TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 31018adb81e9998e81b7d20e4732f1ccfd76550d / . / tests / opt-testcases / tls13-compat.sh
blob: f87a590aa26f1732bb032fecd4111c2cbcee6332 [file] [log] [blame]
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame^]1#!/bin/sh
2
3# tls13-compat.sh
4#
5# Copyright The Mbed TLS Contributors
6# SPDX-License-Identifier: Apache-2.0
7#
8# Licensed under the Apache License, Version 2.0 (the "License"); you may
9# not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17# See the License for the specific language governing permissions and
18# limitations under the License.
19#
20# Purpose
21#
22# List TLS1.3 compat test cases. They are generated by
23# `generate_tls13_compat_tests.py -a`.
24#
25# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
26# AND REGENERATE THIS FILE.
27#
28
29
30requires_openssl_tls1_3
31requires_config_enabled MBEDTLS_DEBUG_C
32requires_config_enabled MBEDTLS_SSL_CLI_C
33requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
34requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
35run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
36 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
37 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
38 0 \
39 -c "HTTP/1.0 200 ok" \
40 -c "ECDH curve: secp256r1" \
41 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
42 -c "Certificate Verify: Signature algorithm ( 0403 )" \
43 -c "Verifying peer X.509 certificate... ok"
44
45requires_gnutls_tls1_3
46requires_gnutls_next_no_ticket
47requires_gnutls_next_disable_tls13_compat
48requires_config_enabled MBEDTLS_DEBUG_C
49requires_config_enabled MBEDTLS_SSL_CLI_C
50requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
51requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
52run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
53 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+AES-128-GCM:+GROUP-SECP256R1:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
54 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
55 0 \
56 -c "HTTP/1.0 200 OK" \
57 -c "ECDH curve: secp256r1" \
58 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
59 -c "Certificate Verify: Signature algorithm ( 0403 )" \
60 -c "Verifying peer X.509 certificate... ok"
61
62requires_openssl_tls1_3
63requires_config_enabled MBEDTLS_DEBUG_C
64requires_config_enabled MBEDTLS_SSL_CLI_C
65requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
66requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
67run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
68 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
69 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
70 0 \
71 -c "HTTP/1.0 200 ok" \
72 -c "ECDH curve: secp384r1" \
73 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
74 -c "Certificate Verify: Signature algorithm ( 0403 )" \
75 -c "Verifying peer X.509 certificate... ok"
76
77requires_gnutls_tls1_3
78requires_gnutls_next_no_ticket
79requires_gnutls_next_disable_tls13_compat
80requires_config_enabled MBEDTLS_DEBUG_C
81requires_config_enabled MBEDTLS_SSL_CLI_C
82requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
83requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
84run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
85 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+AES-128-GCM:+GROUP-SECP384R1:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
86 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
87 0 \
88 -c "HTTP/1.0 200 OK" \
89 -c "ECDH curve: secp384r1" \
90 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
91 -c "Certificate Verify: Signature algorithm ( 0403 )" \
92 -c "Verifying peer X.509 certificate... ok"
93
94requires_openssl_tls1_3
95requires_config_enabled MBEDTLS_DEBUG_C
96requires_config_enabled MBEDTLS_SSL_CLI_C
97requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
98requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
99run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
100 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
101 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
102 0 \
103 -c "HTTP/1.0 200 ok" \
104 -c "ECDH curve: secp521r1" \
105 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
106 -c "Certificate Verify: Signature algorithm ( 0403 )" \
107 -c "Verifying peer X.509 certificate... ok"
108
109requires_gnutls_tls1_3
110requires_gnutls_next_no_ticket
111requires_gnutls_next_disable_tls13_compat
112requires_config_enabled MBEDTLS_DEBUG_C
113requires_config_enabled MBEDTLS_SSL_CLI_C
114requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
115requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
116run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
117 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+AES-128-GCM:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
118 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
119 0 \
120 -c "HTTP/1.0 200 OK" \
121 -c "ECDH curve: secp521r1" \
122 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
123 -c "Certificate Verify: Signature algorithm ( 0403 )" \
124 -c "Verifying peer X.509 certificate... ok"
125
126requires_openssl_tls1_3
127requires_config_enabled MBEDTLS_DEBUG_C
128requires_config_enabled MBEDTLS_SSL_CLI_C
129requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
130requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
131run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
132 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
133 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
134 0 \
135 -c "HTTP/1.0 200 ok" \
136 -c "ECDH curve: x25519" \
137 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
138 -c "Certificate Verify: Signature algorithm ( 0403 )" \
139 -c "Verifying peer X.509 certificate... ok"
140
141requires_gnutls_tls1_3
142requires_gnutls_next_no_ticket
143requires_gnutls_next_disable_tls13_compat
144requires_config_enabled MBEDTLS_DEBUG_C
145requires_config_enabled MBEDTLS_SSL_CLI_C
146requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
147requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
148run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
149 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+GROUP-X25519:+AES-128-GCM:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
150 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
151 0 \
152 -c "HTTP/1.0 200 OK" \
153 -c "ECDH curve: x25519" \
154 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
155 -c "Certificate Verify: Signature algorithm ( 0403 )" \
156 -c "Verifying peer X.509 certificate... ok"
157
158requires_openssl_tls1_3
159requires_config_enabled MBEDTLS_DEBUG_C
160requires_config_enabled MBEDTLS_SSL_CLI_C
161requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
162requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
163run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
164 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
165 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
166 0 \
167 -c "HTTP/1.0 200 ok" \
168 -c "ECDH curve: x448" \
169 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
170 -c "Certificate Verify: Signature algorithm ( 0403 )" \
171 -c "Verifying peer X.509 certificate... ok"
172
173requires_gnutls_tls1_3
174requires_gnutls_next_no_ticket
175requires_gnutls_next_disable_tls13_compat
176requires_config_enabled MBEDTLS_DEBUG_C
177requires_config_enabled MBEDTLS_SSL_CLI_C
178requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
179requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
180run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
181 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+AES-128-GCM:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
182 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
183 0 \
184 -c "HTTP/1.0 200 OK" \
185 -c "ECDH curve: x448" \
186 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
187 -c "Certificate Verify: Signature algorithm ( 0403 )" \
188 -c "Verifying peer X.509 certificate... ok"
189
190requires_openssl_tls1_3
191requires_config_enabled MBEDTLS_DEBUG_C
192requires_config_enabled MBEDTLS_SSL_CLI_C
193requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
194requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
195run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
196 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
197 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
198 0 \
199 -c "HTTP/1.0 200 ok" \
200 -c "ECDH curve: secp256r1" \
201 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
202 -c "Certificate Verify: Signature algorithm ( 0503 )" \
203 -c "Verifying peer X.509 certificate... ok"
204
205requires_gnutls_tls1_3
206requires_gnutls_next_no_ticket
207requires_gnutls_next_disable_tls13_compat
208requires_config_enabled MBEDTLS_DEBUG_C
209requires_config_enabled MBEDTLS_SSL_CLI_C
210requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
211requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
212run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
213 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+AES-128-GCM:+GROUP-SECP256R1:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
214 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
215 0 \
216 -c "HTTP/1.0 200 OK" \
217 -c "ECDH curve: secp256r1" \
218 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
219 -c "Certificate Verify: Signature algorithm ( 0503 )" \
220 -c "Verifying peer X.509 certificate... ok"
221
222requires_openssl_tls1_3
223requires_config_enabled MBEDTLS_DEBUG_C
224requires_config_enabled MBEDTLS_SSL_CLI_C
225requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
226requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
227run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
228 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
229 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
230 0 \
231 -c "HTTP/1.0 200 ok" \
232 -c "ECDH curve: secp384r1" \
233 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
234 -c "Certificate Verify: Signature algorithm ( 0503 )" \
235 -c "Verifying peer X.509 certificate... ok"
236
237requires_gnutls_tls1_3
238requires_gnutls_next_no_ticket
239requires_gnutls_next_disable_tls13_compat
240requires_config_enabled MBEDTLS_DEBUG_C
241requires_config_enabled MBEDTLS_SSL_CLI_C
242requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
243requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
244run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
245 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+AES-128-GCM:+GROUP-SECP384R1:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
246 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
247 0 \
248 -c "HTTP/1.0 200 OK" \
249 -c "ECDH curve: secp384r1" \
250 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
251 -c "Certificate Verify: Signature algorithm ( 0503 )" \
252 -c "Verifying peer X.509 certificate... ok"
253
254requires_openssl_tls1_3
255requires_config_enabled MBEDTLS_DEBUG_C
256requires_config_enabled MBEDTLS_SSL_CLI_C
257requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
258requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
259run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
260 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
261 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
262 0 \
263 -c "HTTP/1.0 200 ok" \
264 -c "ECDH curve: secp521r1" \
265 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
266 -c "Certificate Verify: Signature algorithm ( 0503 )" \
267 -c "Verifying peer X.509 certificate... ok"
268
269requires_gnutls_tls1_3
270requires_gnutls_next_no_ticket
271requires_gnutls_next_disable_tls13_compat
272requires_config_enabled MBEDTLS_DEBUG_C
273requires_config_enabled MBEDTLS_SSL_CLI_C
274requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
275requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
276run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
277 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+AES-128-GCM:+GROUP-SECP521R1:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
278 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
279 0 \
280 -c "HTTP/1.0 200 OK" \
281 -c "ECDH curve: secp521r1" \
282 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
283 -c "Certificate Verify: Signature algorithm ( 0503 )" \
284 -c "Verifying peer X.509 certificate... ok"
285
286requires_openssl_tls1_3
287requires_config_enabled MBEDTLS_DEBUG_C
288requires_config_enabled MBEDTLS_SSL_CLI_C
289requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
290requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
291run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
292 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
293 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
294 0 \
295 -c "HTTP/1.0 200 ok" \
296 -c "ECDH curve: x25519" \
297 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
298 -c "Certificate Verify: Signature algorithm ( 0503 )" \
299 -c "Verifying peer X.509 certificate... ok"
300
301requires_gnutls_tls1_3
302requires_gnutls_next_no_ticket
303requires_gnutls_next_disable_tls13_compat
304requires_config_enabled MBEDTLS_DEBUG_C
305requires_config_enabled MBEDTLS_SSL_CLI_C
306requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
307requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
308run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
309 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+GROUP-X25519:+AES-128-GCM:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
310 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
311 0 \
312 -c "HTTP/1.0 200 OK" \
313 -c "ECDH curve: x25519" \
314 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
315 -c "Certificate Verify: Signature algorithm ( 0503 )" \
316 -c "Verifying peer X.509 certificate... ok"
317
318requires_openssl_tls1_3
319requires_config_enabled MBEDTLS_DEBUG_C
320requires_config_enabled MBEDTLS_SSL_CLI_C
321requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
322requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
323run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
324 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
325 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
326 0 \
327 -c "HTTP/1.0 200 ok" \
328 -c "ECDH curve: x448" \
329 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
330 -c "Certificate Verify: Signature algorithm ( 0503 )" \
331 -c "Verifying peer X.509 certificate... ok"
332
333requires_gnutls_tls1_3
334requires_gnutls_next_no_ticket
335requires_gnutls_next_disable_tls13_compat
336requires_config_enabled MBEDTLS_DEBUG_C
337requires_config_enabled MBEDTLS_SSL_CLI_C
338requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
339requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
340run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
341 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+AES-128-GCM:+GROUP-X448:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
342 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
343 0 \
344 -c "HTTP/1.0 200 OK" \
345 -c "ECDH curve: x448" \
346 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
347 -c "Certificate Verify: Signature algorithm ( 0503 )" \
348 -c "Verifying peer X.509 certificate... ok"
349
350requires_openssl_tls1_3
351requires_config_enabled MBEDTLS_DEBUG_C
352requires_config_enabled MBEDTLS_SSL_CLI_C
353requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
354requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
355run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
356 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
357 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
358 0 \
359 -c "HTTP/1.0 200 ok" \
360 -c "ECDH curve: secp256r1" \
361 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
362 -c "Certificate Verify: Signature algorithm ( 0603 )" \
363 -c "Verifying peer X.509 certificate... ok"
364
365requires_gnutls_tls1_3
366requires_gnutls_next_no_ticket
367requires_gnutls_next_disable_tls13_compat
368requires_config_enabled MBEDTLS_DEBUG_C
369requires_config_enabled MBEDTLS_SSL_CLI_C
370requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
371requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
372run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
373 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+AES-128-GCM:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
374 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
375 0 \
376 -c "HTTP/1.0 200 OK" \
377 -c "ECDH curve: secp256r1" \
378 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
379 -c "Certificate Verify: Signature algorithm ( 0603 )" \
380 -c "Verifying peer X.509 certificate... ok"
381
382requires_openssl_tls1_3
383requires_config_enabled MBEDTLS_DEBUG_C
384requires_config_enabled MBEDTLS_SSL_CLI_C
385requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
386requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
387run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
388 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
389 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
390 0 \
391 -c "HTTP/1.0 200 ok" \
392 -c "ECDH curve: secp384r1" \
393 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
394 -c "Certificate Verify: Signature algorithm ( 0603 )" \
395 -c "Verifying peer X.509 certificate... ok"
396
397requires_gnutls_tls1_3
398requires_gnutls_next_no_ticket
399requires_gnutls_next_disable_tls13_compat
400requires_config_enabled MBEDTLS_DEBUG_C
401requires_config_enabled MBEDTLS_SSL_CLI_C
402requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
403requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
404run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
405 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+AES-128-GCM:+GROUP-SECP384R1:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
406 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
407 0 \
408 -c "HTTP/1.0 200 OK" \
409 -c "ECDH curve: secp384r1" \
410 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
411 -c "Certificate Verify: Signature algorithm ( 0603 )" \
412 -c "Verifying peer X.509 certificate... ok"
413
414requires_openssl_tls1_3
415requires_config_enabled MBEDTLS_DEBUG_C
416requires_config_enabled MBEDTLS_SSL_CLI_C
417requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
418requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
419run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
420 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
421 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
422 0 \
423 -c "HTTP/1.0 200 ok" \
424 -c "ECDH curve: secp521r1" \
425 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
426 -c "Certificate Verify: Signature algorithm ( 0603 )" \
427 -c "Verifying peer X.509 certificate... ok"
428
429requires_gnutls_tls1_3
430requires_gnutls_next_no_ticket
431requires_gnutls_next_disable_tls13_compat
432requires_config_enabled MBEDTLS_DEBUG_C
433requires_config_enabled MBEDTLS_SSL_CLI_C
434requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
435requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
436run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
437 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+AES-128-GCM:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
438 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
439 0 \
440 -c "HTTP/1.0 200 OK" \
441 -c "ECDH curve: secp521r1" \
442 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
443 -c "Certificate Verify: Signature algorithm ( 0603 )" \
444 -c "Verifying peer X.509 certificate... ok"
445
446requires_openssl_tls1_3
447requires_config_enabled MBEDTLS_DEBUG_C
448requires_config_enabled MBEDTLS_SSL_CLI_C
449requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
450requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
451run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
452 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
453 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
454 0 \
455 -c "HTTP/1.0 200 ok" \
456 -c "ECDH curve: x25519" \
457 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
458 -c "Certificate Verify: Signature algorithm ( 0603 )" \
459 -c "Verifying peer X.509 certificate... ok"
460
461requires_gnutls_tls1_3
462requires_gnutls_next_no_ticket
463requires_gnutls_next_disable_tls13_compat
464requires_config_enabled MBEDTLS_DEBUG_C
465requires_config_enabled MBEDTLS_SSL_CLI_C
466requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
467requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
468run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
469 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+GROUP-X25519:+AES-128-GCM:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
470 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
471 0 \
472 -c "HTTP/1.0 200 OK" \
473 -c "ECDH curve: x25519" \
474 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
475 -c "Certificate Verify: Signature algorithm ( 0603 )" \
476 -c "Verifying peer X.509 certificate... ok"
477
478requires_openssl_tls1_3
479requires_config_enabled MBEDTLS_DEBUG_C
480requires_config_enabled MBEDTLS_SSL_CLI_C
481requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
482requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
483run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
484 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
485 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
486 0 \
487 -c "HTTP/1.0 200 ok" \
488 -c "ECDH curve: x448" \
489 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
490 -c "Certificate Verify: Signature algorithm ( 0603 )" \
491 -c "Verifying peer X.509 certificate... ok"
492
493requires_gnutls_tls1_3
494requires_gnutls_next_no_ticket
495requires_gnutls_next_disable_tls13_compat
496requires_config_enabled MBEDTLS_DEBUG_C
497requires_config_enabled MBEDTLS_SSL_CLI_C
498requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
499requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
500run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
501 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+AES-128-GCM:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
502 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
503 0 \
504 -c "HTTP/1.0 200 OK" \
505 -c "ECDH curve: x448" \
506 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
507 -c "Certificate Verify: Signature algorithm ( 0603 )" \
508 -c "Verifying peer X.509 certificate... ok"
509
510requires_openssl_tls1_3
511requires_config_enabled MBEDTLS_DEBUG_C
512requires_config_enabled MBEDTLS_SSL_CLI_C
513requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
514requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
515requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
516run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
517 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
518 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
519 0 \
520 -c "HTTP/1.0 200 ok" \
521 -c "ECDH curve: secp256r1" \
522 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
523 -c "Certificate Verify: Signature algorithm ( 0804 )" \
524 -c "Verifying peer X.509 certificate... ok"
525
526requires_gnutls_tls1_3
527requires_gnutls_next_no_ticket
528requires_gnutls_next_disable_tls13_compat
529requires_config_enabled MBEDTLS_DEBUG_C
530requires_config_enabled MBEDTLS_SSL_CLI_C
531requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
532requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
533requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
534run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
535 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+AES-128-GCM:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
536 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
537 0 \
538 -c "HTTP/1.0 200 OK" \
539 -c "ECDH curve: secp256r1" \
540 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
541 -c "Certificate Verify: Signature algorithm ( 0804 )" \
542 -c "Verifying peer X.509 certificate... ok"
543
544requires_openssl_tls1_3
545requires_config_enabled MBEDTLS_DEBUG_C
546requires_config_enabled MBEDTLS_SSL_CLI_C
547requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
548requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
549requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
550run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
551 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
552 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
553 0 \
554 -c "HTTP/1.0 200 ok" \
555 -c "ECDH curve: secp384r1" \
556 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
557 -c "Certificate Verify: Signature algorithm ( 0804 )" \
558 -c "Verifying peer X.509 certificate... ok"
559
560requires_gnutls_tls1_3
561requires_gnutls_next_no_ticket
562requires_gnutls_next_disable_tls13_compat
563requires_config_enabled MBEDTLS_DEBUG_C
564requires_config_enabled MBEDTLS_SSL_CLI_C
565requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
566requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
567requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
568run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
569 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+AES-128-GCM:+GROUP-SECP384R1:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
570 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
571 0 \
572 -c "HTTP/1.0 200 OK" \
573 -c "ECDH curve: secp384r1" \
574 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
575 -c "Certificate Verify: Signature algorithm ( 0804 )" \
576 -c "Verifying peer X.509 certificate... ok"
577
578requires_openssl_tls1_3
579requires_config_enabled MBEDTLS_DEBUG_C
580requires_config_enabled MBEDTLS_SSL_CLI_C
581requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
582requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
583requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
584run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
585 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
586 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
587 0 \
588 -c "HTTP/1.0 200 ok" \
589 -c "ECDH curve: secp521r1" \
590 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
591 -c "Certificate Verify: Signature algorithm ( 0804 )" \
592 -c "Verifying peer X.509 certificate... ok"
593
594requires_gnutls_tls1_3
595requires_gnutls_next_no_ticket
596requires_gnutls_next_disable_tls13_compat
597requires_config_enabled MBEDTLS_DEBUG_C
598requires_config_enabled MBEDTLS_SSL_CLI_C
599requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
600requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
601requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
602run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
603 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+AES-128-GCM:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
604 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
605 0 \
606 -c "HTTP/1.0 200 OK" \
607 -c "ECDH curve: secp521r1" \
608 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
609 -c "Certificate Verify: Signature algorithm ( 0804 )" \
610 -c "Verifying peer X.509 certificate... ok"
611
612requires_openssl_tls1_3
613requires_config_enabled MBEDTLS_DEBUG_C
614requires_config_enabled MBEDTLS_SSL_CLI_C
615requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
616requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
617requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
618run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
619 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
620 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
621 0 \
622 -c "HTTP/1.0 200 ok" \
623 -c "ECDH curve: x25519" \
624 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
625 -c "Certificate Verify: Signature algorithm ( 0804 )" \
626 -c "Verifying peer X.509 certificate... ok"
627
628requires_gnutls_tls1_3
629requires_gnutls_next_no_ticket
630requires_gnutls_next_disable_tls13_compat
631requires_config_enabled MBEDTLS_DEBUG_C
632requires_config_enabled MBEDTLS_SSL_CLI_C
633requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
634requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
635requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
636run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
637 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+GROUP-X25519:+AES-128-GCM:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
638 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
639 0 \
640 -c "HTTP/1.0 200 OK" \
641 -c "ECDH curve: x25519" \
642 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
643 -c "Certificate Verify: Signature algorithm ( 0804 )" \
644 -c "Verifying peer X.509 certificate... ok"
645
646requires_openssl_tls1_3
647requires_config_enabled MBEDTLS_DEBUG_C
648requires_config_enabled MBEDTLS_SSL_CLI_C
649requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
650requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
651requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
652run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
653 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
654 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
655 0 \
656 -c "HTTP/1.0 200 ok" \
657 -c "ECDH curve: x448" \
658 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
659 -c "Certificate Verify: Signature algorithm ( 0804 )" \
660 -c "Verifying peer X.509 certificate... ok"
661
662requires_gnutls_tls1_3
663requires_gnutls_next_no_ticket
664requires_gnutls_next_disable_tls13_compat
665requires_config_enabled MBEDTLS_DEBUG_C
666requires_config_enabled MBEDTLS_SSL_CLI_C
667requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
668requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
669requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
670run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
671 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+AES-128-GCM:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
672 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
673 0 \
674 -c "HTTP/1.0 200 OK" \
675 -c "ECDH curve: x448" \
676 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
677 -c "Certificate Verify: Signature algorithm ( 0804 )" \
678 -c "Verifying peer X.509 certificate... ok"
679
680requires_openssl_tls1_3
681requires_config_enabled MBEDTLS_DEBUG_C
682requires_config_enabled MBEDTLS_SSL_CLI_C
683requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
684requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
685run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
686 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
687 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
688 0 \
689 -c "HTTP/1.0 200 ok" \
690 -c "ECDH curve: secp256r1" \
691 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
692 -c "Certificate Verify: Signature algorithm ( 0403 )" \
693 -c "Verifying peer X.509 certificate... ok"
694
695requires_gnutls_tls1_3
696requires_gnutls_next_no_ticket
697requires_gnutls_next_disable_tls13_compat
698requires_config_enabled MBEDTLS_DEBUG_C
699requires_config_enabled MBEDTLS_SSL_CLI_C
700requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
701requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
702run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
703 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SIGN-ECDSA-SECP256R1-SHA256:+SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
704 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
705 0 \
706 -c "HTTP/1.0 200 OK" \
707 -c "ECDH curve: secp256r1" \
708 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
709 -c "Certificate Verify: Signature algorithm ( 0403 )" \
710 -c "Verifying peer X.509 certificate... ok"
711
712requires_openssl_tls1_3
713requires_config_enabled MBEDTLS_DEBUG_C
714requires_config_enabled MBEDTLS_SSL_CLI_C
715requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
716requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
717run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
718 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
719 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
720 0 \
721 -c "HTTP/1.0 200 ok" \
722 -c "ECDH curve: secp384r1" \
723 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
724 -c "Certificate Verify: Signature algorithm ( 0403 )" \
725 -c "Verifying peer X.509 certificate... ok"
726
727requires_gnutls_tls1_3
728requires_gnutls_next_no_ticket
729requires_gnutls_next_disable_tls13_compat
730requires_config_enabled MBEDTLS_DEBUG_C
731requires_config_enabled MBEDTLS_SSL_CLI_C
732requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
733requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
734run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
735 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SIGN-ECDSA-SECP256R1-SHA256:+SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
736 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
737 0 \
738 -c "HTTP/1.0 200 OK" \
739 -c "ECDH curve: secp384r1" \
740 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
741 -c "Certificate Verify: Signature algorithm ( 0403 )" \
742 -c "Verifying peer X.509 certificate... ok"
743
744requires_openssl_tls1_3
745requires_config_enabled MBEDTLS_DEBUG_C
746requires_config_enabled MBEDTLS_SSL_CLI_C
747requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
748requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
749run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
750 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
751 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
752 0 \
753 -c "HTTP/1.0 200 ok" \
754 -c "ECDH curve: secp521r1" \
755 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
756 -c "Certificate Verify: Signature algorithm ( 0403 )" \
757 -c "Verifying peer X.509 certificate... ok"
758
759requires_gnutls_tls1_3
760requires_gnutls_next_no_ticket
761requires_gnutls_next_disable_tls13_compat
762requires_config_enabled MBEDTLS_DEBUG_C
763requires_config_enabled MBEDTLS_SSL_CLI_C
764requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
765requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
766run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
767 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+AES-256-GCM:+SIGN-ECDSA-SECP256R1-SHA256:+SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
768 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
769 0 \
770 -c "HTTP/1.0 200 OK" \
771 -c "ECDH curve: secp521r1" \
772 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
773 -c "Certificate Verify: Signature algorithm ( 0403 )" \
774 -c "Verifying peer X.509 certificate... ok"
775
776requires_openssl_tls1_3
777requires_config_enabled MBEDTLS_DEBUG_C
778requires_config_enabled MBEDTLS_SSL_CLI_C
779requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
780requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
781run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
782 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
783 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
784 0 \
785 -c "HTTP/1.0 200 ok" \
786 -c "ECDH curve: x25519" \
787 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
788 -c "Certificate Verify: Signature algorithm ( 0403 )" \
789 -c "Verifying peer X.509 certificate... ok"
790
791requires_gnutls_tls1_3
792requires_gnutls_next_no_ticket
793requires_gnutls_next_disable_tls13_compat
794requires_config_enabled MBEDTLS_DEBUG_C
795requires_config_enabled MBEDTLS_SSL_CLI_C
796requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
797requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
798run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
799 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+GROUP-X25519:+AES-256-GCM:+SIGN-ECDSA-SECP256R1-SHA256:+SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
800 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
801 0 \
802 -c "HTTP/1.0 200 OK" \
803 -c "ECDH curve: x25519" \
804 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
805 -c "Certificate Verify: Signature algorithm ( 0403 )" \
806 -c "Verifying peer X.509 certificate... ok"
807
808requires_openssl_tls1_3
809requires_config_enabled MBEDTLS_DEBUG_C
810requires_config_enabled MBEDTLS_SSL_CLI_C
811requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
812requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
813run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
814 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
815 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
816 0 \
817 -c "HTTP/1.0 200 ok" \
818 -c "ECDH curve: x448" \
819 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
820 -c "Certificate Verify: Signature algorithm ( 0403 )" \
821 -c "Verifying peer X.509 certificate... ok"
822
823requires_gnutls_tls1_3
824requires_gnutls_next_no_ticket
825requires_gnutls_next_disable_tls13_compat
826requires_config_enabled MBEDTLS_DEBUG_C
827requires_config_enabled MBEDTLS_SSL_CLI_C
828requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
829requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
830run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
831 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+AES-256-GCM:+SIGN-ECDSA-SECP256R1-SHA256:+SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
832 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
833 0 \
834 -c "HTTP/1.0 200 OK" \
835 -c "ECDH curve: x448" \
836 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
837 -c "Certificate Verify: Signature algorithm ( 0403 )" \
838 -c "Verifying peer X.509 certificate... ok"
839
840requires_openssl_tls1_3
841requires_config_enabled MBEDTLS_DEBUG_C
842requires_config_enabled MBEDTLS_SSL_CLI_C
843requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
844requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
845run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
846 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
847 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
848 0 \
849 -c "HTTP/1.0 200 ok" \
850 -c "ECDH curve: secp256r1" \
851 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
852 -c "Certificate Verify: Signature algorithm ( 0503 )" \
853 -c "Verifying peer X.509 certificate... ok"
854
855requires_gnutls_tls1_3
856requires_gnutls_next_no_ticket
857requires_gnutls_next_disable_tls13_compat
858requires_config_enabled MBEDTLS_DEBUG_C
859requires_config_enabled MBEDTLS_SSL_CLI_C
860requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
861requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
862run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
863 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
864 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
865 0 \
866 -c "HTTP/1.0 200 OK" \
867 -c "ECDH curve: secp256r1" \
868 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
869 -c "Certificate Verify: Signature algorithm ( 0503 )" \
870 -c "Verifying peer X.509 certificate... ok"
871
872requires_openssl_tls1_3
873requires_config_enabled MBEDTLS_DEBUG_C
874requires_config_enabled MBEDTLS_SSL_CLI_C
875requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
876requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
877run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
878 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
879 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
880 0 \
881 -c "HTTP/1.0 200 ok" \
882 -c "ECDH curve: secp384r1" \
883 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
884 -c "Certificate Verify: Signature algorithm ( 0503 )" \
885 -c "Verifying peer X.509 certificate... ok"
886
887requires_gnutls_tls1_3
888requires_gnutls_next_no_ticket
889requires_gnutls_next_disable_tls13_compat
890requires_config_enabled MBEDTLS_DEBUG_C
891requires_config_enabled MBEDTLS_SSL_CLI_C
892requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
893requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
894run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
895 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
896 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
897 0 \
898 -c "HTTP/1.0 200 OK" \
899 -c "ECDH curve: secp384r1" \
900 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
901 -c "Certificate Verify: Signature algorithm ( 0503 )" \
902 -c "Verifying peer X.509 certificate... ok"
903
904requires_openssl_tls1_3
905requires_config_enabled MBEDTLS_DEBUG_C
906requires_config_enabled MBEDTLS_SSL_CLI_C
907requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
908requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
909run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
910 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
911 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
912 0 \
913 -c "HTTP/1.0 200 ok" \
914 -c "ECDH curve: secp521r1" \
915 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
916 -c "Certificate Verify: Signature algorithm ( 0503 )" \
917 -c "Verifying peer X.509 certificate... ok"
918
919requires_gnutls_tls1_3
920requires_gnutls_next_no_ticket
921requires_gnutls_next_disable_tls13_compat
922requires_config_enabled MBEDTLS_DEBUG_C
923requires_config_enabled MBEDTLS_SSL_CLI_C
924requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
925requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
926run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
927 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+AES-256-GCM:+SHA384:+GROUP-SECP521R1:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
928 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
929 0 \
930 -c "HTTP/1.0 200 OK" \
931 -c "ECDH curve: secp521r1" \
932 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
933 -c "Certificate Verify: Signature algorithm ( 0503 )" \
934 -c "Verifying peer X.509 certificate... ok"
935
936requires_openssl_tls1_3
937requires_config_enabled MBEDTLS_DEBUG_C
938requires_config_enabled MBEDTLS_SSL_CLI_C
939requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
940requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
941run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
942 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
943 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
944 0 \
945 -c "HTTP/1.0 200 ok" \
946 -c "ECDH curve: x25519" \
947 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
948 -c "Certificate Verify: Signature algorithm ( 0503 )" \
949 -c "Verifying peer X.509 certificate... ok"
950
951requires_gnutls_tls1_3
952requires_gnutls_next_no_ticket
953requires_gnutls_next_disable_tls13_compat
954requires_config_enabled MBEDTLS_DEBUG_C
955requires_config_enabled MBEDTLS_SSL_CLI_C
956requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
957requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
958run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
959 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+GROUP-X25519:+AES-256-GCM:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
960 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
961 0 \
962 -c "HTTP/1.0 200 OK" \
963 -c "ECDH curve: x25519" \
964 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
965 -c "Certificate Verify: Signature algorithm ( 0503 )" \
966 -c "Verifying peer X.509 certificate... ok"
967
968requires_openssl_tls1_3
969requires_config_enabled MBEDTLS_DEBUG_C
970requires_config_enabled MBEDTLS_SSL_CLI_C
971requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
972requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
973run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
974 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
975 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
976 0 \
977 -c "HTTP/1.0 200 ok" \
978 -c "ECDH curve: x448" \
979 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
980 -c "Certificate Verify: Signature algorithm ( 0503 )" \
981 -c "Verifying peer X.509 certificate... ok"
982
983requires_gnutls_tls1_3
984requires_gnutls_next_no_ticket
985requires_gnutls_next_disable_tls13_compat
986requires_config_enabled MBEDTLS_DEBUG_C
987requires_config_enabled MBEDTLS_SSL_CLI_C
988requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
989requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
990run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
991 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+AES-256-GCM:+SHA384:+GROUP-X448:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
992 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
993 0 \
994 -c "HTTP/1.0 200 OK" \
995 -c "ECDH curve: x448" \
996 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
997 -c "Certificate Verify: Signature algorithm ( 0503 )" \
998 -c "Verifying peer X.509 certificate... ok"
999
1000requires_openssl_tls1_3
1001requires_config_enabled MBEDTLS_DEBUG_C
1002requires_config_enabled MBEDTLS_SSL_CLI_C
1003requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1004requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1005run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
1006 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1007 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1008 0 \
1009 -c "HTTP/1.0 200 ok" \
1010 -c "ECDH curve: secp256r1" \
1011 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1012 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1013 -c "Verifying peer X.509 certificate... ok"
1014
1015requires_gnutls_tls1_3
1016requires_gnutls_next_no_ticket
1017requires_gnutls_next_disable_tls13_compat
1018requires_config_enabled MBEDTLS_DEBUG_C
1019requires_config_enabled MBEDTLS_SSL_CLI_C
1020requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1021requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1022run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
1023 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+AES-256-GCM:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1024 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1025 0 \
1026 -c "HTTP/1.0 200 OK" \
1027 -c "ECDH curve: secp256r1" \
1028 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1029 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1030 -c "Verifying peer X.509 certificate... ok"
1031
1032requires_openssl_tls1_3
1033requires_config_enabled MBEDTLS_DEBUG_C
1034requires_config_enabled MBEDTLS_SSL_CLI_C
1035requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1036requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1037run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
1038 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1039 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1040 0 \
1041 -c "HTTP/1.0 200 ok" \
1042 -c "ECDH curve: secp384r1" \
1043 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1044 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1045 -c "Verifying peer X.509 certificate... ok"
1046
1047requires_gnutls_tls1_3
1048requires_gnutls_next_no_ticket
1049requires_gnutls_next_disable_tls13_compat
1050requires_config_enabled MBEDTLS_DEBUG_C
1051requires_config_enabled MBEDTLS_SSL_CLI_C
1052requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1053requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1054run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
1055 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SIGN-ECDSA-SECP521R1-SHA512:+SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1056 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1057 0 \
1058 -c "HTTP/1.0 200 OK" \
1059 -c "ECDH curve: secp384r1" \
1060 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1061 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1062 -c "Verifying peer X.509 certificate... ok"
1063
1064requires_openssl_tls1_3
1065requires_config_enabled MBEDTLS_DEBUG_C
1066requires_config_enabled MBEDTLS_SSL_CLI_C
1067requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1068requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1069run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
1070 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1071 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1072 0 \
1073 -c "HTTP/1.0 200 ok" \
1074 -c "ECDH curve: secp521r1" \
1075 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1076 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1077 -c "Verifying peer X.509 certificate... ok"
1078
1079requires_gnutls_tls1_3
1080requires_gnutls_next_no_ticket
1081requires_gnutls_next_disable_tls13_compat
1082requires_config_enabled MBEDTLS_DEBUG_C
1083requires_config_enabled MBEDTLS_SSL_CLI_C
1084requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1085requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1086run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
1087 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+AES-256-GCM:+SIGN-ECDSA-SECP521R1-SHA512:+SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1088 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1089 0 \
1090 -c "HTTP/1.0 200 OK" \
1091 -c "ECDH curve: secp521r1" \
1092 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1093 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1094 -c "Verifying peer X.509 certificate... ok"
1095
1096requires_openssl_tls1_3
1097requires_config_enabled MBEDTLS_DEBUG_C
1098requires_config_enabled MBEDTLS_SSL_CLI_C
1099requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1100requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1101run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
1102 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1103 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1104 0 \
1105 -c "HTTP/1.0 200 ok" \
1106 -c "ECDH curve: x25519" \
1107 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1108 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1109 -c "Verifying peer X.509 certificate... ok"
1110
1111requires_gnutls_tls1_3
1112requires_gnutls_next_no_ticket
1113requires_gnutls_next_disable_tls13_compat
1114requires_config_enabled MBEDTLS_DEBUG_C
1115requires_config_enabled MBEDTLS_SSL_CLI_C
1116requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1117requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1118run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
1119 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+GROUP-X25519:+AES-256-GCM:+SIGN-ECDSA-SECP521R1-SHA512:+SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1120 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1121 0 \
1122 -c "HTTP/1.0 200 OK" \
1123 -c "ECDH curve: x25519" \
1124 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1125 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1126 -c "Verifying peer X.509 certificate... ok"
1127
1128requires_openssl_tls1_3
1129requires_config_enabled MBEDTLS_DEBUG_C
1130requires_config_enabled MBEDTLS_SSL_CLI_C
1131requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1132requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1133run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
1134 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1135 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1136 0 \
1137 -c "HTTP/1.0 200 ok" \
1138 -c "ECDH curve: x448" \
1139 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1140 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1141 -c "Verifying peer X.509 certificate... ok"
1142
1143requires_gnutls_tls1_3
1144requires_gnutls_next_no_ticket
1145requires_gnutls_next_disable_tls13_compat
1146requires_config_enabled MBEDTLS_DEBUG_C
1147requires_config_enabled MBEDTLS_SSL_CLI_C
1148requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1149requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1150run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
1151 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+AES-256-GCM:+SIGN-ECDSA-SECP521R1-SHA512:+SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1152 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1153 0 \
1154 -c "HTTP/1.0 200 OK" \
1155 -c "ECDH curve: x448" \
1156 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1157 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1158 -c "Verifying peer X.509 certificate... ok"
1159
1160requires_openssl_tls1_3
1161requires_config_enabled MBEDTLS_DEBUG_C
1162requires_config_enabled MBEDTLS_SSL_CLI_C
1163requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1164requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1165requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1166run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
1167 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1168 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
1169 0 \
1170 -c "HTTP/1.0 200 ok" \
1171 -c "ECDH curve: secp256r1" \
1172 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1173 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1174 -c "Verifying peer X.509 certificate... ok"
1175
1176requires_gnutls_tls1_3
1177requires_gnutls_next_no_ticket
1178requires_gnutls_next_disable_tls13_compat
1179requires_config_enabled MBEDTLS_DEBUG_C
1180requires_config_enabled MBEDTLS_SSL_CLI_C
1181requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1182requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1183requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1184run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
1185 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1186 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
1187 0 \
1188 -c "HTTP/1.0 200 OK" \
1189 -c "ECDH curve: secp256r1" \
1190 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1191 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1192 -c "Verifying peer X.509 certificate... ok"
1193
1194requires_openssl_tls1_3
1195requires_config_enabled MBEDTLS_DEBUG_C
1196requires_config_enabled MBEDTLS_SSL_CLI_C
1197requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1198requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1199requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1200run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
1201 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1202 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
1203 0 \
1204 -c "HTTP/1.0 200 ok" \
1205 -c "ECDH curve: secp384r1" \
1206 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1207 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1208 -c "Verifying peer X.509 certificate... ok"
1209
1210requires_gnutls_tls1_3
1211requires_gnutls_next_no_ticket
1212requires_gnutls_next_disable_tls13_compat
1213requires_config_enabled MBEDTLS_DEBUG_C
1214requires_config_enabled MBEDTLS_SSL_CLI_C
1215requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1216requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1217requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1218run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
1219 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SIGN-RSA-PSS-RSAE-SHA256:+SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1220 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
1221 0 \
1222 -c "HTTP/1.0 200 OK" \
1223 -c "ECDH curve: secp384r1" \
1224 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1225 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1226 -c "Verifying peer X.509 certificate... ok"
1227
1228requires_openssl_tls1_3
1229requires_config_enabled MBEDTLS_DEBUG_C
1230requires_config_enabled MBEDTLS_SSL_CLI_C
1231requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1232requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1233requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1234run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
1235 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1236 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
1237 0 \
1238 -c "HTTP/1.0 200 ok" \
1239 -c "ECDH curve: secp521r1" \
1240 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1241 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1242 -c "Verifying peer X.509 certificate... ok"
1243
1244requires_gnutls_tls1_3
1245requires_gnutls_next_no_ticket
1246requires_gnutls_next_disable_tls13_compat
1247requires_config_enabled MBEDTLS_DEBUG_C
1248requires_config_enabled MBEDTLS_SSL_CLI_C
1249requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1250requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1251requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1252run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
1253 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+SIGN-RSA-PSS-RSAE-SHA256:+SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1254 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
1255 0 \
1256 -c "HTTP/1.0 200 OK" \
1257 -c "ECDH curve: secp521r1" \
1258 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1259 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1260 -c "Verifying peer X.509 certificate... ok"
1261
1262requires_openssl_tls1_3
1263requires_config_enabled MBEDTLS_DEBUG_C
1264requires_config_enabled MBEDTLS_SSL_CLI_C
1265requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1266requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1267requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1268run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
1269 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1270 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
1271 0 \
1272 -c "HTTP/1.0 200 ok" \
1273 -c "ECDH curve: x25519" \
1274 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1275 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1276 -c "Verifying peer X.509 certificate... ok"
1277
1278requires_gnutls_tls1_3
1279requires_gnutls_next_no_ticket
1280requires_gnutls_next_disable_tls13_compat
1281requires_config_enabled MBEDTLS_DEBUG_C
1282requires_config_enabled MBEDTLS_SSL_CLI_C
1283requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1284requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1285requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1286run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
1287 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+GROUP-X25519:+AES-256-GCM:+SIGN-RSA-PSS-RSAE-SHA256:+SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1288 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
1289 0 \
1290 -c "HTTP/1.0 200 OK" \
1291 -c "ECDH curve: x25519" \
1292 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1293 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1294 -c "Verifying peer X.509 certificate... ok"
1295
1296requires_openssl_tls1_3
1297requires_config_enabled MBEDTLS_DEBUG_C
1298requires_config_enabled MBEDTLS_SSL_CLI_C
1299requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1300requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1301requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1302run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
1303 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1304 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
1305 0 \
1306 -c "HTTP/1.0 200 ok" \
1307 -c "ECDH curve: x448" \
1308 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1309 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1310 -c "Verifying peer X.509 certificate... ok"
1311
1312requires_gnutls_tls1_3
1313requires_gnutls_next_no_ticket
1314requires_gnutls_next_disable_tls13_compat
1315requires_config_enabled MBEDTLS_DEBUG_C
1316requires_config_enabled MBEDTLS_SSL_CLI_C
1317requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1318requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1319requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1320run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
1321 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+SIGN-RSA-PSS-RSAE-SHA256:+SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1322 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
1323 0 \
1324 -c "HTTP/1.0 200 OK" \
1325 -c "ECDH curve: x448" \
1326 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1327 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1328 -c "Verifying peer X.509 certificate... ok"
1329
1330requires_openssl_tls1_3
1331requires_config_enabled MBEDTLS_DEBUG_C
1332requires_config_enabled MBEDTLS_SSL_CLI_C
1333requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1334requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1335run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
1336 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1337 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1338 0 \
1339 -c "HTTP/1.0 200 ok" \
1340 -c "ECDH curve: secp256r1" \
1341 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1342 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1343 -c "Verifying peer X.509 certificate... ok"
1344
1345requires_gnutls_tls1_3
1346requires_gnutls_next_no_ticket
1347requires_gnutls_next_disable_tls13_compat
1348requires_config_enabled MBEDTLS_DEBUG_C
1349requires_config_enabled MBEDTLS_SSL_CLI_C
1350requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1351requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1352run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
1353 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1354 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1355 0 \
1356 -c "HTTP/1.0 200 OK" \
1357 -c "ECDH curve: secp256r1" \
1358 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1359 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1360 -c "Verifying peer X.509 certificate... ok"
1361
1362requires_openssl_tls1_3
1363requires_config_enabled MBEDTLS_DEBUG_C
1364requires_config_enabled MBEDTLS_SSL_CLI_C
1365requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1366requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1367run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
1368 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1369 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1370 0 \
1371 -c "HTTP/1.0 200 ok" \
1372 -c "ECDH curve: secp384r1" \
1373 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1374 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1375 -c "Verifying peer X.509 certificate... ok"
1376
1377requires_gnutls_tls1_3
1378requires_gnutls_next_no_ticket
1379requires_gnutls_next_disable_tls13_compat
1380requires_config_enabled MBEDTLS_DEBUG_C
1381requires_config_enabled MBEDTLS_SSL_CLI_C
1382requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1383requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1384run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
1385 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1386 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1387 0 \
1388 -c "HTTP/1.0 200 OK" \
1389 -c "ECDH curve: secp384r1" \
1390 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1391 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1392 -c "Verifying peer X.509 certificate... ok"
1393
1394requires_openssl_tls1_3
1395requires_config_enabled MBEDTLS_DEBUG_C
1396requires_config_enabled MBEDTLS_SSL_CLI_C
1397requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1398requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1399run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
1400 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1401 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1402 0 \
1403 -c "HTTP/1.0 200 ok" \
1404 -c "ECDH curve: secp521r1" \
1405 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1406 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1407 -c "Verifying peer X.509 certificate... ok"
1408
1409requires_gnutls_tls1_3
1410requires_gnutls_next_no_ticket
1411requires_gnutls_next_disable_tls13_compat
1412requires_config_enabled MBEDTLS_DEBUG_C
1413requires_config_enabled MBEDTLS_SSL_CLI_C
1414requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1415requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1416run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
1417 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+CHACHA20-POLY1305:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1418 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1419 0 \
1420 -c "HTTP/1.0 200 OK" \
1421 -c "ECDH curve: secp521r1" \
1422 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1423 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1424 -c "Verifying peer X.509 certificate... ok"
1425
1426requires_openssl_tls1_3
1427requires_config_enabled MBEDTLS_DEBUG_C
1428requires_config_enabled MBEDTLS_SSL_CLI_C
1429requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1430requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1431run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
1432 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1433 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1434 0 \
1435 -c "HTTP/1.0 200 ok" \
1436 -c "ECDH curve: x25519" \
1437 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1438 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1439 -c "Verifying peer X.509 certificate... ok"
1440
1441requires_gnutls_tls1_3
1442requires_gnutls_next_no_ticket
1443requires_gnutls_next_disable_tls13_compat
1444requires_config_enabled MBEDTLS_DEBUG_C
1445requires_config_enabled MBEDTLS_SSL_CLI_C
1446requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1447requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1448run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
1449 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+GROUP-X25519:+CHACHA20-POLY1305:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1450 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1451 0 \
1452 -c "HTTP/1.0 200 OK" \
1453 -c "ECDH curve: x25519" \
1454 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1455 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1456 -c "Verifying peer X.509 certificate... ok"
1457
1458requires_openssl_tls1_3
1459requires_config_enabled MBEDTLS_DEBUG_C
1460requires_config_enabled MBEDTLS_SSL_CLI_C
1461requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1462requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1463run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
1464 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1465 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1466 0 \
1467 -c "HTTP/1.0 200 ok" \
1468 -c "ECDH curve: x448" \
1469 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1470 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1471 -c "Verifying peer X.509 certificate... ok"
1472
1473requires_gnutls_tls1_3
1474requires_gnutls_next_no_ticket
1475requires_gnutls_next_disable_tls13_compat
1476requires_config_enabled MBEDTLS_DEBUG_C
1477requires_config_enabled MBEDTLS_SSL_CLI_C
1478requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1479requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1480run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
1481 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+CHACHA20-POLY1305:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1482 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1483 0 \
1484 -c "HTTP/1.0 200 OK" \
1485 -c "ECDH curve: x448" \
1486 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1487 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1488 -c "Verifying peer X.509 certificate... ok"
1489
1490requires_openssl_tls1_3
1491requires_config_enabled MBEDTLS_DEBUG_C
1492requires_config_enabled MBEDTLS_SSL_CLI_C
1493requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1494requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1495run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
1496 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1497 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1498 0 \
1499 -c "HTTP/1.0 200 ok" \
1500 -c "ECDH curve: secp256r1" \
1501 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1502 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1503 -c "Verifying peer X.509 certificate... ok"
1504
1505requires_gnutls_tls1_3
1506requires_gnutls_next_no_ticket
1507requires_gnutls_next_disable_tls13_compat
1508requires_config_enabled MBEDTLS_DEBUG_C
1509requires_config_enabled MBEDTLS_SSL_CLI_C
1510requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1511requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1512run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
1513 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1514 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1515 0 \
1516 -c "HTTP/1.0 200 OK" \
1517 -c "ECDH curve: secp256r1" \
1518 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1519 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1520 -c "Verifying peer X.509 certificate... ok"
1521
1522requires_openssl_tls1_3
1523requires_config_enabled MBEDTLS_DEBUG_C
1524requires_config_enabled MBEDTLS_SSL_CLI_C
1525requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1526requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1527run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
1528 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1529 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1530 0 \
1531 -c "HTTP/1.0 200 ok" \
1532 -c "ECDH curve: secp384r1" \
1533 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1534 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1535 -c "Verifying peer X.509 certificate... ok"
1536
1537requires_gnutls_tls1_3
1538requires_gnutls_next_no_ticket
1539requires_gnutls_next_disable_tls13_compat
1540requires_config_enabled MBEDTLS_DEBUG_C
1541requires_config_enabled MBEDTLS_SSL_CLI_C
1542requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1543requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1544run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
1545 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1546 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1547 0 \
1548 -c "HTTP/1.0 200 OK" \
1549 -c "ECDH curve: secp384r1" \
1550 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1551 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1552 -c "Verifying peer X.509 certificate... ok"
1553
1554requires_openssl_tls1_3
1555requires_config_enabled MBEDTLS_DEBUG_C
1556requires_config_enabled MBEDTLS_SSL_CLI_C
1557requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1558requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1559run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
1560 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1561 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1562 0 \
1563 -c "HTTP/1.0 200 ok" \
1564 -c "ECDH curve: secp521r1" \
1565 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1566 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1567 -c "Verifying peer X.509 certificate... ok"
1568
1569requires_gnutls_tls1_3
1570requires_gnutls_next_no_ticket
1571requires_gnutls_next_disable_tls13_compat
1572requires_config_enabled MBEDTLS_DEBUG_C
1573requires_config_enabled MBEDTLS_SSL_CLI_C
1574requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1575requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1576run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
1577 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1578 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1579 0 \
1580 -c "HTTP/1.0 200 OK" \
1581 -c "ECDH curve: secp521r1" \
1582 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1583 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1584 -c "Verifying peer X.509 certificate... ok"
1585
1586requires_openssl_tls1_3
1587requires_config_enabled MBEDTLS_DEBUG_C
1588requires_config_enabled MBEDTLS_SSL_CLI_C
1589requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1590requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1591run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
1592 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1593 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1594 0 \
1595 -c "HTTP/1.0 200 ok" \
1596 -c "ECDH curve: x25519" \
1597 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1598 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1599 -c "Verifying peer X.509 certificate... ok"
1600
1601requires_gnutls_tls1_3
1602requires_gnutls_next_no_ticket
1603requires_gnutls_next_disable_tls13_compat
1604requires_config_enabled MBEDTLS_DEBUG_C
1605requires_config_enabled MBEDTLS_SSL_CLI_C
1606requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1607requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1608run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
1609 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+GROUP-X25519:+CHACHA20-POLY1305:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1610 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1611 0 \
1612 -c "HTTP/1.0 200 OK" \
1613 -c "ECDH curve: x25519" \
1614 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1615 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1616 -c "Verifying peer X.509 certificate... ok"
1617
1618requires_openssl_tls1_3
1619requires_config_enabled MBEDTLS_DEBUG_C
1620requires_config_enabled MBEDTLS_SSL_CLI_C
1621requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1622requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1623run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
1624 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1625 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1626 0 \
1627 -c "HTTP/1.0 200 ok" \
1628 -c "ECDH curve: x448" \
1629 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1630 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1631 -c "Verifying peer X.509 certificate... ok"
1632
1633requires_gnutls_tls1_3
1634requires_gnutls_next_no_ticket
1635requires_gnutls_next_disable_tls13_compat
1636requires_config_enabled MBEDTLS_DEBUG_C
1637requires_config_enabled MBEDTLS_SSL_CLI_C
1638requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1639requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1640run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
1641 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+CHACHA20-POLY1305:+GROUP-X448:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1642 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1643 0 \
1644 -c "HTTP/1.0 200 OK" \
1645 -c "ECDH curve: x448" \
1646 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1647 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1648 -c "Verifying peer X.509 certificate... ok"
1649
1650requires_openssl_tls1_3
1651requires_config_enabled MBEDTLS_DEBUG_C
1652requires_config_enabled MBEDTLS_SSL_CLI_C
1653requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1654requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1655run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
1656 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1657 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1658 0 \
1659 -c "HTTP/1.0 200 ok" \
1660 -c "ECDH curve: secp256r1" \
1661 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1662 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1663 -c "Verifying peer X.509 certificate... ok"
1664
1665requires_gnutls_tls1_3
1666requires_gnutls_next_no_ticket
1667requires_gnutls_next_disable_tls13_compat
1668requires_config_enabled MBEDTLS_DEBUG_C
1669requires_config_enabled MBEDTLS_SSL_CLI_C
1670requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1671requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1672run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
1673 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+CHACHA20-POLY1305:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1674 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1675 0 \
1676 -c "HTTP/1.0 200 OK" \
1677 -c "ECDH curve: secp256r1" \
1678 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1679 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1680 -c "Verifying peer X.509 certificate... ok"
1681
1682requires_openssl_tls1_3
1683requires_config_enabled MBEDTLS_DEBUG_C
1684requires_config_enabled MBEDTLS_SSL_CLI_C
1685requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1686requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1687run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
1688 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1689 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1690 0 \
1691 -c "HTTP/1.0 200 ok" \
1692 -c "ECDH curve: secp384r1" \
1693 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1694 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1695 -c "Verifying peer X.509 certificate... ok"
1696
1697requires_gnutls_tls1_3
1698requires_gnutls_next_no_ticket
1699requires_gnutls_next_disable_tls13_compat
1700requires_config_enabled MBEDTLS_DEBUG_C
1701requires_config_enabled MBEDTLS_SSL_CLI_C
1702requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1703requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1704run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
1705 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1706 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1707 0 \
1708 -c "HTTP/1.0 200 OK" \
1709 -c "ECDH curve: secp384r1" \
1710 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1711 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1712 -c "Verifying peer X.509 certificate... ok"
1713
1714requires_openssl_tls1_3
1715requires_config_enabled MBEDTLS_DEBUG_C
1716requires_config_enabled MBEDTLS_SSL_CLI_C
1717requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1718requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1719run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
1720 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1721 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1722 0 \
1723 -c "HTTP/1.0 200 ok" \
1724 -c "ECDH curve: secp521r1" \
1725 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1726 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1727 -c "Verifying peer X.509 certificate... ok"
1728
1729requires_gnutls_tls1_3
1730requires_gnutls_next_no_ticket
1731requires_gnutls_next_disable_tls13_compat
1732requires_config_enabled MBEDTLS_DEBUG_C
1733requires_config_enabled MBEDTLS_SSL_CLI_C
1734requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1735requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1736run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
1737 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+CHACHA20-POLY1305:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1738 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1739 0 \
1740 -c "HTTP/1.0 200 OK" \
1741 -c "ECDH curve: secp521r1" \
1742 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1743 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1744 -c "Verifying peer X.509 certificate... ok"
1745
1746requires_openssl_tls1_3
1747requires_config_enabled MBEDTLS_DEBUG_C
1748requires_config_enabled MBEDTLS_SSL_CLI_C
1749requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1750requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1751run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
1752 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1753 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1754 0 \
1755 -c "HTTP/1.0 200 ok" \
1756 -c "ECDH curve: x25519" \
1757 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1758 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1759 -c "Verifying peer X.509 certificate... ok"
1760
1761requires_gnutls_tls1_3
1762requires_gnutls_next_no_ticket
1763requires_gnutls_next_disable_tls13_compat
1764requires_config_enabled MBEDTLS_DEBUG_C
1765requires_config_enabled MBEDTLS_SSL_CLI_C
1766requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1767requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1768run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
1769 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+GROUP-X25519:+CHACHA20-POLY1305:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1770 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1771 0 \
1772 -c "HTTP/1.0 200 OK" \
1773 -c "ECDH curve: x25519" \
1774 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1775 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1776 -c "Verifying peer X.509 certificate... ok"
1777
1778requires_openssl_tls1_3
1779requires_config_enabled MBEDTLS_DEBUG_C
1780requires_config_enabled MBEDTLS_SSL_CLI_C
1781requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1782requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1783run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
1784 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1785 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1786 0 \
1787 -c "HTTP/1.0 200 ok" \
1788 -c "ECDH curve: x448" \
1789 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1790 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1791 -c "Verifying peer X.509 certificate... ok"
1792
1793requires_gnutls_tls1_3
1794requires_gnutls_next_no_ticket
1795requires_gnutls_next_disable_tls13_compat
1796requires_config_enabled MBEDTLS_DEBUG_C
1797requires_config_enabled MBEDTLS_SSL_CLI_C
1798requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1799requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1800run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
1801 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+CHACHA20-POLY1305:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1802 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1803 0 \
1804 -c "HTTP/1.0 200 OK" \
1805 -c "ECDH curve: x448" \
1806 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1807 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1808 -c "Verifying peer X.509 certificate... ok"
1809
1810requires_openssl_tls1_3
1811requires_config_enabled MBEDTLS_DEBUG_C
1812requires_config_enabled MBEDTLS_SSL_CLI_C
1813requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1814requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1815requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1816run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
1817 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1818 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
1819 0 \
1820 -c "HTTP/1.0 200 ok" \
1821 -c "ECDH curve: secp256r1" \
1822 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1823 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1824 -c "Verifying peer X.509 certificate... ok"
1825
1826requires_gnutls_tls1_3
1827requires_gnutls_next_no_ticket
1828requires_gnutls_next_disable_tls13_compat
1829requires_config_enabled MBEDTLS_DEBUG_C
1830requires_config_enabled MBEDTLS_SSL_CLI_C
1831requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1832requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1833requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1834run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
1835 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+CHACHA20-POLY1305:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1836 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
1837 0 \
1838 -c "HTTP/1.0 200 OK" \
1839 -c "ECDH curve: secp256r1" \
1840 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1841 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1842 -c "Verifying peer X.509 certificate... ok"
1843
1844requires_openssl_tls1_3
1845requires_config_enabled MBEDTLS_DEBUG_C
1846requires_config_enabled MBEDTLS_SSL_CLI_C
1847requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1848requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1849requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1850run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
1851 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1852 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
1853 0 \
1854 -c "HTTP/1.0 200 ok" \
1855 -c "ECDH curve: secp384r1" \
1856 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1857 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1858 -c "Verifying peer X.509 certificate... ok"
1859
1860requires_gnutls_tls1_3
1861requires_gnutls_next_no_ticket
1862requires_gnutls_next_disable_tls13_compat
1863requires_config_enabled MBEDTLS_DEBUG_C
1864requires_config_enabled MBEDTLS_SSL_CLI_C
1865requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1866requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1867requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1868run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
1869 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1870 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
1871 0 \
1872 -c "HTTP/1.0 200 OK" \
1873 -c "ECDH curve: secp384r1" \
1874 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1875 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1876 -c "Verifying peer X.509 certificate... ok"
1877
1878requires_openssl_tls1_3
1879requires_config_enabled MBEDTLS_DEBUG_C
1880requires_config_enabled MBEDTLS_SSL_CLI_C
1881requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1882requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1883requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1884run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
1885 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1886 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
1887 0 \
1888 -c "HTTP/1.0 200 ok" \
1889 -c "ECDH curve: secp521r1" \
1890 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1891 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1892 -c "Verifying peer X.509 certificate... ok"
1893
1894requires_gnutls_tls1_3
1895requires_gnutls_next_no_ticket
1896requires_gnutls_next_disable_tls13_compat
1897requires_config_enabled MBEDTLS_DEBUG_C
1898requires_config_enabled MBEDTLS_SSL_CLI_C
1899requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1900requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1901requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1902run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
1903 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+CHACHA20-POLY1305:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1904 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
1905 0 \
1906 -c "HTTP/1.0 200 OK" \
1907 -c "ECDH curve: secp521r1" \
1908 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1909 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1910 -c "Verifying peer X.509 certificate... ok"
1911
1912requires_openssl_tls1_3
1913requires_config_enabled MBEDTLS_DEBUG_C
1914requires_config_enabled MBEDTLS_SSL_CLI_C
1915requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1916requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1917requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1918run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
1919 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1920 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
1921 0 \
1922 -c "HTTP/1.0 200 ok" \
1923 -c "ECDH curve: x25519" \
1924 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1925 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1926 -c "Verifying peer X.509 certificate... ok"
1927
1928requires_gnutls_tls1_3
1929requires_gnutls_next_no_ticket
1930requires_gnutls_next_disable_tls13_compat
1931requires_config_enabled MBEDTLS_DEBUG_C
1932requires_config_enabled MBEDTLS_SSL_CLI_C
1933requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1934requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1935requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1936run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
1937 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+GROUP-X25519:+CHACHA20-POLY1305:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1938 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
1939 0 \
1940 -c "HTTP/1.0 200 OK" \
1941 -c "ECDH curve: x25519" \
1942 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1943 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1944 -c "Verifying peer X.509 certificate... ok"
1945
1946requires_openssl_tls1_3
1947requires_config_enabled MBEDTLS_DEBUG_C
1948requires_config_enabled MBEDTLS_SSL_CLI_C
1949requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1950requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1951requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1952run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
1953 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1954 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
1955 0 \
1956 -c "HTTP/1.0 200 ok" \
1957 -c "ECDH curve: x448" \
1958 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1959 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1960 -c "Verifying peer X.509 certificate... ok"
1961
1962requires_gnutls_tls1_3
1963requires_gnutls_next_no_ticket
1964requires_gnutls_next_disable_tls13_compat
1965requires_config_enabled MBEDTLS_DEBUG_C
1966requires_config_enabled MBEDTLS_SSL_CLI_C
1967requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1968requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1969requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1970run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
1971 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+CHACHA20-POLY1305:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1972 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
1973 0 \
1974 -c "HTTP/1.0 200 OK" \
1975 -c "ECDH curve: x448" \
1976 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1977 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1978 -c "Verifying peer X.509 certificate... ok"
1979
1980requires_openssl_tls1_3
1981requires_config_enabled MBEDTLS_DEBUG_C
1982requires_config_enabled MBEDTLS_SSL_CLI_C
1983requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1984requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1985run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
1986 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1987 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1988 0 \
1989 -c "HTTP/1.0 200 ok" \
1990 -c "ECDH curve: secp256r1" \
1991 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1992 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1993 -c "Verifying peer X.509 certificate... ok"
1994
1995requires_gnutls_tls1_3
1996requires_gnutls_next_no_ticket
1997requires_gnutls_next_disable_tls13_compat
1998requires_config_enabled MBEDTLS_DEBUG_C
1999requires_config_enabled MBEDTLS_SSL_CLI_C
2000requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2001requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2002run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
2003 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+GROUP-SECP256R1:+SIGN-ECDSA-SECP256R1-SHA256:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2004 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2005 0 \
2006 -c "HTTP/1.0 200 OK" \
2007 -c "ECDH curve: secp256r1" \
2008 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2009 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2010 -c "Verifying peer X.509 certificate... ok"
2011
2012requires_openssl_tls1_3
2013requires_config_enabled MBEDTLS_DEBUG_C
2014requires_config_enabled MBEDTLS_SSL_CLI_C
2015requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2016requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2017run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
2018 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2019 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2020 0 \
2021 -c "HTTP/1.0 200 ok" \
2022 -c "ECDH curve: secp384r1" \
2023 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2024 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2025 -c "Verifying peer X.509 certificate... ok"
2026
2027requires_gnutls_tls1_3
2028requires_gnutls_next_no_ticket
2029requires_gnutls_next_disable_tls13_compat
2030requires_config_enabled MBEDTLS_DEBUG_C
2031requires_config_enabled MBEDTLS_SSL_CLI_C
2032requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2033requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2034run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
2035 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+GROUP-SECP384R1:+SIGN-ECDSA-SECP256R1-SHA256:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2036 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2037 0 \
2038 -c "HTTP/1.0 200 OK" \
2039 -c "ECDH curve: secp384r1" \
2040 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2041 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2042 -c "Verifying peer X.509 certificate... ok"
2043
2044requires_openssl_tls1_3
2045requires_config_enabled MBEDTLS_DEBUG_C
2046requires_config_enabled MBEDTLS_SSL_CLI_C
2047requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2048requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2049run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
2050 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2051 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2052 0 \
2053 -c "HTTP/1.0 200 ok" \
2054 -c "ECDH curve: secp521r1" \
2055 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2056 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2057 -c "Verifying peer X.509 certificate... ok"
2058
2059requires_gnutls_tls1_3
2060requires_gnutls_next_no_ticket
2061requires_gnutls_next_disable_tls13_compat
2062requires_config_enabled MBEDTLS_DEBUG_C
2063requires_config_enabled MBEDTLS_SSL_CLI_C
2064requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2065requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2066run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
2067 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+AES-128-CCM:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2068 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2069 0 \
2070 -c "HTTP/1.0 200 OK" \
2071 -c "ECDH curve: secp521r1" \
2072 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2073 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2074 -c "Verifying peer X.509 certificate... ok"
2075
2076requires_openssl_tls1_3
2077requires_config_enabled MBEDTLS_DEBUG_C
2078requires_config_enabled MBEDTLS_SSL_CLI_C
2079requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2080requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2081run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
2082 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2083 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2084 0 \
2085 -c "HTTP/1.0 200 ok" \
2086 -c "ECDH curve: x25519" \
2087 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2088 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2089 -c "Verifying peer X.509 certificate... ok"
2090
2091requires_gnutls_tls1_3
2092requires_gnutls_next_no_ticket
2093requires_gnutls_next_disable_tls13_compat
2094requires_config_enabled MBEDTLS_DEBUG_C
2095requires_config_enabled MBEDTLS_SSL_CLI_C
2096requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2097requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2098run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
2099 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+GROUP-X25519:+SIGN-ECDSA-SECP256R1-SHA256:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2100 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2101 0 \
2102 -c "HTTP/1.0 200 OK" \
2103 -c "ECDH curve: x25519" \
2104 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2105 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2106 -c "Verifying peer X.509 certificate... ok"
2107
2108requires_openssl_tls1_3
2109requires_config_enabled MBEDTLS_DEBUG_C
2110requires_config_enabled MBEDTLS_SSL_CLI_C
2111requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2112requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2113run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
2114 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2115 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2116 0 \
2117 -c "HTTP/1.0 200 ok" \
2118 -c "ECDH curve: x448" \
2119 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2120 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2121 -c "Verifying peer X.509 certificate... ok"
2122
2123requires_gnutls_tls1_3
2124requires_gnutls_next_no_ticket
2125requires_gnutls_next_disable_tls13_compat
2126requires_config_enabled MBEDTLS_DEBUG_C
2127requires_config_enabled MBEDTLS_SSL_CLI_C
2128requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2129requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2130run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
2131 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+AES-128-CCM:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2132 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2133 0 \
2134 -c "HTTP/1.0 200 OK" \
2135 -c "ECDH curve: x448" \
2136 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2137 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2138 -c "Verifying peer X.509 certificate... ok"
2139
2140requires_openssl_tls1_3
2141requires_config_enabled MBEDTLS_DEBUG_C
2142requires_config_enabled MBEDTLS_SSL_CLI_C
2143requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2144requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2145run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
2146 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2147 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2148 0 \
2149 -c "HTTP/1.0 200 ok" \
2150 -c "ECDH curve: secp256r1" \
2151 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2152 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2153 -c "Verifying peer X.509 certificate... ok"
2154
2155requires_gnutls_tls1_3
2156requires_gnutls_next_no_ticket
2157requires_gnutls_next_disable_tls13_compat
2158requires_config_enabled MBEDTLS_DEBUG_C
2159requires_config_enabled MBEDTLS_SSL_CLI_C
2160requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2161requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2162run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
2163 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+GROUP-SECP256R1:+AES-128-CCM:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2164 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2165 0 \
2166 -c "HTTP/1.0 200 OK" \
2167 -c "ECDH curve: secp256r1" \
2168 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2169 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2170 -c "Verifying peer X.509 certificate... ok"
2171
2172requires_openssl_tls1_3
2173requires_config_enabled MBEDTLS_DEBUG_C
2174requires_config_enabled MBEDTLS_SSL_CLI_C
2175requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2176requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2177run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
2178 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2179 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2180 0 \
2181 -c "HTTP/1.0 200 ok" \
2182 -c "ECDH curve: secp384r1" \
2183 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2184 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2185 -c "Verifying peer X.509 certificate... ok"
2186
2187requires_gnutls_tls1_3
2188requires_gnutls_next_no_ticket
2189requires_gnutls_next_disable_tls13_compat
2190requires_config_enabled MBEDTLS_DEBUG_C
2191requires_config_enabled MBEDTLS_SSL_CLI_C
2192requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2193requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2194run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
2195 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+GROUP-SECP384R1:+AES-128-CCM:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2196 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2197 0 \
2198 -c "HTTP/1.0 200 OK" \
2199 -c "ECDH curve: secp384r1" \
2200 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2201 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2202 -c "Verifying peer X.509 certificate... ok"
2203
2204requires_openssl_tls1_3
2205requires_config_enabled MBEDTLS_DEBUG_C
2206requires_config_enabled MBEDTLS_SSL_CLI_C
2207requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2208requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2209run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
2210 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2211 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2212 0 \
2213 -c "HTTP/1.0 200 ok" \
2214 -c "ECDH curve: secp521r1" \
2215 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2216 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2217 -c "Verifying peer X.509 certificate... ok"
2218
2219requires_gnutls_tls1_3
2220requires_gnutls_next_no_ticket
2221requires_gnutls_next_disable_tls13_compat
2222requires_config_enabled MBEDTLS_DEBUG_C
2223requires_config_enabled MBEDTLS_SSL_CLI_C
2224requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2225requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2226run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
2227 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+AES-128-CCM:+GROUP-SECP521R1:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2228 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2229 0 \
2230 -c "HTTP/1.0 200 OK" \
2231 -c "ECDH curve: secp521r1" \
2232 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2233 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2234 -c "Verifying peer X.509 certificate... ok"
2235
2236requires_openssl_tls1_3
2237requires_config_enabled MBEDTLS_DEBUG_C
2238requires_config_enabled MBEDTLS_SSL_CLI_C
2239requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2240requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2241run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
2242 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2243 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2244 0 \
2245 -c "HTTP/1.0 200 ok" \
2246 -c "ECDH curve: x25519" \
2247 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2248 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2249 -c "Verifying peer X.509 certificate... ok"
2250
2251requires_gnutls_tls1_3
2252requires_gnutls_next_no_ticket
2253requires_gnutls_next_disable_tls13_compat
2254requires_config_enabled MBEDTLS_DEBUG_C
2255requires_config_enabled MBEDTLS_SSL_CLI_C
2256requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2257requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2258run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
2259 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+GROUP-X25519:+AES-128-CCM:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2260 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2261 0 \
2262 -c "HTTP/1.0 200 OK" \
2263 -c "ECDH curve: x25519" \
2264 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2265 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2266 -c "Verifying peer X.509 certificate... ok"
2267
2268requires_openssl_tls1_3
2269requires_config_enabled MBEDTLS_DEBUG_C
2270requires_config_enabled MBEDTLS_SSL_CLI_C
2271requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2272requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2273run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
2274 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2275 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2276 0 \
2277 -c "HTTP/1.0 200 ok" \
2278 -c "ECDH curve: x448" \
2279 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2280 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2281 -c "Verifying peer X.509 certificate... ok"
2282
2283requires_gnutls_tls1_3
2284requires_gnutls_next_no_ticket
2285requires_gnutls_next_disable_tls13_compat
2286requires_config_enabled MBEDTLS_DEBUG_C
2287requires_config_enabled MBEDTLS_SSL_CLI_C
2288requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2289requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2290run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
2291 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+AES-128-CCM:+GROUP-X448:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2292 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2293 0 \
2294 -c "HTTP/1.0 200 OK" \
2295 -c "ECDH curve: x448" \
2296 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2297 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2298 -c "Verifying peer X.509 certificate... ok"
2299
2300requires_openssl_tls1_3
2301requires_config_enabled MBEDTLS_DEBUG_C
2302requires_config_enabled MBEDTLS_SSL_CLI_C
2303requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2304requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2305run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
2306 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2307 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2308 0 \
2309 -c "HTTP/1.0 200 ok" \
2310 -c "ECDH curve: secp256r1" \
2311 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2312 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2313 -c "Verifying peer X.509 certificate... ok"
2314
2315requires_gnutls_tls1_3
2316requires_gnutls_next_no_ticket
2317requires_gnutls_next_disable_tls13_compat
2318requires_config_enabled MBEDTLS_DEBUG_C
2319requires_config_enabled MBEDTLS_SSL_CLI_C
2320requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2321requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2322run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
2323 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2324 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2325 0 \
2326 -c "HTTP/1.0 200 OK" \
2327 -c "ECDH curve: secp256r1" \
2328 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2329 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2330 -c "Verifying peer X.509 certificate... ok"
2331
2332requires_openssl_tls1_3
2333requires_config_enabled MBEDTLS_DEBUG_C
2334requires_config_enabled MBEDTLS_SSL_CLI_C
2335requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2336requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2337run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
2338 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2339 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2340 0 \
2341 -c "HTTP/1.0 200 ok" \
2342 -c "ECDH curve: secp384r1" \
2343 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2344 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2345 -c "Verifying peer X.509 certificate... ok"
2346
2347requires_gnutls_tls1_3
2348requires_gnutls_next_no_ticket
2349requires_gnutls_next_disable_tls13_compat
2350requires_config_enabled MBEDTLS_DEBUG_C
2351requires_config_enabled MBEDTLS_SSL_CLI_C
2352requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2353requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2354run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
2355 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+GROUP-SECP384R1:+SIGN-ECDSA-SECP521R1-SHA512:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2356 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2357 0 \
2358 -c "HTTP/1.0 200 OK" \
2359 -c "ECDH curve: secp384r1" \
2360 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2361 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2362 -c "Verifying peer X.509 certificate... ok"
2363
2364requires_openssl_tls1_3
2365requires_config_enabled MBEDTLS_DEBUG_C
2366requires_config_enabled MBEDTLS_SSL_CLI_C
2367requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2368requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2369run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
2370 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2371 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2372 0 \
2373 -c "HTTP/1.0 200 ok" \
2374 -c "ECDH curve: secp521r1" \
2375 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2376 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2377 -c "Verifying peer X.509 certificate... ok"
2378
2379requires_gnutls_tls1_3
2380requires_gnutls_next_no_ticket
2381requires_gnutls_next_disable_tls13_compat
2382requires_config_enabled MBEDTLS_DEBUG_C
2383requires_config_enabled MBEDTLS_SSL_CLI_C
2384requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2385requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2386run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
2387 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+AES-128-CCM:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2388 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2389 0 \
2390 -c "HTTP/1.0 200 OK" \
2391 -c "ECDH curve: secp521r1" \
2392 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2393 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2394 -c "Verifying peer X.509 certificate... ok"
2395
2396requires_openssl_tls1_3
2397requires_config_enabled MBEDTLS_DEBUG_C
2398requires_config_enabled MBEDTLS_SSL_CLI_C
2399requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2400requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2401run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
2402 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2403 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2404 0 \
2405 -c "HTTP/1.0 200 ok" \
2406 -c "ECDH curve: x25519" \
2407 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2408 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2409 -c "Verifying peer X.509 certificate... ok"
2410
2411requires_gnutls_tls1_3
2412requires_gnutls_next_no_ticket
2413requires_gnutls_next_disable_tls13_compat
2414requires_config_enabled MBEDTLS_DEBUG_C
2415requires_config_enabled MBEDTLS_SSL_CLI_C
2416requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2417requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2418run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
2419 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+GROUP-X25519:+SIGN-ECDSA-SECP521R1-SHA512:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2420 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2421 0 \
2422 -c "HTTP/1.0 200 OK" \
2423 -c "ECDH curve: x25519" \
2424 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2425 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2426 -c "Verifying peer X.509 certificate... ok"
2427
2428requires_openssl_tls1_3
2429requires_config_enabled MBEDTLS_DEBUG_C
2430requires_config_enabled MBEDTLS_SSL_CLI_C
2431requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2432requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2433run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
2434 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2435 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2436 0 \
2437 -c "HTTP/1.0 200 ok" \
2438 -c "ECDH curve: x448" \
2439 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2440 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2441 -c "Verifying peer X.509 certificate... ok"
2442
2443requires_gnutls_tls1_3
2444requires_gnutls_next_no_ticket
2445requires_gnutls_next_disable_tls13_compat
2446requires_config_enabled MBEDTLS_DEBUG_C
2447requires_config_enabled MBEDTLS_SSL_CLI_C
2448requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2449requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2450run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
2451 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+AES-128-CCM:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2452 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2453 0 \
2454 -c "HTTP/1.0 200 OK" \
2455 -c "ECDH curve: x448" \
2456 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2457 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2458 -c "Verifying peer X.509 certificate... ok"
2459
2460requires_openssl_tls1_3
2461requires_config_enabled MBEDTLS_DEBUG_C
2462requires_config_enabled MBEDTLS_SSL_CLI_C
2463requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2464requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2465requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2466run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
2467 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2468 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
2469 0 \
2470 -c "HTTP/1.0 200 ok" \
2471 -c "ECDH curve: secp256r1" \
2472 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2473 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2474 -c "Verifying peer X.509 certificate... ok"
2475
2476requires_gnutls_tls1_3
2477requires_gnutls_next_no_ticket
2478requires_gnutls_next_disable_tls13_compat
2479requires_config_enabled MBEDTLS_DEBUG_C
2480requires_config_enabled MBEDTLS_SSL_CLI_C
2481requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2482requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2483requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2484run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
2485 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2486 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
2487 0 \
2488 -c "HTTP/1.0 200 OK" \
2489 -c "ECDH curve: secp256r1" \
2490 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2491 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2492 -c "Verifying peer X.509 certificate... ok"
2493
2494requires_openssl_tls1_3
2495requires_config_enabled MBEDTLS_DEBUG_C
2496requires_config_enabled MBEDTLS_SSL_CLI_C
2497requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2498requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2499requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2500run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
2501 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2502 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
2503 0 \
2504 -c "HTTP/1.0 200 ok" \
2505 -c "ECDH curve: secp384r1" \
2506 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2507 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2508 -c "Verifying peer X.509 certificate... ok"
2509
2510requires_gnutls_tls1_3
2511requires_gnutls_next_no_ticket
2512requires_gnutls_next_disable_tls13_compat
2513requires_config_enabled MBEDTLS_DEBUG_C
2514requires_config_enabled MBEDTLS_SSL_CLI_C
2515requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2516requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2517requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2518run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
2519 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+GROUP-SECP384R1:+SIGN-RSA-PSS-RSAE-SHA256:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2520 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
2521 0 \
2522 -c "HTTP/1.0 200 OK" \
2523 -c "ECDH curve: secp384r1" \
2524 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2525 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2526 -c "Verifying peer X.509 certificate... ok"
2527
2528requires_openssl_tls1_3
2529requires_config_enabled MBEDTLS_DEBUG_C
2530requires_config_enabled MBEDTLS_SSL_CLI_C
2531requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2532requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2533requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2534run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
2535 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2536 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
2537 0 \
2538 -c "HTTP/1.0 200 ok" \
2539 -c "ECDH curve: secp521r1" \
2540 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2541 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2542 -c "Verifying peer X.509 certificate... ok"
2543
2544requires_gnutls_tls1_3
2545requires_gnutls_next_no_ticket
2546requires_gnutls_next_disable_tls13_compat
2547requires_config_enabled MBEDTLS_DEBUG_C
2548requires_config_enabled MBEDTLS_SSL_CLI_C
2549requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2550requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2551requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2552run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
2553 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+AES-128-CCM:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2554 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
2555 0 \
2556 -c "HTTP/1.0 200 OK" \
2557 -c "ECDH curve: secp521r1" \
2558 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2559 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2560 -c "Verifying peer X.509 certificate... ok"
2561
2562requires_openssl_tls1_3
2563requires_config_enabled MBEDTLS_DEBUG_C
2564requires_config_enabled MBEDTLS_SSL_CLI_C
2565requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2566requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2567requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2568run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
2569 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2570 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
2571 0 \
2572 -c "HTTP/1.0 200 ok" \
2573 -c "ECDH curve: x25519" \
2574 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2575 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2576 -c "Verifying peer X.509 certificate... ok"
2577
2578requires_gnutls_tls1_3
2579requires_gnutls_next_no_ticket
2580requires_gnutls_next_disable_tls13_compat
2581requires_config_enabled MBEDTLS_DEBUG_C
2582requires_config_enabled MBEDTLS_SSL_CLI_C
2583requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2584requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2585requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2586run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
2587 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+GROUP-X25519:+SIGN-RSA-PSS-RSAE-SHA256:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2588 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
2589 0 \
2590 -c "HTTP/1.0 200 OK" \
2591 -c "ECDH curve: x25519" \
2592 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2593 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2594 -c "Verifying peer X.509 certificate... ok"
2595
2596requires_openssl_tls1_3
2597requires_config_enabled MBEDTLS_DEBUG_C
2598requires_config_enabled MBEDTLS_SSL_CLI_C
2599requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2600requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2601requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2602run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
2603 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2604 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
2605 0 \
2606 -c "HTTP/1.0 200 ok" \
2607 -c "ECDH curve: x448" \
2608 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2609 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2610 -c "Verifying peer X.509 certificate... ok"
2611
2612requires_gnutls_tls1_3
2613requires_gnutls_next_no_ticket
2614requires_gnutls_next_disable_tls13_compat
2615requires_config_enabled MBEDTLS_DEBUG_C
2616requires_config_enabled MBEDTLS_SSL_CLI_C
2617requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2618requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2619requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2620run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
2621 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+AES-128-CCM:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2622 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
2623 0 \
2624 -c "HTTP/1.0 200 OK" \
2625 -c "ECDH curve: x448" \
2626 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2627 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2628 -c "Verifying peer X.509 certificate... ok"
2629
2630requires_openssl_tls1_3
2631requires_config_enabled MBEDTLS_DEBUG_C
2632requires_config_enabled MBEDTLS_SSL_CLI_C
2633requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2634requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2635run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
2636 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2637 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2638 0 \
2639 -c "HTTP/1.0 200 ok" \
2640 -c "ECDH curve: secp256r1" \
2641 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2642 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2643 -c "Verifying peer X.509 certificate... ok"
2644
2645requires_gnutls_tls1_3
2646requires_gnutls_next_no_ticket
2647requires_gnutls_next_disable_tls13_compat
2648requires_config_enabled MBEDTLS_DEBUG_C
2649requires_config_enabled MBEDTLS_SSL_CLI_C
2650requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2651requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2652run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
2653 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+GROUP-SECP256R1:+SIGN-ECDSA-SECP256R1-SHA256:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2654 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2655 0 \
2656 -c "HTTP/1.0 200 OK" \
2657 -c "ECDH curve: secp256r1" \
2658 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2659 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2660 -c "Verifying peer X.509 certificate... ok"
2661
2662requires_openssl_tls1_3
2663requires_config_enabled MBEDTLS_DEBUG_C
2664requires_config_enabled MBEDTLS_SSL_CLI_C
2665requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2666requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2667run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
2668 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2669 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2670 0 \
2671 -c "HTTP/1.0 200 ok" \
2672 -c "ECDH curve: secp384r1" \
2673 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2674 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2675 -c "Verifying peer X.509 certificate... ok"
2676
2677requires_gnutls_tls1_3
2678requires_gnutls_next_no_ticket
2679requires_gnutls_next_disable_tls13_compat
2680requires_config_enabled MBEDTLS_DEBUG_C
2681requires_config_enabled MBEDTLS_SSL_CLI_C
2682requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2683requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2684run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
2685 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+GROUP-SECP384R1:+SIGN-ECDSA-SECP256R1-SHA256:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2686 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2687 0 \
2688 -c "HTTP/1.0 200 OK" \
2689 -c "ECDH curve: secp384r1" \
2690 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2691 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2692 -c "Verifying peer X.509 certificate... ok"
2693
2694requires_openssl_tls1_3
2695requires_config_enabled MBEDTLS_DEBUG_C
2696requires_config_enabled MBEDTLS_SSL_CLI_C
2697requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2698requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2699run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
2700 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2701 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2702 0 \
2703 -c "HTTP/1.0 200 ok" \
2704 -c "ECDH curve: secp521r1" \
2705 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2706 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2707 -c "Verifying peer X.509 certificate... ok"
2708
2709requires_gnutls_tls1_3
2710requires_gnutls_next_no_ticket
2711requires_gnutls_next_disable_tls13_compat
2712requires_config_enabled MBEDTLS_DEBUG_C
2713requires_config_enabled MBEDTLS_SSL_CLI_C
2714requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2715requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2716run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
2717 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2718 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2719 0 \
2720 -c "HTTP/1.0 200 OK" \
2721 -c "ECDH curve: secp521r1" \
2722 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2723 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2724 -c "Verifying peer X.509 certificate... ok"
2725
2726requires_openssl_tls1_3
2727requires_config_enabled MBEDTLS_DEBUG_C
2728requires_config_enabled MBEDTLS_SSL_CLI_C
2729requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2730requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2731run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
2732 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2733 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2734 0 \
2735 -c "HTTP/1.0 200 ok" \
2736 -c "ECDH curve: x25519" \
2737 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2738 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2739 -c "Verifying peer X.509 certificate... ok"
2740
2741requires_gnutls_tls1_3
2742requires_gnutls_next_no_ticket
2743requires_gnutls_next_disable_tls13_compat
2744requires_config_enabled MBEDTLS_DEBUG_C
2745requires_config_enabled MBEDTLS_SSL_CLI_C
2746requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2747requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2748run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
2749 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+GROUP-X25519:+SIGN-ECDSA-SECP256R1-SHA256:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2750 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2751 0 \
2752 -c "HTTP/1.0 200 OK" \
2753 -c "ECDH curve: x25519" \
2754 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2755 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2756 -c "Verifying peer X.509 certificate... ok"
2757
2758requires_openssl_tls1_3
2759requires_config_enabled MBEDTLS_DEBUG_C
2760requires_config_enabled MBEDTLS_SSL_CLI_C
2761requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2762requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2763run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
2764 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2765 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2766 0 \
2767 -c "HTTP/1.0 200 ok" \
2768 -c "ECDH curve: x448" \
2769 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2770 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2771 -c "Verifying peer X.509 certificate... ok"
2772
2773requires_gnutls_tls1_3
2774requires_gnutls_next_no_ticket
2775requires_gnutls_next_disable_tls13_compat
2776requires_config_enabled MBEDTLS_DEBUG_C
2777requires_config_enabled MBEDTLS_SSL_CLI_C
2778requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2779requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2780run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
2781 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AEAD:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2782 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2783 0 \
2784 -c "HTTP/1.0 200 OK" \
2785 -c "ECDH curve: x448" \
2786 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2787 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2788 -c "Verifying peer X.509 certificate... ok"
2789
2790requires_openssl_tls1_3
2791requires_config_enabled MBEDTLS_DEBUG_C
2792requires_config_enabled MBEDTLS_SSL_CLI_C
2793requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2794requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2795run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
2796 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2797 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2798 0 \
2799 -c "HTTP/1.0 200 ok" \
2800 -c "ECDH curve: secp256r1" \
2801 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2802 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2803 -c "Verifying peer X.509 certificate... ok"
2804
2805requires_gnutls_tls1_3
2806requires_gnutls_next_no_ticket
2807requires_gnutls_next_disable_tls13_compat
2808requires_config_enabled MBEDTLS_DEBUG_C
2809requires_config_enabled MBEDTLS_SSL_CLI_C
2810requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2811requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2812run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
2813 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+AES-128-CCM-8:+GROUP-SECP256R1:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2814 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2815 0 \
2816 -c "HTTP/1.0 200 OK" \
2817 -c "ECDH curve: secp256r1" \
2818 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2819 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2820 -c "Verifying peer X.509 certificate... ok"
2821
2822requires_openssl_tls1_3
2823requires_config_enabled MBEDTLS_DEBUG_C
2824requires_config_enabled MBEDTLS_SSL_CLI_C
2825requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2826requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2827run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
2828 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2829 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2830 0 \
2831 -c "HTTP/1.0 200 ok" \
2832 -c "ECDH curve: secp384r1" \
2833 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2834 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2835 -c "Verifying peer X.509 certificate... ok"
2836
2837requires_gnutls_tls1_3
2838requires_gnutls_next_no_ticket
2839requires_gnutls_next_disable_tls13_compat
2840requires_config_enabled MBEDTLS_DEBUG_C
2841requires_config_enabled MBEDTLS_SSL_CLI_C
2842requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2843requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2844run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
2845 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+AES-128-CCM-8:+GROUP-SECP384R1:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2846 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2847 0 \
2848 -c "HTTP/1.0 200 OK" \
2849 -c "ECDH curve: secp384r1" \
2850 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2851 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2852 -c "Verifying peer X.509 certificate... ok"
2853
2854requires_openssl_tls1_3
2855requires_config_enabled MBEDTLS_DEBUG_C
2856requires_config_enabled MBEDTLS_SSL_CLI_C
2857requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2858requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2859run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
2860 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2861 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2862 0 \
2863 -c "HTTP/1.0 200 ok" \
2864 -c "ECDH curve: secp521r1" \
2865 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2866 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2867 -c "Verifying peer X.509 certificate... ok"
2868
2869requires_gnutls_tls1_3
2870requires_gnutls_next_no_ticket
2871requires_gnutls_next_disable_tls13_compat
2872requires_config_enabled MBEDTLS_DEBUG_C
2873requires_config_enabled MBEDTLS_SSL_CLI_C
2874requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2875requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2876run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
2877 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+AES-128-CCM-8:+GROUP-SECP521R1:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2878 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2879 0 \
2880 -c "HTTP/1.0 200 OK" \
2881 -c "ECDH curve: secp521r1" \
2882 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2883 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2884 -c "Verifying peer X.509 certificate... ok"
2885
2886requires_openssl_tls1_3
2887requires_config_enabled MBEDTLS_DEBUG_C
2888requires_config_enabled MBEDTLS_SSL_CLI_C
2889requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2890requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2891run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
2892 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2893 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2894 0 \
2895 -c "HTTP/1.0 200 ok" \
2896 -c "ECDH curve: x25519" \
2897 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2898 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2899 -c "Verifying peer X.509 certificate... ok"
2900
2901requires_gnutls_tls1_3
2902requires_gnutls_next_no_ticket
2903requires_gnutls_next_disable_tls13_compat
2904requires_config_enabled MBEDTLS_DEBUG_C
2905requires_config_enabled MBEDTLS_SSL_CLI_C
2906requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2907requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2908run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
2909 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+GROUP-X25519:+AES-128-CCM-8:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2910 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2911 0 \
2912 -c "HTTP/1.0 200 OK" \
2913 -c "ECDH curve: x25519" \
2914 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2915 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2916 -c "Verifying peer X.509 certificate... ok"
2917
2918requires_openssl_tls1_3
2919requires_config_enabled MBEDTLS_DEBUG_C
2920requires_config_enabled MBEDTLS_SSL_CLI_C
2921requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2922requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2923run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
2924 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2925 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2926 0 \
2927 -c "HTTP/1.0 200 ok" \
2928 -c "ECDH curve: x448" \
2929 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2930 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2931 -c "Verifying peer X.509 certificate... ok"
2932
2933requires_gnutls_tls1_3
2934requires_gnutls_next_no_ticket
2935requires_gnutls_next_disable_tls13_compat
2936requires_config_enabled MBEDTLS_DEBUG_C
2937requires_config_enabled MBEDTLS_SSL_CLI_C
2938requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2939requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2940run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
2941 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AEAD:+SHA256:+AES-128-CCM-8:+GROUP-X448:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2942 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2943 0 \
2944 -c "HTTP/1.0 200 OK" \
2945 -c "ECDH curve: x448" \
2946 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2947 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2948 -c "Verifying peer X.509 certificate... ok"
2949
2950requires_openssl_tls1_3
2951requires_config_enabled MBEDTLS_DEBUG_C
2952requires_config_enabled MBEDTLS_SSL_CLI_C
2953requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2954requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2955run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
2956 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2957 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2958 0 \
2959 -c "HTTP/1.0 200 ok" \
2960 -c "ECDH curve: secp256r1" \
2961 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2962 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2963 -c "Verifying peer X.509 certificate... ok"
2964
2965requires_gnutls_tls1_3
2966requires_gnutls_next_no_ticket
2967requires_gnutls_next_disable_tls13_compat
2968requires_config_enabled MBEDTLS_DEBUG_C
2969requires_config_enabled MBEDTLS_SSL_CLI_C
2970requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2971requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2972run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
2973 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2974 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2975 0 \
2976 -c "HTTP/1.0 200 OK" \
2977 -c "ECDH curve: secp256r1" \
2978 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2979 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2980 -c "Verifying peer X.509 certificate... ok"
2981
2982requires_openssl_tls1_3
2983requires_config_enabled MBEDTLS_DEBUG_C
2984requires_config_enabled MBEDTLS_SSL_CLI_C
2985requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2986requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2987run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
2988 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2989 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2990 0 \
2991 -c "HTTP/1.0 200 ok" \
2992 -c "ECDH curve: secp384r1" \
2993 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2994 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2995 -c "Verifying peer X.509 certificate... ok"
2996
2997requires_gnutls_tls1_3
2998requires_gnutls_next_no_ticket
2999requires_gnutls_next_disable_tls13_compat
3000requires_config_enabled MBEDTLS_DEBUG_C
3001requires_config_enabled MBEDTLS_SSL_CLI_C
3002requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3003requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3004run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
3005 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+GROUP-SECP384R1:+SIGN-ECDSA-SECP521R1-SHA512:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
3006 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
3007 0 \
3008 -c "HTTP/1.0 200 OK" \
3009 -c "ECDH curve: secp384r1" \
3010 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3011 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3012 -c "Verifying peer X.509 certificate... ok"
3013
3014requires_openssl_tls1_3
3015requires_config_enabled MBEDTLS_DEBUG_C
3016requires_config_enabled MBEDTLS_SSL_CLI_C
3017requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3018requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3019run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
3020 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
3021 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
3022 0 \
3023 -c "HTTP/1.0 200 ok" \
3024 -c "ECDH curve: secp521r1" \
3025 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3026 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3027 -c "Verifying peer X.509 certificate... ok"
3028
3029requires_gnutls_tls1_3
3030requires_gnutls_next_no_ticket
3031requires_gnutls_next_disable_tls13_compat
3032requires_config_enabled MBEDTLS_DEBUG_C
3033requires_config_enabled MBEDTLS_SSL_CLI_C
3034requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3035requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3036run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
3037 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
3038 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
3039 0 \
3040 -c "HTTP/1.0 200 OK" \
3041 -c "ECDH curve: secp521r1" \
3042 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3043 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3044 -c "Verifying peer X.509 certificate... ok"
3045
3046requires_openssl_tls1_3
3047requires_config_enabled MBEDTLS_DEBUG_C
3048requires_config_enabled MBEDTLS_SSL_CLI_C
3049requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3050requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3051run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
3052 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
3053 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
3054 0 \
3055 -c "HTTP/1.0 200 ok" \
3056 -c "ECDH curve: x25519" \
3057 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3058 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3059 -c "Verifying peer X.509 certificate... ok"
3060
3061requires_gnutls_tls1_3
3062requires_gnutls_next_no_ticket
3063requires_gnutls_next_disable_tls13_compat
3064requires_config_enabled MBEDTLS_DEBUG_C
3065requires_config_enabled MBEDTLS_SSL_CLI_C
3066requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3067requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3068run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
3069 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+GROUP-X25519:+SIGN-ECDSA-SECP521R1-SHA512:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
3070 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
3071 0 \
3072 -c "HTTP/1.0 200 OK" \
3073 -c "ECDH curve: x25519" \
3074 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3075 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3076 -c "Verifying peer X.509 certificate... ok"
3077
3078requires_openssl_tls1_3
3079requires_config_enabled MBEDTLS_DEBUG_C
3080requires_config_enabled MBEDTLS_SSL_CLI_C
3081requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3082requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3083run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
3084 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
3085 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
3086 0 \
3087 -c "HTTP/1.0 200 ok" \
3088 -c "ECDH curve: x448" \
3089 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3090 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3091 -c "Verifying peer X.509 certificate... ok"
3092
3093requires_gnutls_tls1_3
3094requires_gnutls_next_no_ticket
3095requires_gnutls_next_disable_tls13_compat
3096requires_config_enabled MBEDTLS_DEBUG_C
3097requires_config_enabled MBEDTLS_SSL_CLI_C
3098requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3099requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3100run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
3101 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+AEAD:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
3102 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
3103 0 \
3104 -c "HTTP/1.0 200 OK" \
3105 -c "ECDH curve: x448" \
3106 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3107 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3108 -c "Verifying peer X.509 certificate... ok"
3109
3110requires_openssl_tls1_3
3111requires_config_enabled MBEDTLS_DEBUG_C
3112requires_config_enabled MBEDTLS_SSL_CLI_C
3113requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3114requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3115requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3116run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
3117 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
3118 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
3119 0 \
3120 -c "HTTP/1.0 200 ok" \
3121 -c "ECDH curve: secp256r1" \
3122 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3123 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3124 -c "Verifying peer X.509 certificate... ok"
3125
3126requires_gnutls_tls1_3
3127requires_gnutls_next_no_ticket
3128requires_gnutls_next_disable_tls13_compat
3129requires_config_enabled MBEDTLS_DEBUG_C
3130requires_config_enabled MBEDTLS_SSL_CLI_C
3131requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3132requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3133requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3134run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
3135 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
3136 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
3137 0 \
3138 -c "HTTP/1.0 200 OK" \
3139 -c "ECDH curve: secp256r1" \
3140 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3141 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3142 -c "Verifying peer X.509 certificate... ok"
3143
3144requires_openssl_tls1_3
3145requires_config_enabled MBEDTLS_DEBUG_C
3146requires_config_enabled MBEDTLS_SSL_CLI_C
3147requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3148requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3149requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3150run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
3151 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
3152 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
3153 0 \
3154 -c "HTTP/1.0 200 ok" \
3155 -c "ECDH curve: secp384r1" \
3156 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3157 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3158 -c "Verifying peer X.509 certificate... ok"
3159
3160requires_gnutls_tls1_3
3161requires_gnutls_next_no_ticket
3162requires_gnutls_next_disable_tls13_compat
3163requires_config_enabled MBEDTLS_DEBUG_C
3164requires_config_enabled MBEDTLS_SSL_CLI_C
3165requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3166requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3167requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3168run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
3169 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+GROUP-SECP384R1:+SIGN-RSA-PSS-RSAE-SHA256:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
3170 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
3171 0 \
3172 -c "HTTP/1.0 200 OK" \
3173 -c "ECDH curve: secp384r1" \
3174 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3175 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3176 -c "Verifying peer X.509 certificate... ok"
3177
3178requires_openssl_tls1_3
3179requires_config_enabled MBEDTLS_DEBUG_C
3180requires_config_enabled MBEDTLS_SSL_CLI_C
3181requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3182requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3183requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3184run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
3185 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
3186 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
3187 0 \
3188 -c "HTTP/1.0 200 ok" \
3189 -c "ECDH curve: secp521r1" \
3190 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3191 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3192 -c "Verifying peer X.509 certificate... ok"
3193
3194requires_gnutls_tls1_3
3195requires_gnutls_next_no_ticket
3196requires_gnutls_next_disable_tls13_compat
3197requires_config_enabled MBEDTLS_DEBUG_C
3198requires_config_enabled MBEDTLS_SSL_CLI_C
3199requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3200requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3201requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3202run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
3203 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
3204 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
3205 0 \
3206 -c "HTTP/1.0 200 OK" \
3207 -c "ECDH curve: secp521r1" \
3208 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3209 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3210 -c "Verifying peer X.509 certificate... ok"
3211
3212requires_openssl_tls1_3
3213requires_config_enabled MBEDTLS_DEBUG_C
3214requires_config_enabled MBEDTLS_SSL_CLI_C
3215requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3216requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3217requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3218run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
3219 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
3220 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
3221 0 \
3222 -c "HTTP/1.0 200 ok" \
3223 -c "ECDH curve: x25519" \
3224 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3225 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3226 -c "Verifying peer X.509 certificate... ok"
3227
3228requires_gnutls_tls1_3
3229requires_gnutls_next_no_ticket
3230requires_gnutls_next_disable_tls13_compat
3231requires_config_enabled MBEDTLS_DEBUG_C
3232requires_config_enabled MBEDTLS_SSL_CLI_C
3233requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3234requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3235requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3236run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
3237 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+GROUP-X25519:+SIGN-RSA-PSS-RSAE-SHA256:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
3238 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
3239 0 \
3240 -c "HTTP/1.0 200 OK" \
3241 -c "ECDH curve: x25519" \
3242 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3243 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3244 -c "Verifying peer X.509 certificate... ok"
3245
3246requires_openssl_tls1_3
3247requires_config_enabled MBEDTLS_DEBUG_C
3248requires_config_enabled MBEDTLS_SSL_CLI_C
3249requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3250requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3251requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3252run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
3253 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
3254 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
3255 0 \
3256 -c "HTTP/1.0 200 ok" \
3257 -c "ECDH curve: x448" \
3258 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3259 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3260 -c "Verifying peer X.509 certificate... ok"
3261
3262requires_gnutls_tls1_3
3263requires_gnutls_next_no_ticket
3264requires_gnutls_next_disable_tls13_compat
3265requires_config_enabled MBEDTLS_DEBUG_C
3266requires_config_enabled MBEDTLS_SSL_CLI_C
3267requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3268requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3269requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3270run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
3271 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
3272 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
3273 0 \
3274 -c "HTTP/1.0 200 OK" \
3275 -c "ECDH curve: x448" \
3276 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3277 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3278 -c "Verifying peer X.509 certificate... ok"
3279