 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15557 0 \
15558 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15559 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15560 -c "NamedGroup: secp384r1 ( 18 )" \
15561 -c "NamedGroup: secp521r1 ( 19 )" \
15562 -c "Verifying peer X.509 certificate... ok" \
15563 -c "received HelloRetryRequest message" \
15564 -c "selected_group ( 25 )"
15565
15566requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15567requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15568requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15569requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15570requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15571requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15572run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15573 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15574 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15575 0 \
15576 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15577 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15578 -c "NamedGroup: secp384r1 ( 18 )" \
15579 -c "NamedGroup: x25519 ( 1d )" \
15580 -c "Verifying peer X.509 certificate... ok" \
15581 -c "received HelloRetryRequest message" \
15582 -c "selected_group ( 29 )"
15583
15584requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15585requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15586requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15587requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15588requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15589requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15590run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15591 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15592 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15593 0 \
15594 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15595 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15596 -c "NamedGroup: secp384r1 ( 18 )" \
15597 -c "NamedGroup: x448 ( 1e )" \
15598 -c "Verifying peer X.509 certificate... ok" \
15599 -c "received HelloRetryRequest message" \
15600 -c "selected_group ( 30 )"
15601
15602requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15603requires_openssl_3_x
15604requires_config_enabled MBEDTLS_SSL_CLI_C
15605requires_config_enabled MBEDTLS_DEBUG_C
15606requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15607requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15608requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15609run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe2048" \
15610 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15611 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe2048" \
15612 0 \
15613 -c "HTTP/1.0 200 ok" \
15614 -c "Protocol is TLSv1.3" \
15615 -c "NamedGroup: secp384r1 ( 18 )" \
15616 -c "NamedGroup: ffdhe2048 ( 100 )" \
15617 -c "Verifying peer X.509 certificate... ok" \
15618 -c "received HelloRetryRequest message" \
15619 -c "selected_group ( 256 )"
15620
15621requires_openssl_tls1_3
15622requires_openssl_3_x
15623requires_config_enabled MBEDTLS_SSL_CLI_C
15624requires_config_enabled MBEDTLS_DEBUG_C
15625requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15626requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15627requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15628run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe8192" \
15629 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15630 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe8192" \
15631 0 \
15632 -c "HTTP/1.0 200 ok" \
15633 -c "Protocol is TLSv1.3" \
15634 -c "NamedGroup: secp384r1 ( 18 )" \
15635 -c "NamedGroup: ffdhe8192 ( 104 )" \
15636 -c "Verifying peer X.509 certificate... ok" \
15637 -c "received HelloRetryRequest message" \
15638 -c "selected_group ( 260 )"
15639
15640requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15641requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15642requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15643requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15644requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15645requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15646run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15647 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15648 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15649 0 \
15650 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15651 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15652 -c "NamedGroup: secp521r1 ( 19 )" \
15653 -c "NamedGroup: secp256r1 ( 17 )" \
15654 -c "Verifying peer X.509 certificate... ok" \
15655 -c "received HelloRetryRequest message" \
15656 -c "selected_group ( 23 )"
15657
15658requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15659requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15660requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15661requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15662requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15663requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15664run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15665 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15666 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15667 0 \
15668 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15669 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15670 -c "NamedGroup: secp521r1 ( 19 )" \
15671 -c "NamedGroup: secp384r1 ( 18 )" \
15672 -c "Verifying peer X.509 certificate... ok" \
15673 -c "received HelloRetryRequest message" \
15674 -c "selected_group ( 24 )"
15675
15676requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15677requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15678requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15679requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15680requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15681requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15682run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15683 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15684 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15685 0 \
15686 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15687 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15688 -c "NamedGroup: secp521r1 ( 19 )" \
15689 -c "NamedGroup: x25519 ( 1d )" \
15690 -c "Verifying peer X.509 certificate... ok" \
15691 -c "received HelloRetryRequest message" \
15692 -c "selected_group ( 29 )"
15693
15694requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15695requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15696requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15697requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15698requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15699requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15700run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15701 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15702 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15703 0 \
15704 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15705 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15706 -c "NamedGroup: secp521r1 ( 19 )" \
15707 -c "NamedGroup: x448 ( 1e )" \
15708 -c "Verifying peer X.509 certificate... ok" \
15709 -c "received HelloRetryRequest message" \
15710 -c "selected_group ( 30 )"
15711
15712requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15713requires_openssl_3_x
15714requires_config_enabled MBEDTLS_SSL_CLI_C
15715requires_config_enabled MBEDTLS_DEBUG_C
15716requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15717requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15718requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15719run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe2048" \
15720 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15721 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe2048" \
15722 0 \
15723 -c "HTTP/1.0 200 ok" \
15724 -c "Protocol is TLSv1.3" \
15725 -c "NamedGroup: secp521r1 ( 19 )" \
15726 -c "NamedGroup: ffdhe2048 ( 100 )" \
15727 -c "Verifying peer X.509 certificate... ok" \
15728 -c "received HelloRetryRequest message" \
15729 -c "selected_group ( 256 )"
15730
15731requires_openssl_tls1_3
15732requires_openssl_3_x
15733requires_config_enabled MBEDTLS_SSL_CLI_C
15734requires_config_enabled MBEDTLS_DEBUG_C
15735requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15736requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15737requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15738run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe8192" \
15739 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15740 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe8192" \
15741 0 \
15742 -c "HTTP/1.0 200 ok" \
15743 -c "Protocol is TLSv1.3" \
15744 -c "NamedGroup: secp521r1 ( 19 )" \
15745 -c "NamedGroup: ffdhe8192 ( 104 )" \
15746 -c "Verifying peer X.509 certificate... ok" \
15747 -c "received HelloRetryRequest message" \
15748 -c "selected_group ( 260 )"
15749
15750requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15751requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15752requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15753requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15754requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15755requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15756run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15757 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15758 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15759 0 \
15760 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15761 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15762 -c "NamedGroup: x25519 ( 1d )" \
15763 -c "NamedGroup: secp256r1 ( 17 )" \
15764 -c "Verifying peer X.509 certificate... ok" \
15765 -c "received HelloRetryRequest message" \
15766 -c "selected_group ( 23 )"
15767
15768requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15769requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15770requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15771requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15772requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15773requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15774run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15775 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15776 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15777 0 \
15778 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15779 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15780 -c "NamedGroup: x25519 ( 1d )" \
15781 -c "NamedGroup: secp384r1 ( 18 )" \
15782 -c "Verifying peer X.509 certificate... ok" \
15783 -c "received HelloRetryRequest message" \
15784 -c "selected_group ( 24 )"
15785
15786requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15787requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15788requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15789requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15790requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15791requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15792run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15793 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15794 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15795 0 \
15796 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15797 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15798 -c "NamedGroup: x25519 ( 1d )" \
15799 -c "NamedGroup: secp521r1 ( 19 )" \
15800 -c "Verifying peer X.509 certificate... ok" \
15801 -c "received HelloRetryRequest message" \
15802 -c "selected_group ( 25 )"
15803
15804requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15805requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15806requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15807requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15808requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15809requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15810run_test "TLS 1.3 m->O: HRR x25519 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15811 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15812 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15813 0 \
15814 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15815 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15816 -c "NamedGroup: x25519 ( 1d )" \
15817 -c "NamedGroup: x448 ( 1e )" \
15818 -c "Verifying peer X.509 certificate... ok" \
15819 -c "received HelloRetryRequest message" \
15820 -c "selected_group ( 30 )"
15821
15822requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15823requires_openssl_3_x
15824requires_config_enabled MBEDTLS_SSL_CLI_C
15825requires_config_enabled MBEDTLS_DEBUG_C
15826requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15827requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15828requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15829run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe2048" \
15830 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15831 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe2048" \
15832 0 \
15833 -c "HTTP/1.0 200 ok" \
15834 -c "Protocol is TLSv1.3" \
15835 -c "NamedGroup: x25519 ( 1d )" \
15836 -c "NamedGroup: ffdhe2048 ( 100 )" \
15837 -c "Verifying peer X.509 certificate... ok" \
15838 -c "received HelloRetryRequest message" \
15839 -c "selected_group ( 256 )"
15840
15841requires_openssl_tls1_3
15842requires_openssl_3_x
15843requires_config_enabled MBEDTLS_SSL_CLI_C
15844requires_config_enabled MBEDTLS_DEBUG_C
15845requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15846requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15847requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15848run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe8192" \
15849 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15850 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe8192" \
15851 0 \
15852 -c "HTTP/1.0 200 ok" \
15853 -c "Protocol is TLSv1.3" \
15854 -c "NamedGroup: x25519 ( 1d )" \
15855 -c "NamedGroup: ffdhe8192 ( 104 )" \
15856 -c "Verifying peer X.509 certificate... ok" \
15857 -c "received HelloRetryRequest message" \
15858 -c "selected_group ( 260 )"
15859
15860requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15861requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15862requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15863requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15864requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15865requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15866run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15867 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15868 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15869 0 \
15870 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15871 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15872 -c "NamedGroup: x448 ( 1e )" \
15873 -c "NamedGroup: secp256r1 ( 17 )" \
15874 -c "Verifying peer X.509 certificate... ok" \
15875 -c "received HelloRetryRequest message" \
15876 -c "selected_group ( 23 )"
15877
15878requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15879requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15880requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15881requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15882requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15883requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15884run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15885 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15886 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15887 0 \
15888 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15889 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15890 -c "NamedGroup: x448 ( 1e )" \
15891 -c "NamedGroup: secp384r1 ( 18 )" \
15892 -c "Verifying peer X.509 certificate... ok" \
15893 -c "received HelloRetryRequest message" \
15894 -c "selected_group ( 24 )"
15895
15896requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15897requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15898requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15899requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15900requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15901requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15902run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15903 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15904 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15905 0 \
15906 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15907 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15908 -c "NamedGroup: x448 ( 1e )" \
15909 -c "NamedGroup: secp521r1 ( 19 )" \
15910 -c "Verifying peer X.509 certificate... ok" \
15911 -c "received HelloRetryRequest message" \
15912 -c "selected_group ( 25 )"
15913
15914requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15915requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15916requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15917requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15918requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15919requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15920run_test "TLS 1.3 m->O: HRR x448 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]15921 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15922 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15923 0 \
15924 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]15925 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]15926 -c "NamedGroup: x448 ( 1e )" \
15927 -c "NamedGroup: x25519 ( 1d )" \
15928 -c "Verifying peer X.509 certificate... ok" \
15929 -c "received HelloRetryRequest message" \
15930 -c "selected_group ( 29 )"
15931
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15932requires_openssl_tls1_3
15933requires_openssl_3_x
15934requires_config_enabled MBEDTLS_SSL_CLI_C
15935requires_config_enabled MBEDTLS_DEBUG_C
15936requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15937requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15938requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15939run_test "TLS 1.3 m->O: HRR x448 -> ffdhe2048" \
15940 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15941 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe2048" \
15942 0 \
15943 -c "HTTP/1.0 200 ok" \
15944 -c "Protocol is TLSv1.3" \
15945 -c "NamedGroup: x448 ( 1e )" \
15946 -c "NamedGroup: ffdhe2048 ( 100 )" \
15947 -c "Verifying peer X.509 certificate... ok" \
15948 -c "received HelloRetryRequest message" \
15949 -c "selected_group ( 256 )"
15950
15951requires_openssl_tls1_3
15952requires_openssl_3_x
15953requires_config_enabled MBEDTLS_SSL_CLI_C
15954requires_config_enabled MBEDTLS_DEBUG_C
15955requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15956requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15957requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15958run_test "TLS 1.3 m->O: HRR x448 -> ffdhe8192" \
15959 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15960 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe8192" \
15961 0 \
15962 -c "HTTP/1.0 200 ok" \
15963 -c "Protocol is TLSv1.3" \
15964 -c "NamedGroup: x448 ( 1e )" \
15965 -c "NamedGroup: ffdhe8192 ( 104 )" \
15966 -c "Verifying peer X.509 certificate... ok" \
15967 -c "received HelloRetryRequest message" \
15968 -c "selected_group ( 260 )"
15969
15970requires_openssl_tls1_3
15971requires_config_enabled MBEDTLS_SSL_CLI_C
15972requires_config_enabled MBEDTLS_DEBUG_C
15973requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15974requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15975requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15976run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp256r1" \
15977 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15978 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp256r1" \
15979 0 \
15980 -c "HTTP/1.0 200 ok" \
15981 -c "Protocol is TLSv1.3" \
15982 -c "NamedGroup: ffdhe2048 ( 100 )" \
15983 -c "NamedGroup: secp256r1 ( 17 )" \
15984 -c "Verifying peer X.509 certificate... ok" \
15985 -c "received HelloRetryRequest message" \
15986 -c "selected_group ( 23 )"
15987
15988requires_openssl_tls1_3
15989requires_config_enabled MBEDTLS_SSL_CLI_C
15990requires_config_enabled MBEDTLS_DEBUG_C
15991requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15992requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]15993requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15994run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp384r1" \
15995 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
15996 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp384r1" \
15997 0 \
15998 -c "HTTP/1.0 200 ok" \
15999 -c "Protocol is TLSv1.3" \
16000 -c "NamedGroup: ffdhe2048 ( 100 )" \
16001 -c "NamedGroup: secp384r1 ( 18 )" \
16002 -c "Verifying peer X.509 certificate... ok" \
16003 -c "received HelloRetryRequest message" \
16004 -c "selected_group ( 24 )"
16005
16006requires_openssl_tls1_3
16007requires_config_enabled MBEDTLS_SSL_CLI_C
16008requires_config_enabled MBEDTLS_DEBUG_C
16009requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16010requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16011requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16012run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp521r1" \
16013 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
16014 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp521r1" \
16015 0 \
16016 -c "HTTP/1.0 200 ok" \
16017 -c "Protocol is TLSv1.3" \
16018 -c "NamedGroup: ffdhe2048 ( 100 )" \
16019 -c "NamedGroup: secp521r1 ( 19 )" \
16020 -c "Verifying peer X.509 certificate... ok" \
16021 -c "received HelloRetryRequest message" \
16022 -c "selected_group ( 25 )"
16023
16024requires_openssl_tls1_3
16025requires_config_enabled MBEDTLS_SSL_CLI_C
16026requires_config_enabled MBEDTLS_DEBUG_C
16027requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16028requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16029requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16030run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x25519" \
16031 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
16032 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x25519" \
16033 0 \
16034 -c "HTTP/1.0 200 ok" \
16035 -c "Protocol is TLSv1.3" \
16036 -c "NamedGroup: ffdhe2048 ( 100 )" \
16037 -c "NamedGroup: x25519 ( 1d )" \
16038 -c "Verifying peer X.509 certificate... ok" \
16039 -c "received HelloRetryRequest message" \
16040 -c "selected_group ( 29 )"
16041
16042requires_openssl_tls1_3
16043requires_config_enabled MBEDTLS_SSL_CLI_C
16044requires_config_enabled MBEDTLS_DEBUG_C
16045requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16046requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16047requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16048run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x448" \
16049 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
16050 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x448" \
16051 0 \
16052 -c "HTTP/1.0 200 ok" \
16053 -c "Protocol is TLSv1.3" \
16054 -c "NamedGroup: ffdhe2048 ( 100 )" \
16055 -c "NamedGroup: x448 ( 1e )" \
16056 -c "Verifying peer X.509 certificate... ok" \
16057 -c "received HelloRetryRequest message" \
16058 -c "selected_group ( 30 )"
16059
16060requires_openssl_tls1_3
16061requires_openssl_3_x
16062requires_config_enabled MBEDTLS_SSL_CLI_C
16063requires_config_enabled MBEDTLS_DEBUG_C
16064requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16065requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16066run_test "TLS 1.3 m->O: HRR ffdhe2048 -> ffdhe8192" \
16067 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
16068 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe8192" \
16069 0 \
16070 -c "HTTP/1.0 200 ok" \
16071 -c "Protocol is TLSv1.3" \
16072 -c "NamedGroup: ffdhe2048 ( 100 )" \
16073 -c "NamedGroup: ffdhe8192 ( 104 )" \
16074 -c "Verifying peer X.509 certificate... ok" \
16075 -c "received HelloRetryRequest message" \
16076 -c "selected_group ( 260 )"
16077
16078requires_openssl_tls1_3
16079requires_config_enabled MBEDTLS_SSL_CLI_C
16080requires_config_enabled MBEDTLS_DEBUG_C
16081requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16082requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16083requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16084run_test "TLS 1.3 m->O: HRR ffdhe8192 -> secp256r1" \
16085 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
16086 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp256r1" \
16087 0 \
16088 -c "HTTP/1.0 200 ok" \
16089 -c "Protocol is TLSv1.3" \
16090 -c "NamedGroup: ffdhe8192 ( 104 )" \
16091 -c "NamedGroup: secp256r1 ( 17 )" \
16092 -c "Verifying peer X.509 certificate... ok" \
16093 -c "received HelloRetryRequest message" \
16094 -c "selected_group ( 23 )"
16095
16096requires_openssl_tls1_3
16097requires_config_enabled MBEDTLS_SSL_CLI_C
16098requires_config_enabled MBEDTLS_DEBUG_C
16099requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16100requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16101requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16102run_test "TLS 1.3 m->O: HRR ffdhe8192 -> secp384r1" \
16103 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
16104 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp384r1" \
16105 0 \
16106 -c "HTTP/1.0 200 ok" \
16107 -c "Protocol is TLSv1.3" \
16108 -c "NamedGroup: ffdhe8192 ( 104 )" \
16109 -c "NamedGroup: secp384r1 ( 18 )" \
16110 -c "Verifying peer X.509 certificate... ok" \
16111 -c "received HelloRetryRequest message" \
16112 -c "selected_group ( 24 )"
16113
16114requires_openssl_tls1_3
16115requires_config_enabled MBEDTLS_SSL_CLI_C
16116requires_config_enabled MBEDTLS_DEBUG_C
16117requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16118requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16119requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16120run_test "TLS 1.3 m->O: HRR ffdhe8192 -> secp521r1" \
16121 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
16122 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp521r1" \
16123 0 \
16124 -c "HTTP/1.0 200 ok" \
16125 -c "Protocol is TLSv1.3" \
16126 -c "NamedGroup: ffdhe8192 ( 104 )" \
16127 -c "NamedGroup: secp521r1 ( 19 )" \
16128 -c "Verifying peer X.509 certificate... ok" \
16129 -c "received HelloRetryRequest message" \
16130 -c "selected_group ( 25 )"
16131
16132requires_openssl_tls1_3
16133requires_config_enabled MBEDTLS_SSL_CLI_C
16134requires_config_enabled MBEDTLS_DEBUG_C
16135requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16136requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16137requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16138run_test "TLS 1.3 m->O: HRR ffdhe8192 -> x25519" \
16139 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
16140 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x25519" \
16141 0 \
16142 -c "HTTP/1.0 200 ok" \
16143 -c "Protocol is TLSv1.3" \
16144 -c "NamedGroup: ffdhe8192 ( 104 )" \
16145 -c "NamedGroup: x25519 ( 1d )" \
16146 -c "Verifying peer X.509 certificate... ok" \
16147 -c "received HelloRetryRequest message" \
16148 -c "selected_group ( 29 )"
16149
16150requires_openssl_tls1_3
16151requires_config_enabled MBEDTLS_SSL_CLI_C
16152requires_config_enabled MBEDTLS_DEBUG_C
16153requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16154requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16155requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16156run_test "TLS 1.3 m->O: HRR ffdhe8192 -> x448" \
16157 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
16158 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x448" \
16159 0 \
16160 -c "HTTP/1.0 200 ok" \
16161 -c "Protocol is TLSv1.3" \
16162 -c "NamedGroup: ffdhe8192 ( 104 )" \
16163 -c "NamedGroup: x448 ( 1e )" \
16164 -c "Verifying peer X.509 certificate... ok" \
16165 -c "received HelloRetryRequest message" \
16166 -c "selected_group ( 30 )"
16167
16168requires_openssl_tls1_3
16169requires_openssl_3_x
16170requires_config_enabled MBEDTLS_SSL_CLI_C
16171requires_config_enabled MBEDTLS_DEBUG_C
16172requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16173requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16174run_test "TLS 1.3 m->O: HRR ffdhe8192 -> ffdhe2048" \
16175 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
16176 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe2048" \
16177 0 \
16178 -c "HTTP/1.0 200 ok" \
16179 -c "Protocol is TLSv1.3" \
16180 -c "NamedGroup: ffdhe8192 ( 104 )" \
16181 -c "NamedGroup: ffdhe2048 ( 100 )" \
16182 -c "Verifying peer X.509 certificate... ok" \
16183 -c "received HelloRetryRequest message" \
16184 -c "selected_group ( 256 )"
16185
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16186requires_gnutls_tls1_3
16187requires_gnutls_next_no_ticket
16188requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16189requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16190requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16191requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16192requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16193requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16194run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16195 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16196 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16197 0 \
16198 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16199 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16200 -c "NamedGroup: secp256r1 ( 17 )" \
16201 -c "NamedGroup: secp384r1 ( 18 )" \
16202 -c "Verifying peer X.509 certificate... ok" \
16203 -c "received HelloRetryRequest message" \
16204 -c "selected_group ( 24 )"
16205
16206requires_gnutls_tls1_3
16207requires_gnutls_next_no_ticket
16208requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16209requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16210requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16211requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16212requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16213requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16214run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16215 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16216 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16217 0 \
16218 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16219 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16220 -c "NamedGroup: secp256r1 ( 17 )" \
16221 -c "NamedGroup: secp521r1 ( 19 )" \
16222 -c "Verifying peer X.509 certificate... ok" \
16223 -c "received HelloRetryRequest message" \
16224 -c "selected_group ( 25 )"
16225
16226requires_gnutls_tls1_3
16227requires_gnutls_next_no_ticket
16228requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16229requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16230requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16231requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16232requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16233requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16234run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16235 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16236 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16237 0 \
16238 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16239 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16240 -c "NamedGroup: secp256r1 ( 17 )" \
16241 -c "NamedGroup: x25519 ( 1d )" \
16242 -c "Verifying peer X.509 certificate... ok" \
16243 -c "received HelloRetryRequest message" \
16244 -c "selected_group ( 29 )"
16245
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]16246requires_gnutls_tls1_3
16247requires_gnutls_next_no_ticket
16248requires_gnutls_next_disable_tls13_compat
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]16249requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16250requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16251requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]16252requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16253requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]16254run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16255 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16256 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]16257 0 \
16258 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16259 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]16260 -c "NamedGroup: secp256r1 ( 17 )" \
16261 -c "NamedGroup: x448 ( 1e )" \
16262 -c "Verifying peer X.509 certificate... ok" \
16263 -c "received HelloRetryRequest message" \
16264 -c "selected_group ( 30 )"
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16265
16266requires_gnutls_tls1_3
16267requires_gnutls_next_no_ticket
16268requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16269requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16270requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16271requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16272requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16273requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16274run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe2048" \
16275 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
16276 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe2048" \
16277 0 \
16278 -c "HTTP/1.0 200 OK" \
16279 -c "Protocol is TLSv1.3" \
16280 -c "NamedGroup: secp256r1 ( 17 )" \
16281 -c "NamedGroup: ffdhe2048 ( 100 )" \
16282 -c "Verifying peer X.509 certificate... ok" \
16283 -c "received HelloRetryRequest message" \
16284 -c "selected_group ( 256 )"
16285
16286requires_gnutls_tls1_3
16287requires_gnutls_next_no_ticket
16288requires_gnutls_next_disable_tls13_compat
16289requires_config_enabled MBEDTLS_SSL_CLI_C
16290requires_config_enabled MBEDTLS_DEBUG_C
16291requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16292requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16293requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16294run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe8192" \
16295 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
16296 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe8192" \
16297 0 \
16298 -c "HTTP/1.0 200 OK" \
16299 -c "Protocol is TLSv1.3" \
16300 -c "NamedGroup: secp256r1 ( 17 )" \
16301 -c "NamedGroup: ffdhe8192 ( 104 )" \
16302 -c "Verifying peer X.509 certificate... ok" \
16303 -c "received HelloRetryRequest message" \
16304 -c "selected_group ( 260 )"
16305
16306requires_gnutls_tls1_3
16307requires_gnutls_next_no_ticket
16308requires_gnutls_next_disable_tls13_compat
16309requires_config_enabled MBEDTLS_SSL_CLI_C
16310requires_config_enabled MBEDTLS_DEBUG_C
16311requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16312requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16313requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16314run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16315 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16316 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16317 0 \
16318 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16319 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16320 -c "NamedGroup: secp384r1 ( 18 )" \
16321 -c "NamedGroup: secp256r1 ( 17 )" \
16322 -c "Verifying peer X.509 certificate... ok" \
16323 -c "received HelloRetryRequest message" \
16324 -c "selected_group ( 23 )"
16325
16326requires_gnutls_tls1_3
16327requires_gnutls_next_no_ticket
16328requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16329requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16330requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16331requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16332requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16333requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16334run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16335 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16336 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16337 0 \
16338 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16339 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16340 -c "NamedGroup: secp384r1 ( 18 )" \
16341 -c "NamedGroup: secp521r1 ( 19 )" \
16342 -c "Verifying peer X.509 certificate... ok" \
16343 -c "received HelloRetryRequest message" \
16344 -c "selected_group ( 25 )"
16345
16346requires_gnutls_tls1_3
16347requires_gnutls_next_no_ticket
16348requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16349requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16350requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16351requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16352requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16353requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16354run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16355 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16356 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16357 0 \
16358 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16359 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16360 -c "NamedGroup: secp384r1 ( 18 )" \
16361 -c "NamedGroup: x25519 ( 1d )" \
16362 -c "Verifying peer X.509 certificate... ok" \
16363 -c "received HelloRetryRequest message" \
16364 -c "selected_group ( 29 )"
16365
16366requires_gnutls_tls1_3
16367requires_gnutls_next_no_ticket
16368requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16369requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16370requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16371requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16372requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16373requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16374run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16375 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16376 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16377 0 \
16378 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16379 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16380 -c "NamedGroup: secp384r1 ( 18 )" \
16381 -c "NamedGroup: x448 ( 1e )" \
16382 -c "Verifying peer X.509 certificate... ok" \
16383 -c "received HelloRetryRequest message" \
16384 -c "selected_group ( 30 )"
16385
16386requires_gnutls_tls1_3
16387requires_gnutls_next_no_ticket
16388requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16389requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16390requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16391requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16392requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16393requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16394run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe2048" \
16395 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
16396 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe2048" \
16397 0 \
16398 -c "HTTP/1.0 200 OK" \
16399 -c "Protocol is TLSv1.3" \
16400 -c "NamedGroup: secp384r1 ( 18 )" \
16401 -c "NamedGroup: ffdhe2048 ( 100 )" \
16402 -c "Verifying peer X.509 certificate... ok" \
16403 -c "received HelloRetryRequest message" \
16404 -c "selected_group ( 256 )"
16405
16406requires_gnutls_tls1_3
16407requires_gnutls_next_no_ticket
16408requires_gnutls_next_disable_tls13_compat
16409requires_config_enabled MBEDTLS_SSL_CLI_C
16410requires_config_enabled MBEDTLS_DEBUG_C
16411requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16412requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16413requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16414run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe8192" \
16415 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
16416 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe8192" \
16417 0 \
16418 -c "HTTP/1.0 200 OK" \
16419 -c "Protocol is TLSv1.3" \
16420 -c "NamedGroup: secp384r1 ( 18 )" \
16421 -c "NamedGroup: ffdhe8192 ( 104 )" \
16422 -c "Verifying peer X.509 certificate... ok" \
16423 -c "received HelloRetryRequest message" \
16424 -c "selected_group ( 260 )"
16425
16426requires_gnutls_tls1_3
16427requires_gnutls_next_no_ticket
16428requires_gnutls_next_disable_tls13_compat
16429requires_config_enabled MBEDTLS_SSL_CLI_C
16430requires_config_enabled MBEDTLS_DEBUG_C
16431requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16432requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16433requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16434run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16435 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16436 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16437 0 \
16438 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16439 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16440 -c "NamedGroup: secp521r1 ( 19 )" \
16441 -c "NamedGroup: secp256r1 ( 17 )" \
16442 -c "Verifying peer X.509 certificate... ok" \
16443 -c "received HelloRetryRequest message" \
16444 -c "selected_group ( 23 )"
16445
16446requires_gnutls_tls1_3
16447requires_gnutls_next_no_ticket
16448requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16449requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16450requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16451requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16452requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16453requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16454run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16455 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16456 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16457 0 \
16458 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16459 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16460 -c "NamedGroup: secp521r1 ( 19 )" \
16461 -c "NamedGroup: secp384r1 ( 18 )" \
16462 -c "Verifying peer X.509 certificate... ok" \
16463 -c "received HelloRetryRequest message" \
16464 -c "selected_group ( 24 )"
16465
16466requires_gnutls_tls1_3
16467requires_gnutls_next_no_ticket
16468requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16469requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16470requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16471requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16472requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16473requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16474run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16475 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16476 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16477 0 \
16478 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16479 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16480 -c "NamedGroup: secp521r1 ( 19 )" \
16481 -c "NamedGroup: x25519 ( 1d )" \
16482 -c "Verifying peer X.509 certificate... ok" \
16483 -c "received HelloRetryRequest message" \
16484 -c "selected_group ( 29 )"
16485
16486requires_gnutls_tls1_3
16487requires_gnutls_next_no_ticket
16488requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16489requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16490requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16491requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16492requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16493requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16494run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16495 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16496 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16497 0 \
16498 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16499 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16500 -c "NamedGroup: secp521r1 ( 19 )" \
16501 -c "NamedGroup: x448 ( 1e )" \
16502 -c "Verifying peer X.509 certificate... ok" \
16503 -c "received HelloRetryRequest message" \
16504 -c "selected_group ( 30 )"
16505
16506requires_gnutls_tls1_3
16507requires_gnutls_next_no_ticket
16508requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16509requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16510requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16511requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16512requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16513requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16514run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe2048" \
16515 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
16516 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe2048" \
16517 0 \
16518 -c "HTTP/1.0 200 OK" \
16519 -c "Protocol is TLSv1.3" \
16520 -c "NamedGroup: secp521r1 ( 19 )" \
16521 -c "NamedGroup: ffdhe2048 ( 100 )" \
16522 -c "Verifying peer X.509 certificate... ok" \
16523 -c "received HelloRetryRequest message" \
16524 -c "selected_group ( 256 )"
16525
16526requires_gnutls_tls1_3
16527requires_gnutls_next_no_ticket
16528requires_gnutls_next_disable_tls13_compat
16529requires_config_enabled MBEDTLS_SSL_CLI_C
16530requires_config_enabled MBEDTLS_DEBUG_C
16531requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16532requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16533requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16534run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe8192" \
16535 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
16536 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe8192" \
16537 0 \
16538 -c "HTTP/1.0 200 OK" \
16539 -c "Protocol is TLSv1.3" \
16540 -c "NamedGroup: secp521r1 ( 19 )" \
16541 -c "NamedGroup: ffdhe8192 ( 104 )" \
16542 -c "Verifying peer X.509 certificate... ok" \
16543 -c "received HelloRetryRequest message" \
16544 -c "selected_group ( 260 )"
16545
16546requires_gnutls_tls1_3
16547requires_gnutls_next_no_ticket
16548requires_gnutls_next_disable_tls13_compat
16549requires_config_enabled MBEDTLS_SSL_CLI_C
16550requires_config_enabled MBEDTLS_DEBUG_C
16551requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16552requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16553requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16554run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16555 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16556 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16557 0 \
16558 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16559 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16560 -c "NamedGroup: x25519 ( 1d )" \
16561 -c "NamedGroup: secp256r1 ( 17 )" \
16562 -c "Verifying peer X.509 certificate... ok" \
16563 -c "received HelloRetryRequest message" \
16564 -c "selected_group ( 23 )"
16565
16566requires_gnutls_tls1_3
16567requires_gnutls_next_no_ticket
16568requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16569requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16570requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16571requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16572requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16573requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16574run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16575 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16576 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16577 0 \
16578 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16579 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16580 -c "NamedGroup: x25519 ( 1d )" \
16581 -c "NamedGroup: secp384r1 ( 18 )" \
16582 -c "Verifying peer X.509 certificate... ok" \
16583 -c "received HelloRetryRequest message" \
16584 -c "selected_group ( 24 )"
16585
16586requires_gnutls_tls1_3
16587requires_gnutls_next_no_ticket
16588requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16589requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16590requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16591requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16592requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16593requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16594run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16595 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16596 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16597 0 \
16598 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16599 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16600 -c "NamedGroup: x25519 ( 1d )" \
16601 -c "NamedGroup: secp521r1 ( 19 )" \
16602 -c "Verifying peer X.509 certificate... ok" \
16603 -c "received HelloRetryRequest message" \
16604 -c "selected_group ( 25 )"
16605
16606requires_gnutls_tls1_3
16607requires_gnutls_next_no_ticket
16608requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16609requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16610requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16611requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16612requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16613requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16614run_test "TLS 1.3 m->G: HRR x25519 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16615 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16616 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16617 0 \
16618 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16619 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16620 -c "NamedGroup: x25519 ( 1d )" \
16621 -c "NamedGroup: x448 ( 1e )" \
16622 -c "Verifying peer X.509 certificate... ok" \
16623 -c "received HelloRetryRequest message" \
16624 -c "selected_group ( 30 )"
16625
16626requires_gnutls_tls1_3
16627requires_gnutls_next_no_ticket
16628requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16629requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16630requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16631requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16632requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16633requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16634run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe2048" \
16635 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
16636 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe2048" \
16637 0 \
16638 -c "HTTP/1.0 200 OK" \
16639 -c "Protocol is TLSv1.3" \
16640 -c "NamedGroup: x25519 ( 1d )" \
16641 -c "NamedGroup: ffdhe2048 ( 100 )" \
16642 -c "Verifying peer X.509 certificate... ok" \
16643 -c "received HelloRetryRequest message" \
16644 -c "selected_group ( 256 )"
16645
16646requires_gnutls_tls1_3
16647requires_gnutls_next_no_ticket
16648requires_gnutls_next_disable_tls13_compat
16649requires_config_enabled MBEDTLS_SSL_CLI_C
16650requires_config_enabled MBEDTLS_DEBUG_C
16651requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16652requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16653requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16654run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe8192" \
16655 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
16656 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe8192" \
16657 0 \
16658 -c "HTTP/1.0 200 OK" \
16659 -c "Protocol is TLSv1.3" \
16660 -c "NamedGroup: x25519 ( 1d )" \
16661 -c "NamedGroup: ffdhe8192 ( 104 )" \
16662 -c "Verifying peer X.509 certificate... ok" \
16663 -c "received HelloRetryRequest message" \
16664 -c "selected_group ( 260 )"
16665
16666requires_gnutls_tls1_3
16667requires_gnutls_next_no_ticket
16668requires_gnutls_next_disable_tls13_compat
16669requires_config_enabled MBEDTLS_SSL_CLI_C
16670requires_config_enabled MBEDTLS_DEBUG_C
16671requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16672requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16673requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16674run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16675 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16676 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16677 0 \
16678 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16679 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16680 -c "NamedGroup: x448 ( 1e )" \
16681 -c "NamedGroup: secp256r1 ( 17 )" \
16682 -c "Verifying peer X.509 certificate... ok" \
16683 -c "received HelloRetryRequest message" \
16684 -c "selected_group ( 23 )"
16685
16686requires_gnutls_tls1_3
16687requires_gnutls_next_no_ticket
16688requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16689requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16690requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16691requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16692requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16693requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16694run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16695 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16696 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16697 0 \
16698 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16699 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16700 -c "NamedGroup: x448 ( 1e )" \
16701 -c "NamedGroup: secp384r1 ( 18 )" \
16702 -c "Verifying peer X.509 certificate... ok" \
16703 -c "received HelloRetryRequest message" \
16704 -c "selected_group ( 24 )"
16705
16706requires_gnutls_tls1_3
16707requires_gnutls_next_no_ticket
16708requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16709requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16710requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16711requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16712requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16713requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16714run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16715 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16716 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16717 0 \
16718 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16719 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16720 -c "NamedGroup: x448 ( 1e )" \
16721 -c "NamedGroup: secp521r1 ( 19 )" \
16722 -c "Verifying peer X.509 certificate... ok" \
16723 -c "received HelloRetryRequest message" \
16724 -c "selected_group ( 25 )"
16725
16726requires_gnutls_tls1_3
16727requires_gnutls_next_no_ticket
16728requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16729requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16730requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16731requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16732requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16733requires_config_enabled MBEDTLS_ECDH_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16734run_test "TLS 1.3 m->G: HRR x448 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16735 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16736 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16737 0 \
16738 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]16739 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]16740 -c "NamedGroup: x448 ( 1e )" \
16741 -c "NamedGroup: x25519 ( 1d )" \
16742 -c "Verifying peer X.509 certificate... ok" \
16743 -c "received HelloRetryRequest message" \
16744 -c "selected_group ( 29 )"
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16745
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16746requires_gnutls_tls1_3
16747requires_gnutls_next_no_ticket
16748requires_gnutls_next_disable_tls13_compat
16749requires_config_enabled MBEDTLS_SSL_CLI_C
16750requires_config_enabled MBEDTLS_DEBUG_C
16751requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16752requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16753requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16754run_test "TLS 1.3 m->G: HRR x448 -> ffdhe2048" \
16755 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
16756 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe2048" \
16757 0 \
16758 -c "HTTP/1.0 200 OK" \
16759 -c "Protocol is TLSv1.3" \
16760 -c "NamedGroup: x448 ( 1e )" \
16761 -c "NamedGroup: ffdhe2048 ( 100 )" \
16762 -c "Verifying peer X.509 certificate... ok" \
16763 -c "received HelloRetryRequest message" \
16764 -c "selected_group ( 256 )"
16765
16766requires_gnutls_tls1_3
16767requires_gnutls_next_no_ticket
16768requires_gnutls_next_disable_tls13_compat
16769requires_config_enabled MBEDTLS_SSL_CLI_C
16770requires_config_enabled MBEDTLS_DEBUG_C
16771requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16772requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16773requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16774run_test "TLS 1.3 m->G: HRR x448 -> ffdhe8192" \
16775 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
16776 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe8192" \
16777 0 \
16778 -c "HTTP/1.0 200 OK" \
16779 -c "Protocol is TLSv1.3" \
16780 -c "NamedGroup: x448 ( 1e )" \
16781 -c "NamedGroup: ffdhe8192 ( 104 )" \
16782 -c "Verifying peer X.509 certificate... ok" \
16783 -c "received HelloRetryRequest message" \
16784 -c "selected_group ( 260 )"
16785
16786requires_gnutls_tls1_3
16787requires_gnutls_next_no_ticket
16788requires_gnutls_next_disable_tls13_compat
16789requires_config_enabled MBEDTLS_SSL_CLI_C
16790requires_config_enabled MBEDTLS_DEBUG_C
16791requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16792requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16793requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16794run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp256r1" \
16795 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
16796 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp256r1" \
16797 0 \
16798 -c "HTTP/1.0 200 OK" \
16799 -c "Protocol is TLSv1.3" \
16800 -c "NamedGroup: ffdhe2048 ( 100 )" \
16801 -c "NamedGroup: secp256r1 ( 17 )" \
16802 -c "Verifying peer X.509 certificate... ok" \
16803 -c "received HelloRetryRequest message" \
16804 -c "selected_group ( 23 )"
16805
16806requires_gnutls_tls1_3
16807requires_gnutls_next_no_ticket
16808requires_gnutls_next_disable_tls13_compat
16809requires_config_enabled MBEDTLS_SSL_CLI_C
16810requires_config_enabled MBEDTLS_DEBUG_C
16811requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16812requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16813requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16814run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp384r1" \
16815 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
16816 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp384r1" \
16817 0 \
16818 -c "HTTP/1.0 200 OK" \
16819 -c "Protocol is TLSv1.3" \
16820 -c "NamedGroup: ffdhe2048 ( 100 )" \
16821 -c "NamedGroup: secp384r1 ( 18 )" \
16822 -c "Verifying peer X.509 certificate... ok" \
16823 -c "received HelloRetryRequest message" \
16824 -c "selected_group ( 24 )"
16825
16826requires_gnutls_tls1_3
16827requires_gnutls_next_no_ticket
16828requires_gnutls_next_disable_tls13_compat
16829requires_config_enabled MBEDTLS_SSL_CLI_C
16830requires_config_enabled MBEDTLS_DEBUG_C
16831requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16832requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16833requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16834run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp521r1" \
16835 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
16836 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp521r1" \
16837 0 \
16838 -c "HTTP/1.0 200 OK" \
16839 -c "Protocol is TLSv1.3" \
16840 -c "NamedGroup: ffdhe2048 ( 100 )" \
16841 -c "NamedGroup: secp521r1 ( 19 )" \
16842 -c "Verifying peer X.509 certificate... ok" \
16843 -c "received HelloRetryRequest message" \
16844 -c "selected_group ( 25 )"
16845
16846requires_gnutls_tls1_3
16847requires_gnutls_next_no_ticket
16848requires_gnutls_next_disable_tls13_compat
16849requires_config_enabled MBEDTLS_SSL_CLI_C
16850requires_config_enabled MBEDTLS_DEBUG_C
16851requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16852requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16853requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16854run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x25519" \
16855 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
16856 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x25519" \
16857 0 \
16858 -c "HTTP/1.0 200 OK" \
16859 -c "Protocol is TLSv1.3" \
16860 -c "NamedGroup: ffdhe2048 ( 100 )" \
16861 -c "NamedGroup: x25519 ( 1d )" \
16862 -c "Verifying peer X.509 certificate... ok" \
16863 -c "received HelloRetryRequest message" \
16864 -c "selected_group ( 29 )"
16865
16866requires_gnutls_tls1_3
16867requires_gnutls_next_no_ticket
16868requires_gnutls_next_disable_tls13_compat
16869requires_config_enabled MBEDTLS_SSL_CLI_C
16870requires_config_enabled MBEDTLS_DEBUG_C
16871requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16872requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16873requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16874run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x448" \
16875 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
16876 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x448" \
16877 0 \
16878 -c "HTTP/1.0 200 OK" \
16879 -c "Protocol is TLSv1.3" \
16880 -c "NamedGroup: ffdhe2048 ( 100 )" \
16881 -c "NamedGroup: x448 ( 1e )" \
16882 -c "Verifying peer X.509 certificate... ok" \
16883 -c "received HelloRetryRequest message" \
16884 -c "selected_group ( 30 )"
16885
16886requires_gnutls_tls1_3
16887requires_gnutls_next_no_ticket
16888requires_gnutls_next_disable_tls13_compat
16889requires_config_enabled MBEDTLS_SSL_CLI_C
16890requires_config_enabled MBEDTLS_DEBUG_C
16891requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16892requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16893run_test "TLS 1.3 m->G: HRR ffdhe2048 -> ffdhe8192" \
16894 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
16895 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe8192" \
16896 0 \
16897 -c "HTTP/1.0 200 OK" \
16898 -c "Protocol is TLSv1.3" \
16899 -c "NamedGroup: ffdhe2048 ( 100 )" \
16900 -c "NamedGroup: ffdhe8192 ( 104 )" \
16901 -c "Verifying peer X.509 certificate... ok" \
16902 -c "received HelloRetryRequest message" \
16903 -c "selected_group ( 260 )"
16904
16905requires_gnutls_tls1_3
16906requires_gnutls_next_no_ticket
16907requires_gnutls_next_disable_tls13_compat
16908requires_config_enabled MBEDTLS_SSL_CLI_C
16909requires_config_enabled MBEDTLS_DEBUG_C
16910requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16911requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16912requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16913run_test "TLS 1.3 m->G: HRR ffdhe8192 -> secp256r1" \
16914 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
16915 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp256r1" \
16916 0 \
16917 -c "HTTP/1.0 200 OK" \
16918 -c "Protocol is TLSv1.3" \
16919 -c "NamedGroup: ffdhe8192 ( 104 )" \
16920 -c "NamedGroup: secp256r1 ( 17 )" \
16921 -c "Verifying peer X.509 certificate... ok" \
16922 -c "received HelloRetryRequest message" \
16923 -c "selected_group ( 23 )"
16924
16925requires_gnutls_tls1_3
16926requires_gnutls_next_no_ticket
16927requires_gnutls_next_disable_tls13_compat
16928requires_config_enabled MBEDTLS_SSL_CLI_C
16929requires_config_enabled MBEDTLS_DEBUG_C
16930requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16931requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16932requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16933run_test "TLS 1.3 m->G: HRR ffdhe8192 -> secp384r1" \
16934 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
16935 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp384r1" \
16936 0 \
16937 -c "HTTP/1.0 200 OK" \
16938 -c "Protocol is TLSv1.3" \
16939 -c "NamedGroup: ffdhe8192 ( 104 )" \
16940 -c "NamedGroup: secp384r1 ( 18 )" \
16941 -c "Verifying peer X.509 certificate... ok" \
16942 -c "received HelloRetryRequest message" \
16943 -c "selected_group ( 24 )"
16944
16945requires_gnutls_tls1_3
16946requires_gnutls_next_no_ticket
16947requires_gnutls_next_disable_tls13_compat
16948requires_config_enabled MBEDTLS_SSL_CLI_C
16949requires_config_enabled MBEDTLS_DEBUG_C
16950requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16951requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16952requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16953run_test "TLS 1.3 m->G: HRR ffdhe8192 -> secp521r1" \
16954 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
16955 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp521r1" \
16956 0 \
16957 -c "HTTP/1.0 200 OK" \
16958 -c "Protocol is TLSv1.3" \
16959 -c "NamedGroup: ffdhe8192 ( 104 )" \
16960 -c "NamedGroup: secp521r1 ( 19 )" \
16961 -c "Verifying peer X.509 certificate... ok" \
16962 -c "received HelloRetryRequest message" \
16963 -c "selected_group ( 25 )"
16964
16965requires_gnutls_tls1_3
16966requires_gnutls_next_no_ticket
16967requires_gnutls_next_disable_tls13_compat
16968requires_config_enabled MBEDTLS_SSL_CLI_C
16969requires_config_enabled MBEDTLS_DEBUG_C
16970requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16971requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16972requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16973run_test "TLS 1.3 m->G: HRR ffdhe8192 -> x25519" \
16974 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
16975 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x25519" \
16976 0 \
16977 -c "HTTP/1.0 200 OK" \
16978 -c "Protocol is TLSv1.3" \
16979 -c "NamedGroup: ffdhe8192 ( 104 )" \
16980 -c "NamedGroup: x25519 ( 1d )" \
16981 -c "Verifying peer X.509 certificate... ok" \
16982 -c "received HelloRetryRequest message" \
16983 -c "selected_group ( 29 )"
16984
16985requires_gnutls_tls1_3
16986requires_gnutls_next_no_ticket
16987requires_gnutls_next_disable_tls13_compat
16988requires_config_enabled MBEDTLS_SSL_CLI_C
16989requires_config_enabled MBEDTLS_DEBUG_C
16990requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16991requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]16992requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]16993run_test "TLS 1.3 m->G: HRR ffdhe8192 -> x448" \
16994 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
16995 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x448" \
16996 0 \
16997 -c "HTTP/1.0 200 OK" \
16998 -c "Protocol is TLSv1.3" \
16999 -c "NamedGroup: ffdhe8192 ( 104 )" \
17000 -c "NamedGroup: x448 ( 1e )" \
17001 -c "Verifying peer X.509 certificate... ok" \
17002 -c "received HelloRetryRequest message" \
17003 -c "selected_group ( 30 )"
17004
17005requires_gnutls_tls1_3
17006requires_gnutls_next_no_ticket
17007requires_gnutls_next_disable_tls13_compat
17008requires_config_enabled MBEDTLS_SSL_CLI_C
17009requires_config_enabled MBEDTLS_DEBUG_C
17010requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17011requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17012run_test "TLS 1.3 m->G: HRR ffdhe8192 -> ffdhe2048" \
17013 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
17014 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe2048" \
17015 0 \
17016 -c "HTTP/1.0 200 OK" \
17017 -c "Protocol is TLSv1.3" \
17018 -c "NamedGroup: ffdhe8192 ( 104 )" \
17019 -c "NamedGroup: ffdhe2048 ( 100 )" \
17020 -c "Verifying peer X.509 certificate... ok" \
17021 -c "received HelloRetryRequest message" \
17022 -c "selected_group ( 256 )"
17023
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17024requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17025requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17026requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17027requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17028requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17029requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17030requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17031requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17032requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17033requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17034run_test "TLS 1.3 m->m: HRR secp256r1 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17035 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17036 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17037 0 \
17038 -s "Protocol is TLSv1.3" \
17039 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17040 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17041 -c "Protocol is TLSv1.3" \
17042 -c "NamedGroup: secp256r1 ( 17 )" \
17043 -c "NamedGroup: secp384r1 ( 18 )" \
17044 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17045 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17046 -c "received HelloRetryRequest message" \
17047 -c "selected_group ( 24 )"
17048
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17049requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17050requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17051requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17052requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17053requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17054requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17055requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17056requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17057requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17058requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17059run_test "TLS 1.3 m->m: HRR secp256r1 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17060 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17061 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17062 0 \
17063 -s "Protocol is TLSv1.3" \
17064 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17065 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17066 -c "Protocol is TLSv1.3" \
17067 -c "NamedGroup: secp256r1 ( 17 )" \
17068 -c "NamedGroup: secp521r1 ( 19 )" \
17069 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17070 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17071 -c "received HelloRetryRequest message" \
17072 -c "selected_group ( 25 )"
17073
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17074requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17075requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17076requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17077requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17078requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17079requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17080requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17081requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17082requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17083requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17084run_test "TLS 1.3 m->m: HRR secp256r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17085 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17086 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17087 0 \
17088 -s "Protocol is TLSv1.3" \
17089 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17090 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17091 -c "Protocol is TLSv1.3" \
17092 -c "NamedGroup: secp256r1 ( 17 )" \
17093 -c "NamedGroup: x25519 ( 1d )" \
17094 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17095 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17096 -c "received HelloRetryRequest message" \
17097 -c "selected_group ( 29 )"
17098
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17099requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17100requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17101requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17102requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17103requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17104requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17105requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17106requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17107requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17108requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17109run_test "TLS 1.3 m->m: HRR secp256r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17110 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17111 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17112 0 \
17113 -s "Protocol is TLSv1.3" \
17114 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17115 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17116 -c "Protocol is TLSv1.3" \
17117 -c "NamedGroup: secp256r1 ( 17 )" \
17118 -c "NamedGroup: x448 ( 1e )" \
17119 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17120 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17121 -c "received HelloRetryRequest message" \
17122 -c "selected_group ( 30 )"
17123
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17124requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17125requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17126requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17127requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17128requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17129requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17130requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17131requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17132requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17133run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe2048" \
17134 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17135 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe2048" \
17136 0 \
17137 -s "Protocol is TLSv1.3" \
17138 -s "got named group: ffdhe2048(0100)" \
17139 -s "Certificate verification was skipped" \
17140 -c "Protocol is TLSv1.3" \
17141 -c "NamedGroup: secp256r1 ( 17 )" \
17142 -c "NamedGroup: ffdhe2048 ( 100 )" \
17143 -c "Verifying peer X.509 certificate... ok" \
17144 -s "HRR selected_group: ffdhe2048" \
17145 -c "received HelloRetryRequest message" \
17146 -c "selected_group ( 256 )"
17147
17148requires_config_enabled MBEDTLS_SSL_SRV_C
17149requires_config_enabled MBEDTLS_DEBUG_C
17150requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17151requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17152requires_config_enabled MBEDTLS_SSL_CLI_C
17153requires_config_enabled MBEDTLS_DEBUG_C
17154requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17155requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17156requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17157run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe8192" \
17158 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17159 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe8192" \
17160 0 \
17161 -s "Protocol is TLSv1.3" \
17162 -s "got named group: ffdhe8192(0104)" \
17163 -s "Certificate verification was skipped" \
17164 -c "Protocol is TLSv1.3" \
17165 -c "NamedGroup: secp256r1 ( 17 )" \
17166 -c "NamedGroup: ffdhe8192 ( 104 )" \
17167 -c "Verifying peer X.509 certificate... ok" \
17168 -s "HRR selected_group: ffdhe8192" \
17169 -c "received HelloRetryRequest message" \
17170 -c "selected_group ( 260 )"
17171
17172requires_config_enabled MBEDTLS_SSL_SRV_C
17173requires_config_enabled MBEDTLS_DEBUG_C
17174requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17175requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17176requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17177requires_config_enabled MBEDTLS_SSL_CLI_C
17178requires_config_enabled MBEDTLS_DEBUG_C
17179requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17180requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17181requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17182run_test "TLS 1.3 m->m: HRR secp384r1 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17183 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17184 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17185 0 \
17186 -s "Protocol is TLSv1.3" \
17187 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17188 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17189 -c "Protocol is TLSv1.3" \
17190 -c "NamedGroup: secp384r1 ( 18 )" \
17191 -c "NamedGroup: secp256r1 ( 17 )" \
17192 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17193 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17194 -c "received HelloRetryRequest message" \
17195 -c "selected_group ( 23 )"
17196
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17197requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17198requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17199requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17200requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17201requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17202requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17203requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17204requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17205requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17206requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17207run_test "TLS 1.3 m->m: HRR secp384r1 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17208 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17209 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17210 0 \
17211 -s "Protocol is TLSv1.3" \
17212 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17213 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17214 -c "Protocol is TLSv1.3" \
17215 -c "NamedGroup: secp384r1 ( 18 )" \
17216 -c "NamedGroup: secp521r1 ( 19 )" \
17217 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17218 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17219 -c "received HelloRetryRequest message" \
17220 -c "selected_group ( 25 )"
17221
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17222requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17223requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17224requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17225requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17226requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17227requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17228requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17229requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17230requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17231requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17232run_test "TLS 1.3 m->m: HRR secp384r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17233 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17234 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17235 0 \
17236 -s "Protocol is TLSv1.3" \
17237 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17238 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17239 -c "Protocol is TLSv1.3" \
17240 -c "NamedGroup: secp384r1 ( 18 )" \
17241 -c "NamedGroup: x25519 ( 1d )" \
17242 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17243 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17244 -c "received HelloRetryRequest message" \
17245 -c "selected_group ( 29 )"
17246
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17247requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17248requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17249requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17250requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17251requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17252requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17253requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17254requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17255requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17256requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17257run_test "TLS 1.3 m->m: HRR secp384r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17258 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17259 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17260 0 \
17261 -s "Protocol is TLSv1.3" \
17262 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17263 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17264 -c "Protocol is TLSv1.3" \
17265 -c "NamedGroup: secp384r1 ( 18 )" \
17266 -c "NamedGroup: x448 ( 1e )" \
17267 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17268 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17269 -c "received HelloRetryRequest message" \
17270 -c "selected_group ( 30 )"
17271
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17272requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17273requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17274requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17275requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17276requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17277requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17278requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17279requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17280requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17281run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe2048" \
17282 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17283 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe2048" \
17284 0 \
17285 -s "Protocol is TLSv1.3" \
17286 -s "got named group: ffdhe2048(0100)" \
17287 -s "Certificate verification was skipped" \
17288 -c "Protocol is TLSv1.3" \
17289 -c "NamedGroup: secp384r1 ( 18 )" \
17290 -c "NamedGroup: ffdhe2048 ( 100 )" \
17291 -c "Verifying peer X.509 certificate... ok" \
17292 -s "HRR selected_group: ffdhe2048" \
17293 -c "received HelloRetryRequest message" \
17294 -c "selected_group ( 256 )"
17295
17296requires_config_enabled MBEDTLS_SSL_SRV_C
17297requires_config_enabled MBEDTLS_DEBUG_C
17298requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17299requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17300requires_config_enabled MBEDTLS_SSL_CLI_C
17301requires_config_enabled MBEDTLS_DEBUG_C
17302requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17303requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17304requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17305run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe8192" \
17306 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17307 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe8192" \
17308 0 \
17309 -s "Protocol is TLSv1.3" \
17310 -s "got named group: ffdhe8192(0104)" \
17311 -s "Certificate verification was skipped" \
17312 -c "Protocol is TLSv1.3" \
17313 -c "NamedGroup: secp384r1 ( 18 )" \
17314 -c "NamedGroup: ffdhe8192 ( 104 )" \
17315 -c "Verifying peer X.509 certificate... ok" \
17316 -s "HRR selected_group: ffdhe8192" \
17317 -c "received HelloRetryRequest message" \
17318 -c "selected_group ( 260 )"
17319
17320requires_config_enabled MBEDTLS_SSL_SRV_C
17321requires_config_enabled MBEDTLS_DEBUG_C
17322requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17323requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17324requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17325requires_config_enabled MBEDTLS_SSL_CLI_C
17326requires_config_enabled MBEDTLS_DEBUG_C
17327requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17328requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17329requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17330run_test "TLS 1.3 m->m: HRR secp521r1 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17331 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17332 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17333 0 \
17334 -s "Protocol is TLSv1.3" \
17335 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17336 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17337 -c "Protocol is TLSv1.3" \
17338 -c "NamedGroup: secp521r1 ( 19 )" \
17339 -c "NamedGroup: secp256r1 ( 17 )" \
17340 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17341 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17342 -c "received HelloRetryRequest message" \
17343 -c "selected_group ( 23 )"
17344
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17345requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17346requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17347requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17348requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17349requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17350requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17351requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17352requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17353requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17354requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17355run_test "TLS 1.3 m->m: HRR secp521r1 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17356 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17357 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17358 0 \
17359 -s "Protocol is TLSv1.3" \
17360 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17361 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17362 -c "Protocol is TLSv1.3" \
17363 -c "NamedGroup: secp521r1 ( 19 )" \
17364 -c "NamedGroup: secp384r1 ( 18 )" \
17365 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17366 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17367 -c "received HelloRetryRequest message" \
17368 -c "selected_group ( 24 )"
17369
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17370requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17371requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17372requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17373requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17374requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17375requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17376requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17377requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17378requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17379requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17380run_test "TLS 1.3 m->m: HRR secp521r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17381 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17382 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17383 0 \
17384 -s "Protocol is TLSv1.3" \
17385 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17386 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17387 -c "Protocol is TLSv1.3" \
17388 -c "NamedGroup: secp521r1 ( 19 )" \
17389 -c "NamedGroup: x25519 ( 1d )" \
17390 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17391 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17392 -c "received HelloRetryRequest message" \
17393 -c "selected_group ( 29 )"
17394
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17395requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17396requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17397requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17398requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17399requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17400requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17401requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17402requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17403requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17404requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17405run_test "TLS 1.3 m->m: HRR secp521r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17406 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17407 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17408 0 \
17409 -s "Protocol is TLSv1.3" \
17410 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17411 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17412 -c "Protocol is TLSv1.3" \
17413 -c "NamedGroup: secp521r1 ( 19 )" \
17414 -c "NamedGroup: x448 ( 1e )" \
17415 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17416 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17417 -c "received HelloRetryRequest message" \
17418 -c "selected_group ( 30 )"
17419
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17420requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17421requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17422requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17423requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17424requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17425requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17426requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17427requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17428requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17429run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe2048" \
17430 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17431 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe2048" \
17432 0 \
17433 -s "Protocol is TLSv1.3" \
17434 -s "got named group: ffdhe2048(0100)" \
17435 -s "Certificate verification was skipped" \
17436 -c "Protocol is TLSv1.3" \
17437 -c "NamedGroup: secp521r1 ( 19 )" \
17438 -c "NamedGroup: ffdhe2048 ( 100 )" \
17439 -c "Verifying peer X.509 certificate... ok" \
17440 -s "HRR selected_group: ffdhe2048" \
17441 -c "received HelloRetryRequest message" \
17442 -c "selected_group ( 256 )"
17443
17444requires_config_enabled MBEDTLS_SSL_SRV_C
17445requires_config_enabled MBEDTLS_DEBUG_C
17446requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17447requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17448requires_config_enabled MBEDTLS_SSL_CLI_C
17449requires_config_enabled MBEDTLS_DEBUG_C
17450requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17451requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17452requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17453run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe8192" \
17454 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17455 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe8192" \
17456 0 \
17457 -s "Protocol is TLSv1.3" \
17458 -s "got named group: ffdhe8192(0104)" \
17459 -s "Certificate verification was skipped" \
17460 -c "Protocol is TLSv1.3" \
17461 -c "NamedGroup: secp521r1 ( 19 )" \
17462 -c "NamedGroup: ffdhe8192 ( 104 )" \
17463 -c "Verifying peer X.509 certificate... ok" \
17464 -s "HRR selected_group: ffdhe8192" \
17465 -c "received HelloRetryRequest message" \
17466 -c "selected_group ( 260 )"
17467
17468requires_config_enabled MBEDTLS_SSL_SRV_C
17469requires_config_enabled MBEDTLS_DEBUG_C
17470requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17471requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17472requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17473requires_config_enabled MBEDTLS_SSL_CLI_C
17474requires_config_enabled MBEDTLS_DEBUG_C
17475requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17476requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17477requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17478run_test "TLS 1.3 m->m: HRR x25519 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17479 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17480 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17481 0 \
17482 -s "Protocol is TLSv1.3" \
17483 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17484 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17485 -c "Protocol is TLSv1.3" \
17486 -c "NamedGroup: x25519 ( 1d )" \
17487 -c "NamedGroup: secp256r1 ( 17 )" \
17488 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17489 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17490 -c "received HelloRetryRequest message" \
17491 -c "selected_group ( 23 )"
17492
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17493requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17494requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17495requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17496requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17497requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17498requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17499requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17500requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17501requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17502requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17503run_test "TLS 1.3 m->m: HRR x25519 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17504 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17505 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17506 0 \
17507 -s "Protocol is TLSv1.3" \
17508 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17509 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17510 -c "Protocol is TLSv1.3" \
17511 -c "NamedGroup: x25519 ( 1d )" \
17512 -c "NamedGroup: secp384r1 ( 18 )" \
17513 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17514 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17515 -c "received HelloRetryRequest message" \
17516 -c "selected_group ( 24 )"
17517
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17518requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17519requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17520requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17521requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17522requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17523requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17524requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17525requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17526requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17527requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17528run_test "TLS 1.3 m->m: HRR x25519 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17529 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17530 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17531 0 \
17532 -s "Protocol is TLSv1.3" \
17533 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17534 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17535 -c "Protocol is TLSv1.3" \
17536 -c "NamedGroup: x25519 ( 1d )" \
17537 -c "NamedGroup: secp521r1 ( 19 )" \
17538 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17539 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17540 -c "received HelloRetryRequest message" \
17541 -c "selected_group ( 25 )"
17542
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17543requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17544requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17545requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17546requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17547requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17548requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17549requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17550requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17551requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17552requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17553run_test "TLS 1.3 m->m: HRR x25519 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17554 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17555 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17556 0 \
17557 -s "Protocol is TLSv1.3" \
17558 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17559 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17560 -c "Protocol is TLSv1.3" \
17561 -c "NamedGroup: x25519 ( 1d )" \
17562 -c "NamedGroup: x448 ( 1e )" \
17563 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17564 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17565 -c "received HelloRetryRequest message" \
17566 -c "selected_group ( 30 )"
17567
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17568requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17569requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17570requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17571requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17572requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17573requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17574requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17575requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17576requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17577run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe2048" \
17578 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17579 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe2048" \
17580 0 \
17581 -s "Protocol is TLSv1.3" \
17582 -s "got named group: ffdhe2048(0100)" \
17583 -s "Certificate verification was skipped" \
17584 -c "Protocol is TLSv1.3" \
17585 -c "NamedGroup: x25519 ( 1d )" \
17586 -c "NamedGroup: ffdhe2048 ( 100 )" \
17587 -c "Verifying peer X.509 certificate... ok" \
17588 -s "HRR selected_group: ffdhe2048" \
17589 -c "received HelloRetryRequest message" \
17590 -c "selected_group ( 256 )"
17591
17592requires_config_enabled MBEDTLS_SSL_SRV_C
17593requires_config_enabled MBEDTLS_DEBUG_C
17594requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17595requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17596requires_config_enabled MBEDTLS_SSL_CLI_C
17597requires_config_enabled MBEDTLS_DEBUG_C
17598requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17599requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17600requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17601run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe8192" \
17602 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17603 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe8192" \
17604 0 \
17605 -s "Protocol is TLSv1.3" \
17606 -s "got named group: ffdhe8192(0104)" \
17607 -s "Certificate verification was skipped" \
17608 -c "Protocol is TLSv1.3" \
17609 -c "NamedGroup: x25519 ( 1d )" \
17610 -c "NamedGroup: ffdhe8192 ( 104 )" \
17611 -c "Verifying peer X.509 certificate... ok" \
17612 -s "HRR selected_group: ffdhe8192" \
17613 -c "received HelloRetryRequest message" \
17614 -c "selected_group ( 260 )"
17615
17616requires_config_enabled MBEDTLS_SSL_SRV_C
17617requires_config_enabled MBEDTLS_DEBUG_C
17618requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17619requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17620requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17621requires_config_enabled MBEDTLS_SSL_CLI_C
17622requires_config_enabled MBEDTLS_DEBUG_C
17623requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17624requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17625requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17626run_test "TLS 1.3 m->m: HRR x448 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17627 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17628 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17629 0 \
17630 -s "Protocol is TLSv1.3" \
17631 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17632 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17633 -c "Protocol is TLSv1.3" \
17634 -c "NamedGroup: x448 ( 1e )" \
17635 -c "NamedGroup: secp256r1 ( 17 )" \
17636 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17637 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17638 -c "received HelloRetryRequest message" \
17639 -c "selected_group ( 23 )"
17640
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17641requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17642requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17643requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17644requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17645requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17646requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17647requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17648requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17649requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17650requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17651run_test "TLS 1.3 m->m: HRR x448 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17652 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17653 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17654 0 \
17655 -s "Protocol is TLSv1.3" \
17656 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17657 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17658 -c "Protocol is TLSv1.3" \
17659 -c "NamedGroup: x448 ( 1e )" \
17660 -c "NamedGroup: secp384r1 ( 18 )" \
17661 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17662 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17663 -c "received HelloRetryRequest message" \
17664 -c "selected_group ( 24 )"
17665
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17666requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17667requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17668requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17669requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17670requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17671requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17672requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17673requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17674requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17675requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17676run_test "TLS 1.3 m->m: HRR x448 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17677 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17678 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17679 0 \
17680 -s "Protocol is TLSv1.3" \
17681 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17682 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17683 -c "Protocol is TLSv1.3" \
17684 -c "NamedGroup: x448 ( 1e )" \
17685 -c "NamedGroup: secp521r1 ( 19 )" \
17686 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17687 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17688 -c "received HelloRetryRequest message" \
17689 -c "selected_group ( 25 )"
17690
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17691requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17692requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17693requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17694requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17695requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17696requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17697requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17698requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17699requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17700requires_config_enabled MBEDTLS_ECDH_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17701run_test "TLS 1.3 m->m: HRR x448 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17702 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17703 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17704 0 \
17705 -s "Protocol is TLSv1.3" \
17706 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17707 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17708 -c "Protocol is TLSv1.3" \
17709 -c "NamedGroup: x448 ( 1e )" \
17710 -c "NamedGroup: x25519 ( 1d )" \
17711 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17712 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17713 -c "received HelloRetryRequest message" \
17714 -c "selected_group ( 29 )"
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17715
17716requires_config_enabled MBEDTLS_SSL_SRV_C
17717requires_config_enabled MBEDTLS_DEBUG_C
17718requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17719requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17720requires_config_enabled MBEDTLS_SSL_CLI_C
17721requires_config_enabled MBEDTLS_DEBUG_C
17722requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17723requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17724requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17725run_test "TLS 1.3 m->m: HRR x448 -> ffdhe2048" \
17726 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17727 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe2048" \
17728 0 \
17729 -s "Protocol is TLSv1.3" \
17730 -s "got named group: ffdhe2048(0100)" \
17731 -s "Certificate verification was skipped" \
17732 -c "Protocol is TLSv1.3" \
17733 -c "NamedGroup: x448 ( 1e )" \
17734 -c "NamedGroup: ffdhe2048 ( 100 )" \
17735 -c "Verifying peer X.509 certificate... ok" \
17736 -s "HRR selected_group: ffdhe2048" \
17737 -c "received HelloRetryRequest message" \
17738 -c "selected_group ( 256 )"
17739
17740requires_config_enabled MBEDTLS_SSL_SRV_C
17741requires_config_enabled MBEDTLS_DEBUG_C
17742requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17743requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17744requires_config_enabled MBEDTLS_SSL_CLI_C
17745requires_config_enabled MBEDTLS_DEBUG_C
17746requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17747requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17748requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17749run_test "TLS 1.3 m->m: HRR x448 -> ffdhe8192" \
17750 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17751 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe8192" \
17752 0 \
17753 -s "Protocol is TLSv1.3" \
17754 -s "got named group: ffdhe8192(0104)" \
17755 -s "Certificate verification was skipped" \
17756 -c "Protocol is TLSv1.3" \
17757 -c "NamedGroup: x448 ( 1e )" \
17758 -c "NamedGroup: ffdhe8192 ( 104 )" \
17759 -c "Verifying peer X.509 certificate... ok" \
17760 -s "HRR selected_group: ffdhe8192" \
17761 -c "received HelloRetryRequest message" \
17762 -c "selected_group ( 260 )"
17763
17764requires_config_enabled MBEDTLS_SSL_SRV_C
17765requires_config_enabled MBEDTLS_DEBUG_C
17766requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17767requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17768requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17769requires_config_enabled MBEDTLS_SSL_CLI_C
17770requires_config_enabled MBEDTLS_DEBUG_C
17771requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17772requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17773requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17774run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp256r1" \
17775 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17776 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp256r1" \
17777 0 \
17778 -s "Protocol is TLSv1.3" \
17779 -s "got named group: secp256r1(0017)" \
17780 -s "Certificate verification was skipped" \
17781 -c "Protocol is TLSv1.3" \
17782 -c "NamedGroup: ffdhe2048 ( 100 )" \
17783 -c "NamedGroup: secp256r1 ( 17 )" \
17784 -c "Verifying peer X.509 certificate... ok" \
17785 -s "HRR selected_group: secp256r1" \
17786 -c "received HelloRetryRequest message" \
17787 -c "selected_group ( 23 )"
17788
17789requires_config_enabled MBEDTLS_SSL_SRV_C
17790requires_config_enabled MBEDTLS_DEBUG_C
17791requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17792requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17793requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17794requires_config_enabled MBEDTLS_SSL_CLI_C
17795requires_config_enabled MBEDTLS_DEBUG_C
17796requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17797requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17798requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17799run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp384r1" \
17800 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17801 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp384r1" \
17802 0 \
17803 -s "Protocol is TLSv1.3" \
17804 -s "got named group: secp384r1(0018)" \
17805 -s "Certificate verification was skipped" \
17806 -c "Protocol is TLSv1.3" \
17807 -c "NamedGroup: ffdhe2048 ( 100 )" \
17808 -c "NamedGroup: secp384r1 ( 18 )" \
17809 -c "Verifying peer X.509 certificate... ok" \
17810 -s "HRR selected_group: secp384r1" \
17811 -c "received HelloRetryRequest message" \
17812 -c "selected_group ( 24 )"
17813
17814requires_config_enabled MBEDTLS_SSL_SRV_C
17815requires_config_enabled MBEDTLS_DEBUG_C
17816requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17817requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17818requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17819requires_config_enabled MBEDTLS_SSL_CLI_C
17820requires_config_enabled MBEDTLS_DEBUG_C
17821requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17822requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17823requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17824run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp521r1" \
17825 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17826 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp521r1" \
17827 0 \
17828 -s "Protocol is TLSv1.3" \
17829 -s "got named group: secp521r1(0019)" \
17830 -s "Certificate verification was skipped" \
17831 -c "Protocol is TLSv1.3" \
17832 -c "NamedGroup: ffdhe2048 ( 100 )" \
17833 -c "NamedGroup: secp521r1 ( 19 )" \
17834 -c "Verifying peer X.509 certificate... ok" \
17835 -s "HRR selected_group: secp521r1" \
17836 -c "received HelloRetryRequest message" \
17837 -c "selected_group ( 25 )"
17838
17839requires_config_enabled MBEDTLS_SSL_SRV_C
17840requires_config_enabled MBEDTLS_DEBUG_C
17841requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17842requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17843requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17844requires_config_enabled MBEDTLS_SSL_CLI_C
17845requires_config_enabled MBEDTLS_DEBUG_C
17846requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17847requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17848requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17849run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x25519" \
17850 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17851 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x25519" \
17852 0 \
17853 -s "Protocol is TLSv1.3" \
17854 -s "got named group: x25519(001d)" \
17855 -s "Certificate verification was skipped" \
17856 -c "Protocol is TLSv1.3" \
17857 -c "NamedGroup: ffdhe2048 ( 100 )" \
17858 -c "NamedGroup: x25519 ( 1d )" \
17859 -c "Verifying peer X.509 certificate... ok" \
17860 -s "HRR selected_group: x25519" \
17861 -c "received HelloRetryRequest message" \
17862 -c "selected_group ( 29 )"
17863
17864requires_config_enabled MBEDTLS_SSL_SRV_C
17865requires_config_enabled MBEDTLS_DEBUG_C
17866requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17867requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17868requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17869requires_config_enabled MBEDTLS_SSL_CLI_C
17870requires_config_enabled MBEDTLS_DEBUG_C
17871requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17872requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17873requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17874run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x448" \
17875 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17876 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x448" \
17877 0 \
17878 -s "Protocol is TLSv1.3" \
17879 -s "got named group: x448(001e)" \
17880 -s "Certificate verification was skipped" \
17881 -c "Protocol is TLSv1.3" \
17882 -c "NamedGroup: ffdhe2048 ( 100 )" \
17883 -c "NamedGroup: x448 ( 1e )" \
17884 -c "Verifying peer X.509 certificate... ok" \
17885 -s "HRR selected_group: x448" \
17886 -c "received HelloRetryRequest message" \
17887 -c "selected_group ( 30 )"
17888
17889requires_config_enabled MBEDTLS_SSL_SRV_C
17890requires_config_enabled MBEDTLS_DEBUG_C
17891requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17892requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17893requires_config_enabled MBEDTLS_SSL_CLI_C
17894requires_config_enabled MBEDTLS_DEBUG_C
17895requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17896requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17897run_test "TLS 1.3 m->m: HRR ffdhe2048 -> ffdhe8192" \
17898 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17899 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe8192" \
17900 0 \
17901 -s "Protocol is TLSv1.3" \
17902 -s "got named group: ffdhe8192(0104)" \
17903 -s "Certificate verification was skipped" \
17904 -c "Protocol is TLSv1.3" \
17905 -c "NamedGroup: ffdhe2048 ( 100 )" \
17906 -c "NamedGroup: ffdhe8192 ( 104 )" \
17907 -c "Verifying peer X.509 certificate... ok" \
17908 -s "HRR selected_group: ffdhe8192" \
17909 -c "received HelloRetryRequest message" \
17910 -c "selected_group ( 260 )"
17911
17912requires_config_enabled MBEDTLS_SSL_SRV_C
17913requires_config_enabled MBEDTLS_DEBUG_C
17914requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17915requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17916requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17917requires_config_enabled MBEDTLS_SSL_CLI_C
17918requires_config_enabled MBEDTLS_DEBUG_C
17919requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17920requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17921requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17922run_test "TLS 1.3 m->m: HRR ffdhe8192 -> secp256r1" \
17923 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17924 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp256r1" \
17925 0 \
17926 -s "Protocol is TLSv1.3" \
17927 -s "got named group: secp256r1(0017)" \
17928 -s "Certificate verification was skipped" \
17929 -c "Protocol is TLSv1.3" \
17930 -c "NamedGroup: ffdhe8192 ( 104 )" \
17931 -c "NamedGroup: secp256r1 ( 17 )" \
17932 -c "Verifying peer X.509 certificate... ok" \
17933 -s "HRR selected_group: secp256r1" \
17934 -c "received HelloRetryRequest message" \
17935 -c "selected_group ( 23 )"
17936
17937requires_config_enabled MBEDTLS_SSL_SRV_C
17938requires_config_enabled MBEDTLS_DEBUG_C
17939requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17940requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17941requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17942requires_config_enabled MBEDTLS_SSL_CLI_C
17943requires_config_enabled MBEDTLS_DEBUG_C
17944requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17945requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17946requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17947run_test "TLS 1.3 m->m: HRR ffdhe8192 -> secp384r1" \
17948 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17949 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp384r1" \
17950 0 \
17951 -s "Protocol is TLSv1.3" \
17952 -s "got named group: secp384r1(0018)" \
17953 -s "Certificate verification was skipped" \
17954 -c "Protocol is TLSv1.3" \
17955 -c "NamedGroup: ffdhe8192 ( 104 )" \
17956 -c "NamedGroup: secp384r1 ( 18 )" \
17957 -c "Verifying peer X.509 certificate... ok" \
17958 -s "HRR selected_group: secp384r1" \
17959 -c "received HelloRetryRequest message" \
17960 -c "selected_group ( 24 )"
17961
17962requires_config_enabled MBEDTLS_SSL_SRV_C
17963requires_config_enabled MBEDTLS_DEBUG_C
17964requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17965requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17966requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17967requires_config_enabled MBEDTLS_SSL_CLI_C
17968requires_config_enabled MBEDTLS_DEBUG_C
17969requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17970requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17971requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17972run_test "TLS 1.3 m->m: HRR ffdhe8192 -> secp521r1" \
17973 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17974 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp521r1" \
17975 0 \
17976 -s "Protocol is TLSv1.3" \
17977 -s "got named group: secp521r1(0019)" \
17978 -s "Certificate verification was skipped" \
17979 -c "Protocol is TLSv1.3" \
17980 -c "NamedGroup: ffdhe8192 ( 104 )" \
17981 -c "NamedGroup: secp521r1 ( 19 )" \
17982 -c "Verifying peer X.509 certificate... ok" \
17983 -s "HRR selected_group: secp521r1" \
17984 -c "received HelloRetryRequest message" \
17985 -c "selected_group ( 25 )"
17986
17987requires_config_enabled MBEDTLS_SSL_SRV_C
17988requires_config_enabled MBEDTLS_DEBUG_C
17989requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17990requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17991requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17992requires_config_enabled MBEDTLS_SSL_CLI_C
17993requires_config_enabled MBEDTLS_DEBUG_C
17994requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17995requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]17996requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]17997run_test "TLS 1.3 m->m: HRR ffdhe8192 -> x25519" \
17998 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17999 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x25519" \
18000 0 \
18001 -s "Protocol is TLSv1.3" \
18002 -s "got named group: x25519(001d)" \
18003 -s "Certificate verification was skipped" \
18004 -c "Protocol is TLSv1.3" \
18005 -c "NamedGroup: ffdhe8192 ( 104 )" \
18006 -c "NamedGroup: x25519 ( 1d )" \
18007 -c "Verifying peer X.509 certificate... ok" \
18008 -s "HRR selected_group: x25519" \
18009 -c "received HelloRetryRequest message" \
18010 -c "selected_group ( 29 )"
18011
18012requires_config_enabled MBEDTLS_SSL_SRV_C
18013requires_config_enabled MBEDTLS_DEBUG_C
18014requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18015requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]18016requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]18017requires_config_enabled MBEDTLS_SSL_CLI_C
18018requires_config_enabled MBEDTLS_DEBUG_C
18019requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18020requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200[diff] [blame^]18021requires_config_enabled MBEDTLS_ECDH_C
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]18022run_test "TLS 1.3 m->m: HRR ffdhe8192 -> x448" \
18023 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18024 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x448" \
18025 0 \
18026 -s "Protocol is TLSv1.3" \
18027 -s "got named group: x448(001e)" \
18028 -s "Certificate verification was skipped" \
18029 -c "Protocol is TLSv1.3" \
18030 -c "NamedGroup: ffdhe8192 ( 104 )" \
18031 -c "NamedGroup: x448 ( 1e )" \
18032 -c "Verifying peer X.509 certificate... ok" \
18033 -s "HRR selected_group: x448" \
18034 -c "received HelloRetryRequest message" \
18035 -c "selected_group ( 30 )"
18036
18037requires_config_enabled MBEDTLS_SSL_SRV_C
18038requires_config_enabled MBEDTLS_DEBUG_C
18039requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18040requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18041requires_config_enabled MBEDTLS_SSL_CLI_C
18042requires_config_enabled MBEDTLS_DEBUG_C
18043requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18044requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18045run_test "TLS 1.3 m->m: HRR ffdhe8192 -> ffdhe2048" \
18046 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18047 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe2048" \
18048 0 \
18049 -s "Protocol is TLSv1.3" \
18050 -s "got named group: ffdhe2048(0100)" \
18051 -s "Certificate verification was skipped" \
18052 -c "Protocol is TLSv1.3" \
18053 -c "NamedGroup: ffdhe8192 ( 104 )" \
18054 -c "NamedGroup: ffdhe2048 ( 100 )" \
18055 -c "Verifying peer X.509 certificate... ok" \
18056 -s "HRR selected_group: ffdhe2048" \
18057 -c "received HelloRetryRequest message" \
18058 -c "selected_group ( 256 )"