TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 3616533d2688efaddde0eb9a61a65958e3fb9b95 / . / tests / opt-testcases / tls13-compat.sh
blob: f5989baa01993f57e72d712060e8dc7606457d9a [file] [log] [blame]
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1#!/bin/sh
2
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3# tls13-compat.sh
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4#
5# Copyright The Mbed TLS Contributors
6# SPDX-License-Identifier: Apache-2.0
7#
8# Licensed under the Apache License, Version 2.0 (the "License"); you may
9# not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17# See the License for the specific language governing permissions and
18# limitations under the License.
19#
20# Purpose
21#
22# List TLS1.3 compat test cases. They are generated by
23# `generate_tls13_compat_tests.py -a`.
24#
25# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
26# AND REGENERATE THIS FILE.
27#
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]28requires_openssl_tls1_3
29requires_config_enabled MBEDTLS_DEBUG_C
30requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]31requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]32requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]33run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]34 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]35 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]36 0 \
37 -c "HTTP/1.0 200 ok" \
38 -c "ECDH curve: secp256r1" \
39 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
40 -c "Certificate Verify: Signature algorithm ( 0403 )" \
41 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]42
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]43requires_gnutls_tls1_3
44requires_gnutls_next_no_ticket
45requires_gnutls_next_disable_tls13_compat
46requires_config_enabled MBEDTLS_DEBUG_C
47requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]48requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]49requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]50run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]51 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]52 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]53 0 \
54 -c "HTTP/1.0 200 OK" \
55 -c "ECDH curve: secp256r1" \
56 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
57 -c "Certificate Verify: Signature algorithm ( 0403 )" \
58 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]59
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]60requires_openssl_tls1_3
61requires_config_enabled MBEDTLS_DEBUG_C
62requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]63requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]64requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]65run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]66 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]67 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]68 0 \
69 -c "HTTP/1.0 200 ok" \
70 -c "ECDH curve: secp384r1" \
71 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
72 -c "Certificate Verify: Signature algorithm ( 0403 )" \
73 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]74
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]75requires_gnutls_tls1_3
76requires_gnutls_next_no_ticket
77requires_gnutls_next_disable_tls13_compat
78requires_config_enabled MBEDTLS_DEBUG_C
79requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]80requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]81requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]82run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]83 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]84 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]85 0 \
86 -c "HTTP/1.0 200 OK" \
87 -c "ECDH curve: secp384r1" \
88 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
89 -c "Certificate Verify: Signature algorithm ( 0403 )" \
90 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]91
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]92requires_openssl_tls1_3
93requires_config_enabled MBEDTLS_DEBUG_C
94requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]95requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]96requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]97run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]98 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]99 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]100 0 \
101 -c "HTTP/1.0 200 ok" \
102 -c "ECDH curve: secp521r1" \
103 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
104 -c "Certificate Verify: Signature algorithm ( 0403 )" \
105 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]106
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]107requires_gnutls_tls1_3
108requires_gnutls_next_no_ticket
109requires_gnutls_next_disable_tls13_compat
110requires_config_enabled MBEDTLS_DEBUG_C
111requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]112requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]113requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]114run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]115 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]116 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]117 0 \
118 -c "HTTP/1.0 200 OK" \
119 -c "ECDH curve: secp521r1" \
120 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
121 -c "Certificate Verify: Signature algorithm ( 0403 )" \
122 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]123
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]124requires_openssl_tls1_3
125requires_config_enabled MBEDTLS_DEBUG_C
126requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]127requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]128requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]129run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]130 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]131 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]132 0 \
133 -c "HTTP/1.0 200 ok" \
134 -c "ECDH curve: x25519" \
135 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
136 -c "Certificate Verify: Signature algorithm ( 0403 )" \
137 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]138
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]139requires_gnutls_tls1_3
140requires_gnutls_next_no_ticket
141requires_gnutls_next_disable_tls13_compat
142requires_config_enabled MBEDTLS_DEBUG_C
143requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]144requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]145requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]146run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]147 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]148 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]149 0 \
150 -c "HTTP/1.0 200 OK" \
151 -c "ECDH curve: x25519" \
152 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
153 -c "Certificate Verify: Signature algorithm ( 0403 )" \
154 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]155
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]156requires_openssl_tls1_3
157requires_config_enabled MBEDTLS_DEBUG_C
158requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]159requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]160requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]161run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]162 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]163 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]164 0 \
165 -c "HTTP/1.0 200 ok" \
166 -c "ECDH curve: x448" \
167 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
168 -c "Certificate Verify: Signature algorithm ( 0403 )" \
169 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]170
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]171requires_gnutls_tls1_3
172requires_gnutls_next_no_ticket
173requires_gnutls_next_disable_tls13_compat
174requires_config_enabled MBEDTLS_DEBUG_C
175requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]176requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]177requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]178run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]179 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]180 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]181 0 \
182 -c "HTTP/1.0 200 OK" \
183 -c "ECDH curve: x448" \
184 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
185 -c "Certificate Verify: Signature algorithm ( 0403 )" \
186 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]187
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]188requires_openssl_tls1_3
189requires_config_enabled MBEDTLS_DEBUG_C
190requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]191requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]192requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]193run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]194 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]195 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]196 0 \
197 -c "HTTP/1.0 200 ok" \
198 -c "ECDH curve: secp256r1" \
199 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
200 -c "Certificate Verify: Signature algorithm ( 0503 )" \
201 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]202
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]203requires_gnutls_tls1_3
204requires_gnutls_next_no_ticket
205requires_gnutls_next_disable_tls13_compat
206requires_config_enabled MBEDTLS_DEBUG_C
207requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]208requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]209requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]210run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]211 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]212 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]213 0 \
214 -c "HTTP/1.0 200 OK" \
215 -c "ECDH curve: secp256r1" \
216 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
217 -c "Certificate Verify: Signature algorithm ( 0503 )" \
218 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]219
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]220requires_openssl_tls1_3
221requires_config_enabled MBEDTLS_DEBUG_C
222requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]223requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]224requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]225run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]226 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]227 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]228 0 \
229 -c "HTTP/1.0 200 ok" \
230 -c "ECDH curve: secp384r1" \
231 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
232 -c "Certificate Verify: Signature algorithm ( 0503 )" \
233 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]234
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]235requires_gnutls_tls1_3
236requires_gnutls_next_no_ticket
237requires_gnutls_next_disable_tls13_compat
238requires_config_enabled MBEDTLS_DEBUG_C
239requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]240requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]241requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]242run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]243 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]244 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]245 0 \
246 -c "HTTP/1.0 200 OK" \
247 -c "ECDH curve: secp384r1" \
248 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
249 -c "Certificate Verify: Signature algorithm ( 0503 )" \
250 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]251
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]252requires_openssl_tls1_3
253requires_config_enabled MBEDTLS_DEBUG_C
254requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]255requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]256requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]257run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]258 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]259 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]260 0 \
261 -c "HTTP/1.0 200 ok" \
262 -c "ECDH curve: secp521r1" \
263 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
264 -c "Certificate Verify: Signature algorithm ( 0503 )" \
265 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]266
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]267requires_gnutls_tls1_3
268requires_gnutls_next_no_ticket
269requires_gnutls_next_disable_tls13_compat
270requires_config_enabled MBEDTLS_DEBUG_C
271requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]272requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]273requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]274run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]275 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]276 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]277 0 \
278 -c "HTTP/1.0 200 OK" \
279 -c "ECDH curve: secp521r1" \
280 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
281 -c "Certificate Verify: Signature algorithm ( 0503 )" \
282 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]283
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]284requires_openssl_tls1_3
285requires_config_enabled MBEDTLS_DEBUG_C
286requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]287requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]288requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]289run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]290 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]291 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]292 0 \
293 -c "HTTP/1.0 200 ok" \
294 -c "ECDH curve: x25519" \
295 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
296 -c "Certificate Verify: Signature algorithm ( 0503 )" \
297 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]298
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]299requires_gnutls_tls1_3
300requires_gnutls_next_no_ticket
301requires_gnutls_next_disable_tls13_compat
302requires_config_enabled MBEDTLS_DEBUG_C
303requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]304requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]305requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]306run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]307 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]308 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]309 0 \
310 -c "HTTP/1.0 200 OK" \
311 -c "ECDH curve: x25519" \
312 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
313 -c "Certificate Verify: Signature algorithm ( 0503 )" \
314 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]315
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]316requires_openssl_tls1_3
317requires_config_enabled MBEDTLS_DEBUG_C
318requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]319requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]320requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]321run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]322 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]323 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]324 0 \
325 -c "HTTP/1.0 200 ok" \
326 -c "ECDH curve: x448" \
327 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
328 -c "Certificate Verify: Signature algorithm ( 0503 )" \
329 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]330
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]331requires_gnutls_tls1_3
332requires_gnutls_next_no_ticket
333requires_gnutls_next_disable_tls13_compat
334requires_config_enabled MBEDTLS_DEBUG_C
335requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]336requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]337requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]338run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]339 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]340 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]341 0 \
342 -c "HTTP/1.0 200 OK" \
343 -c "ECDH curve: x448" \
344 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
345 -c "Certificate Verify: Signature algorithm ( 0503 )" \
346 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]347
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]348requires_openssl_tls1_3
349requires_config_enabled MBEDTLS_DEBUG_C
350requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]351requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]352requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]353run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]354 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]355 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]356 0 \
357 -c "HTTP/1.0 200 ok" \
358 -c "ECDH curve: secp256r1" \
359 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
360 -c "Certificate Verify: Signature algorithm ( 0603 )" \
361 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]362
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]363requires_gnutls_tls1_3
364requires_gnutls_next_no_ticket
365requires_gnutls_next_disable_tls13_compat
366requires_config_enabled MBEDTLS_DEBUG_C
367requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]368requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]369requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]370run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]371 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]372 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]373 0 \
374 -c "HTTP/1.0 200 OK" \
375 -c "ECDH curve: secp256r1" \
376 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
377 -c "Certificate Verify: Signature algorithm ( 0603 )" \
378 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]379
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]380requires_openssl_tls1_3
381requires_config_enabled MBEDTLS_DEBUG_C
382requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]383requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]384requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]385run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]386 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]387 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]388 0 \
389 -c "HTTP/1.0 200 ok" \
390 -c "ECDH curve: secp384r1" \
391 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
392 -c "Certificate Verify: Signature algorithm ( 0603 )" \
393 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]394
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]395requires_gnutls_tls1_3
396requires_gnutls_next_no_ticket
397requires_gnutls_next_disable_tls13_compat
398requires_config_enabled MBEDTLS_DEBUG_C
399requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]400requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]401requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]402run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]403 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]404 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]405 0 \
406 -c "HTTP/1.0 200 OK" \
407 -c "ECDH curve: secp384r1" \
408 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
409 -c "Certificate Verify: Signature algorithm ( 0603 )" \
410 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]411
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]412requires_openssl_tls1_3
413requires_config_enabled MBEDTLS_DEBUG_C
414requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]415requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]416requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]417run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]418 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]419 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]420 0 \
421 -c "HTTP/1.0 200 ok" \
422 -c "ECDH curve: secp521r1" \
423 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
424 -c "Certificate Verify: Signature algorithm ( 0603 )" \
425 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]426
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]427requires_gnutls_tls1_3
428requires_gnutls_next_no_ticket
429requires_gnutls_next_disable_tls13_compat
430requires_config_enabled MBEDTLS_DEBUG_C
431requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]432requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]433requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]434run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]435 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]436 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]437 0 \
438 -c "HTTP/1.0 200 OK" \
439 -c "ECDH curve: secp521r1" \
440 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
441 -c "Certificate Verify: Signature algorithm ( 0603 )" \
442 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]443
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]444requires_openssl_tls1_3
445requires_config_enabled MBEDTLS_DEBUG_C
446requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]447requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]448requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]449run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]450 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]451 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]452 0 \
453 -c "HTTP/1.0 200 ok" \
454 -c "ECDH curve: x25519" \
455 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
456 -c "Certificate Verify: Signature algorithm ( 0603 )" \
457 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]458
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]459requires_gnutls_tls1_3
460requires_gnutls_next_no_ticket
461requires_gnutls_next_disable_tls13_compat
462requires_config_enabled MBEDTLS_DEBUG_C
463requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]464requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]465requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]466run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]467 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]468 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]469 0 \
470 -c "HTTP/1.0 200 OK" \
471 -c "ECDH curve: x25519" \
472 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
473 -c "Certificate Verify: Signature algorithm ( 0603 )" \
474 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]475
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]476requires_openssl_tls1_3
477requires_config_enabled MBEDTLS_DEBUG_C
478requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]479requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]480requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]481run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]482 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]483 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]484 0 \
485 -c "HTTP/1.0 200 ok" \
486 -c "ECDH curve: x448" \
487 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
488 -c "Certificate Verify: Signature algorithm ( 0603 )" \
489 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]490
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]491requires_gnutls_tls1_3
492requires_gnutls_next_no_ticket
493requires_gnutls_next_disable_tls13_compat
494requires_config_enabled MBEDTLS_DEBUG_C
495requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]496requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]497requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]498run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]499 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]500 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]501 0 \
502 -c "HTTP/1.0 200 OK" \
503 -c "ECDH curve: x448" \
504 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
505 -c "Certificate Verify: Signature algorithm ( 0603 )" \
506 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]507
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]508requires_openssl_tls1_3
509requires_config_enabled MBEDTLS_DEBUG_C
510requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]511requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]512requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]513requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]514run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]515 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]516 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]517 0 \
518 -c "HTTP/1.0 200 ok" \
519 -c "ECDH curve: secp256r1" \
520 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
521 -c "Certificate Verify: Signature algorithm ( 0804 )" \
522 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]523
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]524requires_gnutls_tls1_3
525requires_gnutls_next_no_ticket
526requires_gnutls_next_disable_tls13_compat
527requires_config_enabled MBEDTLS_DEBUG_C
528requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]529requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]530requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]531requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]532run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]533 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]534 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]535 0 \
536 -c "HTTP/1.0 200 OK" \
537 -c "ECDH curve: secp256r1" \
538 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
539 -c "Certificate Verify: Signature algorithm ( 0804 )" \
540 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]541
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]542requires_openssl_tls1_3
543requires_config_enabled MBEDTLS_DEBUG_C
544requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]545requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]546requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]547requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]548run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]549 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]550 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]551 0 \
552 -c "HTTP/1.0 200 ok" \
553 -c "ECDH curve: secp384r1" \
554 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
555 -c "Certificate Verify: Signature algorithm ( 0804 )" \
556 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]557
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]558requires_gnutls_tls1_3
559requires_gnutls_next_no_ticket
560requires_gnutls_next_disable_tls13_compat
561requires_config_enabled MBEDTLS_DEBUG_C
562requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]563requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]564requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]565requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]566run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]567 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]568 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]569 0 \
570 -c "HTTP/1.0 200 OK" \
571 -c "ECDH curve: secp384r1" \
572 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
573 -c "Certificate Verify: Signature algorithm ( 0804 )" \
574 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]575
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]576requires_openssl_tls1_3
577requires_config_enabled MBEDTLS_DEBUG_C
578requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]579requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]580requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]581requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]582run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]583 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]584 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]585 0 \
586 -c "HTTP/1.0 200 ok" \
587 -c "ECDH curve: secp521r1" \
588 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
589 -c "Certificate Verify: Signature algorithm ( 0804 )" \
590 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]591
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]592requires_gnutls_tls1_3
593requires_gnutls_next_no_ticket
594requires_gnutls_next_disable_tls13_compat
595requires_config_enabled MBEDTLS_DEBUG_C
596requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]597requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]598requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]599requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]600run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]601 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]602 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]603 0 \
604 -c "HTTP/1.0 200 OK" \
605 -c "ECDH curve: secp521r1" \
606 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
607 -c "Certificate Verify: Signature algorithm ( 0804 )" \
608 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]609
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]610requires_openssl_tls1_3
611requires_config_enabled MBEDTLS_DEBUG_C
612requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]613requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]614requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]615requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]616run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]617 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]618 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]619 0 \
620 -c "HTTP/1.0 200 ok" \
621 -c "ECDH curve: x25519" \
622 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
623 -c "Certificate Verify: Signature algorithm ( 0804 )" \
624 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]625
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]626requires_gnutls_tls1_3
627requires_gnutls_next_no_ticket
628requires_gnutls_next_disable_tls13_compat
629requires_config_enabled MBEDTLS_DEBUG_C
630requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]631requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]632requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]633requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]634run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]635 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]636 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]637 0 \
638 -c "HTTP/1.0 200 OK" \
639 -c "ECDH curve: x25519" \
640 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
641 -c "Certificate Verify: Signature algorithm ( 0804 )" \
642 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]643
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]644requires_openssl_tls1_3
645requires_config_enabled MBEDTLS_DEBUG_C
646requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]647requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]648requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]649requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]650run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]651 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]652 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]653 0 \
654 -c "HTTP/1.0 200 ok" \
655 -c "ECDH curve: x448" \
656 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
657 -c "Certificate Verify: Signature algorithm ( 0804 )" \
658 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]659
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]660requires_gnutls_tls1_3
661requires_gnutls_next_no_ticket
662requires_gnutls_next_disable_tls13_compat
663requires_config_enabled MBEDTLS_DEBUG_C
664requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]665requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]666requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]667requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]668run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]669 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]670 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]671 0 \
672 -c "HTTP/1.0 200 OK" \
673 -c "ECDH curve: x448" \
674 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
675 -c "Certificate Verify: Signature algorithm ( 0804 )" \
676 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]677
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]678requires_openssl_tls1_3
679requires_config_enabled MBEDTLS_DEBUG_C
680requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]681requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]682requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]683run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]684 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]685 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]686 0 \
687 -c "HTTP/1.0 200 ok" \
688 -c "ECDH curve: secp256r1" \
689 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
690 -c "Certificate Verify: Signature algorithm ( 0403 )" \
691 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]692
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]693requires_gnutls_tls1_3
694requires_gnutls_next_no_ticket
695requires_gnutls_next_disable_tls13_compat
696requires_config_enabled MBEDTLS_DEBUG_C
697requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]698requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]699requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]700run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]701 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]702 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]703 0 \
704 -c "HTTP/1.0 200 OK" \
705 -c "ECDH curve: secp256r1" \
706 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
707 -c "Certificate Verify: Signature algorithm ( 0403 )" \
708 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]709
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]710requires_openssl_tls1_3
711requires_config_enabled MBEDTLS_DEBUG_C
712requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]713requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]714requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]715run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]716 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]717 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]718 0 \
719 -c "HTTP/1.0 200 ok" \
720 -c "ECDH curve: secp384r1" \
721 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
722 -c "Certificate Verify: Signature algorithm ( 0403 )" \
723 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]724
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]725requires_gnutls_tls1_3
726requires_gnutls_next_no_ticket
727requires_gnutls_next_disable_tls13_compat
728requires_config_enabled MBEDTLS_DEBUG_C
729requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]730requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]731requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]732run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]733 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]734 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]735 0 \
736 -c "HTTP/1.0 200 OK" \
737 -c "ECDH curve: secp384r1" \
738 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
739 -c "Certificate Verify: Signature algorithm ( 0403 )" \
740 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]741
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]742requires_openssl_tls1_3
743requires_config_enabled MBEDTLS_DEBUG_C
744requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]745requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]746requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]747run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]748 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]749 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]750 0 \
751 -c "HTTP/1.0 200 ok" \
752 -c "ECDH curve: secp521r1" \
753 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
754 -c "Certificate Verify: Signature algorithm ( 0403 )" \
755 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]756
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]757requires_gnutls_tls1_3
758requires_gnutls_next_no_ticket
759requires_gnutls_next_disable_tls13_compat
760requires_config_enabled MBEDTLS_DEBUG_C
761requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]762requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]763requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]764run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]765 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]766 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]767 0 \
768 -c "HTTP/1.0 200 OK" \
769 -c "ECDH curve: secp521r1" \
770 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
771 -c "Certificate Verify: Signature algorithm ( 0403 )" \
772 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]773
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]774requires_openssl_tls1_3
775requires_config_enabled MBEDTLS_DEBUG_C
776requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]777requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]778requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]779run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]780 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]781 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]782 0 \
783 -c "HTTP/1.0 200 ok" \
784 -c "ECDH curve: x25519" \
785 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
786 -c "Certificate Verify: Signature algorithm ( 0403 )" \
787 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]788
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]789requires_gnutls_tls1_3
790requires_gnutls_next_no_ticket
791requires_gnutls_next_disable_tls13_compat
792requires_config_enabled MBEDTLS_DEBUG_C
793requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]794requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]795requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]796run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]797 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]798 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]799 0 \
800 -c "HTTP/1.0 200 OK" \
801 -c "ECDH curve: x25519" \
802 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
803 -c "Certificate Verify: Signature algorithm ( 0403 )" \
804 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]805
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]806requires_openssl_tls1_3
807requires_config_enabled MBEDTLS_DEBUG_C
808requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]809requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]810requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]811run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]812 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]813 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]814 0 \
815 -c "HTTP/1.0 200 ok" \
816 -c "ECDH curve: x448" \
817 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
818 -c "Certificate Verify: Signature algorithm ( 0403 )" \
819 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]820
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]821requires_gnutls_tls1_3
822requires_gnutls_next_no_ticket
823requires_gnutls_next_disable_tls13_compat
824requires_config_enabled MBEDTLS_DEBUG_C
825requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]826requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]827requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]828run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]829 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]830 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]831 0 \
832 -c "HTTP/1.0 200 OK" \
833 -c "ECDH curve: x448" \
834 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
835 -c "Certificate Verify: Signature algorithm ( 0403 )" \
836 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]837
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]838requires_openssl_tls1_3
839requires_config_enabled MBEDTLS_DEBUG_C
840requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]841requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]842requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]843run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]844 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]845 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]846 0 \
847 -c "HTTP/1.0 200 ok" \
848 -c "ECDH curve: secp256r1" \
849 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
850 -c "Certificate Verify: Signature algorithm ( 0503 )" \
851 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]852
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]853requires_gnutls_tls1_3
854requires_gnutls_next_no_ticket
855requires_gnutls_next_disable_tls13_compat
856requires_config_enabled MBEDTLS_DEBUG_C
857requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]858requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]859requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]860run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]861 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]862 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]863 0 \
864 -c "HTTP/1.0 200 OK" \
865 -c "ECDH curve: secp256r1" \
866 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
867 -c "Certificate Verify: Signature algorithm ( 0503 )" \
868 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]869
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]870requires_openssl_tls1_3
871requires_config_enabled MBEDTLS_DEBUG_C
872requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]873requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]874requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]875run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]876 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]877 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]878 0 \
879 -c "HTTP/1.0 200 ok" \
880 -c "ECDH curve: secp384r1" \
881 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
882 -c "Certificate Verify: Signature algorithm ( 0503 )" \
883 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]884
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]885requires_gnutls_tls1_3
886requires_gnutls_next_no_ticket
887requires_gnutls_next_disable_tls13_compat
888requires_config_enabled MBEDTLS_DEBUG_C
889requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]890requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]891requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]892run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]893 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]894 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]895 0 \
896 -c "HTTP/1.0 200 OK" \
897 -c "ECDH curve: secp384r1" \
898 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
899 -c "Certificate Verify: Signature algorithm ( 0503 )" \
900 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]901
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]902requires_openssl_tls1_3
903requires_config_enabled MBEDTLS_DEBUG_C
904requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]905requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]906requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]907run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]908 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]909 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]910 0 \
911 -c "HTTP/1.0 200 ok" \
912 -c "ECDH curve: secp521r1" \
913 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
914 -c "Certificate Verify: Signature algorithm ( 0503 )" \
915 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]916
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]917requires_gnutls_tls1_3
918requires_gnutls_next_no_ticket
919requires_gnutls_next_disable_tls13_compat
920requires_config_enabled MBEDTLS_DEBUG_C
921requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]922requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]923requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]924run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]925 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]926 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]927 0 \
928 -c "HTTP/1.0 200 OK" \
929 -c "ECDH curve: secp521r1" \
930 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
931 -c "Certificate Verify: Signature algorithm ( 0503 )" \
932 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]933
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]934requires_openssl_tls1_3
935requires_config_enabled MBEDTLS_DEBUG_C
936requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]937requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]938requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]939run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]940 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]941 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]942 0 \
943 -c "HTTP/1.0 200 ok" \
944 -c "ECDH curve: x25519" \
945 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
946 -c "Certificate Verify: Signature algorithm ( 0503 )" \
947 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]948
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]949requires_gnutls_tls1_3
950requires_gnutls_next_no_ticket
951requires_gnutls_next_disable_tls13_compat
952requires_config_enabled MBEDTLS_DEBUG_C
953requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]954requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]955requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]956run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]957 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]958 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]959 0 \
960 -c "HTTP/1.0 200 OK" \
961 -c "ECDH curve: x25519" \
962 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
963 -c "Certificate Verify: Signature algorithm ( 0503 )" \
964 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]965
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]966requires_openssl_tls1_3
967requires_config_enabled MBEDTLS_DEBUG_C
968requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]969requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]970requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]971run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]972 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]973 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]974 0 \
975 -c "HTTP/1.0 200 ok" \
976 -c "ECDH curve: x448" \
977 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
978 -c "Certificate Verify: Signature algorithm ( 0503 )" \
979 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]980
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]981requires_gnutls_tls1_3
982requires_gnutls_next_no_ticket
983requires_gnutls_next_disable_tls13_compat
984requires_config_enabled MBEDTLS_DEBUG_C
985requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]986requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]987requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]988run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]989 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]990 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]991 0 \
992 -c "HTTP/1.0 200 OK" \
993 -c "ECDH curve: x448" \
994 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
995 -c "Certificate Verify: Signature algorithm ( 0503 )" \
996 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]997
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]998requires_openssl_tls1_3
999requires_config_enabled MBEDTLS_DEBUG_C
1000requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1001requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1002requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1003run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1004 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1005 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1006 0 \
1007 -c "HTTP/1.0 200 ok" \
1008 -c "ECDH curve: secp256r1" \
1009 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1010 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1011 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1012
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1013requires_gnutls_tls1_3
1014requires_gnutls_next_no_ticket
1015requires_gnutls_next_disable_tls13_compat
1016requires_config_enabled MBEDTLS_DEBUG_C
1017requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1018requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1019requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1020run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1021 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1022 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1023 0 \
1024 -c "HTTP/1.0 200 OK" \
1025 -c "ECDH curve: secp256r1" \
1026 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1027 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1028 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1029
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1030requires_openssl_tls1_3
1031requires_config_enabled MBEDTLS_DEBUG_C
1032requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1033requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1034requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1035run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1036 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1037 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1038 0 \
1039 -c "HTTP/1.0 200 ok" \
1040 -c "ECDH curve: secp384r1" \
1041 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1042 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1043 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1044
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1045requires_gnutls_tls1_3
1046requires_gnutls_next_no_ticket
1047requires_gnutls_next_disable_tls13_compat
1048requires_config_enabled MBEDTLS_DEBUG_C
1049requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1050requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1051requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1052run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1053 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1054 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1055 0 \
1056 -c "HTTP/1.0 200 OK" \
1057 -c "ECDH curve: secp384r1" \
1058 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1059 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1060 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1061
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1062requires_openssl_tls1_3
1063requires_config_enabled MBEDTLS_DEBUG_C
1064requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1065requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1066requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1067run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1068 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1069 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1070 0 \
1071 -c "HTTP/1.0 200 ok" \
1072 -c "ECDH curve: secp521r1" \
1073 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1074 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1075 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1076
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1077requires_gnutls_tls1_3
1078requires_gnutls_next_no_ticket
1079requires_gnutls_next_disable_tls13_compat
1080requires_config_enabled MBEDTLS_DEBUG_C
1081requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1082requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1083requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1084run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1085 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1086 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1087 0 \
1088 -c "HTTP/1.0 200 OK" \
1089 -c "ECDH curve: secp521r1" \
1090 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1091 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1092 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1093
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1094requires_openssl_tls1_3
1095requires_config_enabled MBEDTLS_DEBUG_C
1096requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1097requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1098requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1099run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1100 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1101 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1102 0 \
1103 -c "HTTP/1.0 200 ok" \
1104 -c "ECDH curve: x25519" \
1105 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1106 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1107 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1108
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1109requires_gnutls_tls1_3
1110requires_gnutls_next_no_ticket
1111requires_gnutls_next_disable_tls13_compat
1112requires_config_enabled MBEDTLS_DEBUG_C
1113requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1114requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1115requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1116run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1117 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1118 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1119 0 \
1120 -c "HTTP/1.0 200 OK" \
1121 -c "ECDH curve: x25519" \
1122 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1123 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1124 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1125
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1126requires_openssl_tls1_3
1127requires_config_enabled MBEDTLS_DEBUG_C
1128requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1129requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1130requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1131run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1132 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1133 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1134 0 \
1135 -c "HTTP/1.0 200 ok" \
1136 -c "ECDH curve: x448" \
1137 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1138 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1139 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1140
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1141requires_gnutls_tls1_3
1142requires_gnutls_next_no_ticket
1143requires_gnutls_next_disable_tls13_compat
1144requires_config_enabled MBEDTLS_DEBUG_C
1145requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1146requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1147requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1148run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1149 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1150 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1151 0 \
1152 -c "HTTP/1.0 200 OK" \
1153 -c "ECDH curve: x448" \
1154 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1155 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1156 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1157
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1158requires_openssl_tls1_3
1159requires_config_enabled MBEDTLS_DEBUG_C
1160requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1161requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1162requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1163requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1164run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1165 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1166 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1167 0 \
1168 -c "HTTP/1.0 200 ok" \
1169 -c "ECDH curve: secp256r1" \
1170 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1171 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1172 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1173
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1174requires_gnutls_tls1_3
1175requires_gnutls_next_no_ticket
1176requires_gnutls_next_disable_tls13_compat
1177requires_config_enabled MBEDTLS_DEBUG_C
1178requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1179requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1180requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1181requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1182run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1183 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1184 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1185 0 \
1186 -c "HTTP/1.0 200 OK" \
1187 -c "ECDH curve: secp256r1" \
1188 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1189 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1190 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1191
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1192requires_openssl_tls1_3
1193requires_config_enabled MBEDTLS_DEBUG_C
1194requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1195requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1196requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1197requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1198run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1199 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1200 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1201 0 \
1202 -c "HTTP/1.0 200 ok" \
1203 -c "ECDH curve: secp384r1" \
1204 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1205 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1206 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1207
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1208requires_gnutls_tls1_3
1209requires_gnutls_next_no_ticket
1210requires_gnutls_next_disable_tls13_compat
1211requires_config_enabled MBEDTLS_DEBUG_C
1212requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1213requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1214requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1215requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1216run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1217 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1218 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1219 0 \
1220 -c "HTTP/1.0 200 OK" \
1221 -c "ECDH curve: secp384r1" \
1222 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1223 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1224 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1225
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1226requires_openssl_tls1_3
1227requires_config_enabled MBEDTLS_DEBUG_C
1228requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1229requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1230requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1231requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1232run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1233 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1234 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1235 0 \
1236 -c "HTTP/1.0 200 ok" \
1237 -c "ECDH curve: secp521r1" \
1238 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1239 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1240 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1241
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1242requires_gnutls_tls1_3
1243requires_gnutls_next_no_ticket
1244requires_gnutls_next_disable_tls13_compat
1245requires_config_enabled MBEDTLS_DEBUG_C
1246requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1247requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1248requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1249requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1250run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1251 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1252 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1253 0 \
1254 -c "HTTP/1.0 200 OK" \
1255 -c "ECDH curve: secp521r1" \
1256 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1257 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1258 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1259
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1260requires_openssl_tls1_3
1261requires_config_enabled MBEDTLS_DEBUG_C
1262requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1263requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1264requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1265requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1266run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1267 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1268 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1269 0 \
1270 -c "HTTP/1.0 200 ok" \
1271 -c "ECDH curve: x25519" \
1272 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1273 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1274 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1275
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1276requires_gnutls_tls1_3
1277requires_gnutls_next_no_ticket
1278requires_gnutls_next_disable_tls13_compat
1279requires_config_enabled MBEDTLS_DEBUG_C
1280requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1281requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1282requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1283requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1284run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1285 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1286 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1287 0 \
1288 -c "HTTP/1.0 200 OK" \
1289 -c "ECDH curve: x25519" \
1290 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1291 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1292 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1293
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1294requires_openssl_tls1_3
1295requires_config_enabled MBEDTLS_DEBUG_C
1296requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1297requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1298requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1299requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1300run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1301 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1302 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1303 0 \
1304 -c "HTTP/1.0 200 ok" \
1305 -c "ECDH curve: x448" \
1306 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1307 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1308 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1309
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1310requires_gnutls_tls1_3
1311requires_gnutls_next_no_ticket
1312requires_gnutls_next_disable_tls13_compat
1313requires_config_enabled MBEDTLS_DEBUG_C
1314requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1315requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1316requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1317requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1318run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1319 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1320 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1321 0 \
1322 -c "HTTP/1.0 200 OK" \
1323 -c "ECDH curve: x448" \
1324 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1325 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1326 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1327
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1328requires_openssl_tls1_3
1329requires_config_enabled MBEDTLS_DEBUG_C
1330requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1331requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1332requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1333run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1334 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1335 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1336 0 \
1337 -c "HTTP/1.0 200 ok" \
1338 -c "ECDH curve: secp256r1" \
1339 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1340 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1341 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1342
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1343requires_gnutls_tls1_3
1344requires_gnutls_next_no_ticket
1345requires_gnutls_next_disable_tls13_compat
1346requires_config_enabled MBEDTLS_DEBUG_C
1347requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1348requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1349requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1350run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1351 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1352 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1353 0 \
1354 -c "HTTP/1.0 200 OK" \
1355 -c "ECDH curve: secp256r1" \
1356 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1357 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1358 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1359
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1360requires_openssl_tls1_3
1361requires_config_enabled MBEDTLS_DEBUG_C
1362requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1363requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1364requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1365run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1366 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1367 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1368 0 \
1369 -c "HTTP/1.0 200 ok" \
1370 -c "ECDH curve: secp384r1" \
1371 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1372 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1373 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1374
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1375requires_gnutls_tls1_3
1376requires_gnutls_next_no_ticket
1377requires_gnutls_next_disable_tls13_compat
1378requires_config_enabled MBEDTLS_DEBUG_C
1379requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1380requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1381requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1382run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1383 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1384 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1385 0 \
1386 -c "HTTP/1.0 200 OK" \
1387 -c "ECDH curve: secp384r1" \
1388 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1389 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1390 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1391
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1392requires_openssl_tls1_3
1393requires_config_enabled MBEDTLS_DEBUG_C
1394requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1395requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1396requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1397run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1398 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1399 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1400 0 \
1401 -c "HTTP/1.0 200 ok" \
1402 -c "ECDH curve: secp521r1" \
1403 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1404 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1405 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1406
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1407requires_gnutls_tls1_3
1408requires_gnutls_next_no_ticket
1409requires_gnutls_next_disable_tls13_compat
1410requires_config_enabled MBEDTLS_DEBUG_C
1411requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1412requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1413requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1414run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1415 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1416 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1417 0 \
1418 -c "HTTP/1.0 200 OK" \
1419 -c "ECDH curve: secp521r1" \
1420 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1421 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1422 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1423
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1424requires_openssl_tls1_3
1425requires_config_enabled MBEDTLS_DEBUG_C
1426requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1427requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1428requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1429run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1430 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1431 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1432 0 \
1433 -c "HTTP/1.0 200 ok" \
1434 -c "ECDH curve: x25519" \
1435 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1436 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1437 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1438
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1439requires_gnutls_tls1_3
1440requires_gnutls_next_no_ticket
1441requires_gnutls_next_disable_tls13_compat
1442requires_config_enabled MBEDTLS_DEBUG_C
1443requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1444requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1445requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1446run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1447 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1448 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1449 0 \
1450 -c "HTTP/1.0 200 OK" \
1451 -c "ECDH curve: x25519" \
1452 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1453 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1454 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1455
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1456requires_openssl_tls1_3
1457requires_config_enabled MBEDTLS_DEBUG_C
1458requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1459requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1460requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1461run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1462 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1463 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1464 0 \
1465 -c "HTTP/1.0 200 ok" \
1466 -c "ECDH curve: x448" \
1467 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1468 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1469 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1470
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1471requires_gnutls_tls1_3
1472requires_gnutls_next_no_ticket
1473requires_gnutls_next_disable_tls13_compat
1474requires_config_enabled MBEDTLS_DEBUG_C
1475requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1476requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1477requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1478run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1479 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1480 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1481 0 \
1482 -c "HTTP/1.0 200 OK" \
1483 -c "ECDH curve: x448" \
1484 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1485 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1486 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1487
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1488requires_openssl_tls1_3
1489requires_config_enabled MBEDTLS_DEBUG_C
1490requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1491requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1492requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1493run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1494 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1495 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1496 0 \
1497 -c "HTTP/1.0 200 ok" \
1498 -c "ECDH curve: secp256r1" \
1499 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1500 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1501 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1502
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1503requires_gnutls_tls1_3
1504requires_gnutls_next_no_ticket
1505requires_gnutls_next_disable_tls13_compat
1506requires_config_enabled MBEDTLS_DEBUG_C
1507requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1508requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1509requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1510run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1511 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1512 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1513 0 \
1514 -c "HTTP/1.0 200 OK" \
1515 -c "ECDH curve: secp256r1" \
1516 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1517 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1518 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1519
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1520requires_openssl_tls1_3
1521requires_config_enabled MBEDTLS_DEBUG_C
1522requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1523requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1524requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1525run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1526 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1527 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1528 0 \
1529 -c "HTTP/1.0 200 ok" \
1530 -c "ECDH curve: secp384r1" \
1531 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1532 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1533 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1534
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1535requires_gnutls_tls1_3
1536requires_gnutls_next_no_ticket
1537requires_gnutls_next_disable_tls13_compat
1538requires_config_enabled MBEDTLS_DEBUG_C
1539requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1540requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1541requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1542run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1543 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1544 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1545 0 \
1546 -c "HTTP/1.0 200 OK" \
1547 -c "ECDH curve: secp384r1" \
1548 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1549 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1550 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1551
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1552requires_openssl_tls1_3
1553requires_config_enabled MBEDTLS_DEBUG_C
1554requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1555requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1556requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1557run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1558 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1559 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1560 0 \
1561 -c "HTTP/1.0 200 ok" \
1562 -c "ECDH curve: secp521r1" \
1563 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1564 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1565 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1566
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1567requires_gnutls_tls1_3
1568requires_gnutls_next_no_ticket
1569requires_gnutls_next_disable_tls13_compat
1570requires_config_enabled MBEDTLS_DEBUG_C
1571requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1572requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1573requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1574run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1575 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1576 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1577 0 \
1578 -c "HTTP/1.0 200 OK" \
1579 -c "ECDH curve: secp521r1" \
1580 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1581 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1582 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1583
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1584requires_openssl_tls1_3
1585requires_config_enabled MBEDTLS_DEBUG_C
1586requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1587requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1588requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1589run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1590 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1591 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1592 0 \
1593 -c "HTTP/1.0 200 ok" \
1594 -c "ECDH curve: x25519" \
1595 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1596 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1597 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1598
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1599requires_gnutls_tls1_3
1600requires_gnutls_next_no_ticket
1601requires_gnutls_next_disable_tls13_compat
1602requires_config_enabled MBEDTLS_DEBUG_C
1603requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1604requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1605requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1606run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1607 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1608 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1609 0 \
1610 -c "HTTP/1.0 200 OK" \
1611 -c "ECDH curve: x25519" \
1612 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1613 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1614 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1615
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1616requires_openssl_tls1_3
1617requires_config_enabled MBEDTLS_DEBUG_C
1618requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1619requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1620requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1621run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1622 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1623 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1624 0 \
1625 -c "HTTP/1.0 200 ok" \
1626 -c "ECDH curve: x448" \
1627 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1628 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1629 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1630
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1631requires_gnutls_tls1_3
1632requires_gnutls_next_no_ticket
1633requires_gnutls_next_disable_tls13_compat
1634requires_config_enabled MBEDTLS_DEBUG_C
1635requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1636requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1637requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1638run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1639 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1640 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1641 0 \
1642 -c "HTTP/1.0 200 OK" \
1643 -c "ECDH curve: x448" \
1644 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1645 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1646 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1647
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1648requires_openssl_tls1_3
1649requires_config_enabled MBEDTLS_DEBUG_C
1650requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1651requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1652requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1653run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1654 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1655 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1656 0 \
1657 -c "HTTP/1.0 200 ok" \
1658 -c "ECDH curve: secp256r1" \
1659 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1660 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1661 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1662
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1663requires_gnutls_tls1_3
1664requires_gnutls_next_no_ticket
1665requires_gnutls_next_disable_tls13_compat
1666requires_config_enabled MBEDTLS_DEBUG_C
1667requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1668requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1669requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1670run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1671 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1672 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1673 0 \
1674 -c "HTTP/1.0 200 OK" \
1675 -c "ECDH curve: secp256r1" \
1676 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1677 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1678 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1679
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1680requires_openssl_tls1_3
1681requires_config_enabled MBEDTLS_DEBUG_C
1682requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1683requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1684requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1685run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1686 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1687 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1688 0 \
1689 -c "HTTP/1.0 200 ok" \
1690 -c "ECDH curve: secp384r1" \
1691 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1692 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1693 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1694
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1695requires_gnutls_tls1_3
1696requires_gnutls_next_no_ticket
1697requires_gnutls_next_disable_tls13_compat
1698requires_config_enabled MBEDTLS_DEBUG_C
1699requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1700requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1701requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1702run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1703 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1704 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1705 0 \
1706 -c "HTTP/1.0 200 OK" \
1707 -c "ECDH curve: secp384r1" \
1708 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1709 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1710 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1711
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1712requires_openssl_tls1_3
1713requires_config_enabled MBEDTLS_DEBUG_C
1714requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1715requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1716requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1717run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1718 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1719 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1720 0 \
1721 -c "HTTP/1.0 200 ok" \
1722 -c "ECDH curve: secp521r1" \
1723 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1724 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1725 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1726
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1727requires_gnutls_tls1_3
1728requires_gnutls_next_no_ticket
1729requires_gnutls_next_disable_tls13_compat
1730requires_config_enabled MBEDTLS_DEBUG_C
1731requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1732requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1733requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1734run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1735 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1736 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1737 0 \
1738 -c "HTTP/1.0 200 OK" \
1739 -c "ECDH curve: secp521r1" \
1740 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1741 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1742 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1743
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1744requires_openssl_tls1_3
1745requires_config_enabled MBEDTLS_DEBUG_C
1746requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1747requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1748requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1749run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1750 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1751 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1752 0 \
1753 -c "HTTP/1.0 200 ok" \
1754 -c "ECDH curve: x25519" \
1755 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1756 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1757 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1758
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1759requires_gnutls_tls1_3
1760requires_gnutls_next_no_ticket
1761requires_gnutls_next_disable_tls13_compat
1762requires_config_enabled MBEDTLS_DEBUG_C
1763requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1764requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1765requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1766run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1767 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1768 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1769 0 \
1770 -c "HTTP/1.0 200 OK" \
1771 -c "ECDH curve: x25519" \
1772 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1773 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1774 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1775
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1776requires_openssl_tls1_3
1777requires_config_enabled MBEDTLS_DEBUG_C
1778requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1779requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1780requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1781run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1782 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1783 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1784 0 \
1785 -c "HTTP/1.0 200 ok" \
1786 -c "ECDH curve: x448" \
1787 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1788 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1789 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1790
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1791requires_gnutls_tls1_3
1792requires_gnutls_next_no_ticket
1793requires_gnutls_next_disable_tls13_compat
1794requires_config_enabled MBEDTLS_DEBUG_C
1795requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1796requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1797requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1798run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1799 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1800 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1801 0 \
1802 -c "HTTP/1.0 200 OK" \
1803 -c "ECDH curve: x448" \
1804 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1805 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1806 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1807
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1808requires_openssl_tls1_3
1809requires_config_enabled MBEDTLS_DEBUG_C
1810requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1811requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1812requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1813requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1814run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1815 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1816 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1817 0 \
1818 -c "HTTP/1.0 200 ok" \
1819 -c "ECDH curve: secp256r1" \
1820 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1821 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1822 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1823
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1824requires_gnutls_tls1_3
1825requires_gnutls_next_no_ticket
1826requires_gnutls_next_disable_tls13_compat
1827requires_config_enabled MBEDTLS_DEBUG_C
1828requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1829requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1830requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1831requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1832run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1833 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1834 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1835 0 \
1836 -c "HTTP/1.0 200 OK" \
1837 -c "ECDH curve: secp256r1" \
1838 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1839 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1840 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1841
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1842requires_openssl_tls1_3
1843requires_config_enabled MBEDTLS_DEBUG_C
1844requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1845requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1846requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1847requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1848run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1849 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1850 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1851 0 \
1852 -c "HTTP/1.0 200 ok" \
1853 -c "ECDH curve: secp384r1" \
1854 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1855 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1856 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1857
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1858requires_gnutls_tls1_3
1859requires_gnutls_next_no_ticket
1860requires_gnutls_next_disable_tls13_compat
1861requires_config_enabled MBEDTLS_DEBUG_C
1862requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1863requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1864requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1865requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1866run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1867 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1868 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1869 0 \
1870 -c "HTTP/1.0 200 OK" \
1871 -c "ECDH curve: secp384r1" \
1872 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1873 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1874 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1875
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1876requires_openssl_tls1_3
1877requires_config_enabled MBEDTLS_DEBUG_C
1878requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1879requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1880requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1881requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1882run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1883 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1884 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1885 0 \
1886 -c "HTTP/1.0 200 ok" \
1887 -c "ECDH curve: secp521r1" \
1888 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1889 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1890 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1891
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1892requires_gnutls_tls1_3
1893requires_gnutls_next_no_ticket
1894requires_gnutls_next_disable_tls13_compat
1895requires_config_enabled MBEDTLS_DEBUG_C
1896requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1897requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1898requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1899requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1900run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1901 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1902 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1903 0 \
1904 -c "HTTP/1.0 200 OK" \
1905 -c "ECDH curve: secp521r1" \
1906 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1907 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1908 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1909
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1910requires_openssl_tls1_3
1911requires_config_enabled MBEDTLS_DEBUG_C
1912requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1913requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1914requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1915requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1916run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1917 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1918 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1919 0 \
1920 -c "HTTP/1.0 200 ok" \
1921 -c "ECDH curve: x25519" \
1922 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1923 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1924 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1925
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1926requires_gnutls_tls1_3
1927requires_gnutls_next_no_ticket
1928requires_gnutls_next_disable_tls13_compat
1929requires_config_enabled MBEDTLS_DEBUG_C
1930requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1931requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1932requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1933requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1934run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1935 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1936 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1937 0 \
1938 -c "HTTP/1.0 200 OK" \
1939 -c "ECDH curve: x25519" \
1940 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1941 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1942 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1943
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1944requires_openssl_tls1_3
1945requires_config_enabled MBEDTLS_DEBUG_C
1946requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1947requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1948requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1949requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1950run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1951 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1952 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1953 0 \
1954 -c "HTTP/1.0 200 ok" \
1955 -c "ECDH curve: x448" \
1956 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1957 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1958 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1959
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1960requires_gnutls_tls1_3
1961requires_gnutls_next_no_ticket
1962requires_gnutls_next_disable_tls13_compat
1963requires_config_enabled MBEDTLS_DEBUG_C
1964requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1965requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1966requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1967requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1968run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1969 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1970 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1971 0 \
1972 -c "HTTP/1.0 200 OK" \
1973 -c "ECDH curve: x448" \
1974 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1975 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1976 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1977
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1978requires_openssl_tls1_3
1979requires_config_enabled MBEDTLS_DEBUG_C
1980requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1981requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1982requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1983run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1984 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1985 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1986 0 \
1987 -c "HTTP/1.0 200 ok" \
1988 -c "ECDH curve: secp256r1" \
1989 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1990 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1991 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1992
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1993requires_gnutls_tls1_3
1994requires_gnutls_next_no_ticket
1995requires_gnutls_next_disable_tls13_compat
1996requires_config_enabled MBEDTLS_DEBUG_C
1997requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1998requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1999requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2000run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2001 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2002 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2003 0 \
2004 -c "HTTP/1.0 200 OK" \
2005 -c "ECDH curve: secp256r1" \
2006 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2007 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2008 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2009
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2010requires_openssl_tls1_3
2011requires_config_enabled MBEDTLS_DEBUG_C
2012requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2013requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2014requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2015run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2016 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2017 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2018 0 \
2019 -c "HTTP/1.0 200 ok" \
2020 -c "ECDH curve: secp384r1" \
2021 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2022 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2023 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2024
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2025requires_gnutls_tls1_3
2026requires_gnutls_next_no_ticket
2027requires_gnutls_next_disable_tls13_compat
2028requires_config_enabled MBEDTLS_DEBUG_C
2029requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2030requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2031requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2032run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2033 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2034 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2035 0 \
2036 -c "HTTP/1.0 200 OK" \
2037 -c "ECDH curve: secp384r1" \
2038 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2039 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2040 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2041
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2042requires_openssl_tls1_3
2043requires_config_enabled MBEDTLS_DEBUG_C
2044requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2045requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2046requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2047run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2048 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2049 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2050 0 \
2051 -c "HTTP/1.0 200 ok" \
2052 -c "ECDH curve: secp521r1" \
2053 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2054 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2055 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2056
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2057requires_gnutls_tls1_3
2058requires_gnutls_next_no_ticket
2059requires_gnutls_next_disable_tls13_compat
2060requires_config_enabled MBEDTLS_DEBUG_C
2061requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2062requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2063requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2064run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2065 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2066 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2067 0 \
2068 -c "HTTP/1.0 200 OK" \
2069 -c "ECDH curve: secp521r1" \
2070 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2071 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2072 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2073
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2074requires_openssl_tls1_3
2075requires_config_enabled MBEDTLS_DEBUG_C
2076requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2077requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2078requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2079run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2080 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2081 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2082 0 \
2083 -c "HTTP/1.0 200 ok" \
2084 -c "ECDH curve: x25519" \
2085 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2086 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2087 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2088
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2089requires_gnutls_tls1_3
2090requires_gnutls_next_no_ticket
2091requires_gnutls_next_disable_tls13_compat
2092requires_config_enabled MBEDTLS_DEBUG_C
2093requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2094requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2095requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2096run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2097 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2098 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2099 0 \
2100 -c "HTTP/1.0 200 OK" \
2101 -c "ECDH curve: x25519" \
2102 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2103 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2104 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2105
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2106requires_openssl_tls1_3
2107requires_config_enabled MBEDTLS_DEBUG_C
2108requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2109requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2110requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2111run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2112 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2113 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2114 0 \
2115 -c "HTTP/1.0 200 ok" \
2116 -c "ECDH curve: x448" \
2117 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2118 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2119 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2120
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2121requires_gnutls_tls1_3
2122requires_gnutls_next_no_ticket
2123requires_gnutls_next_disable_tls13_compat
2124requires_config_enabled MBEDTLS_DEBUG_C
2125requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2126requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2127requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2128run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2129 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2130 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2131 0 \
2132 -c "HTTP/1.0 200 OK" \
2133 -c "ECDH curve: x448" \
2134 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2135 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2136 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2137
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2138requires_openssl_tls1_3
2139requires_config_enabled MBEDTLS_DEBUG_C
2140requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2141requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2142requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2143run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2144 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2145 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2146 0 \
2147 -c "HTTP/1.0 200 ok" \
2148 -c "ECDH curve: secp256r1" \
2149 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2150 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2151 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2152
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2153requires_gnutls_tls1_3
2154requires_gnutls_next_no_ticket
2155requires_gnutls_next_disable_tls13_compat
2156requires_config_enabled MBEDTLS_DEBUG_C
2157requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2158requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2159requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2160run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2161 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2162 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2163 0 \
2164 -c "HTTP/1.0 200 OK" \
2165 -c "ECDH curve: secp256r1" \
2166 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2167 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2168 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2169
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2170requires_openssl_tls1_3
2171requires_config_enabled MBEDTLS_DEBUG_C
2172requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2173requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2174requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2175run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2176 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2177 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2178 0 \
2179 -c "HTTP/1.0 200 ok" \
2180 -c "ECDH curve: secp384r1" \
2181 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2182 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2183 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2184
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2185requires_gnutls_tls1_3
2186requires_gnutls_next_no_ticket
2187requires_gnutls_next_disable_tls13_compat
2188requires_config_enabled MBEDTLS_DEBUG_C
2189requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2190requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2191requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2192run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2193 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2194 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2195 0 \
2196 -c "HTTP/1.0 200 OK" \
2197 -c "ECDH curve: secp384r1" \
2198 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2199 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2200 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2201
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2202requires_openssl_tls1_3
2203requires_config_enabled MBEDTLS_DEBUG_C
2204requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2205requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2206requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2207run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2208 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2209 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2210 0 \
2211 -c "HTTP/1.0 200 ok" \
2212 -c "ECDH curve: secp521r1" \
2213 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2214 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2215 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2216
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2217requires_gnutls_tls1_3
2218requires_gnutls_next_no_ticket
2219requires_gnutls_next_disable_tls13_compat
2220requires_config_enabled MBEDTLS_DEBUG_C
2221requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2222requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2223requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2224run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2225 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2226 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2227 0 \
2228 -c "HTTP/1.0 200 OK" \
2229 -c "ECDH curve: secp521r1" \
2230 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2231 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2232 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2233
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2234requires_openssl_tls1_3
2235requires_config_enabled MBEDTLS_DEBUG_C
2236requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2237requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2238requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2239run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2240 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2241 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2242 0 \
2243 -c "HTTP/1.0 200 ok" \
2244 -c "ECDH curve: x25519" \
2245 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2246 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2247 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2248
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2249requires_gnutls_tls1_3
2250requires_gnutls_next_no_ticket
2251requires_gnutls_next_disable_tls13_compat
2252requires_config_enabled MBEDTLS_DEBUG_C
2253requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2254requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2255requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2256run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2257 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2258 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2259 0 \
2260 -c "HTTP/1.0 200 OK" \
2261 -c "ECDH curve: x25519" \
2262 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2263 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2264 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2265
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2266requires_openssl_tls1_3
2267requires_config_enabled MBEDTLS_DEBUG_C
2268requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2269requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2270requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2271run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2272 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2273 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2274 0 \
2275 -c "HTTP/1.0 200 ok" \
2276 -c "ECDH curve: x448" \
2277 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2278 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2279 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2280
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2281requires_gnutls_tls1_3
2282requires_gnutls_next_no_ticket
2283requires_gnutls_next_disable_tls13_compat
2284requires_config_enabled MBEDTLS_DEBUG_C
2285requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2286requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2287requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2288run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2289 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2290 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2291 0 \
2292 -c "HTTP/1.0 200 OK" \
2293 -c "ECDH curve: x448" \
2294 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2295 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2296 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2297
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2298requires_openssl_tls1_3
2299requires_config_enabled MBEDTLS_DEBUG_C
2300requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2301requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2302requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2303run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2304 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2305 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2306 0 \
2307 -c "HTTP/1.0 200 ok" \
2308 -c "ECDH curve: secp256r1" \
2309 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2310 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2311 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2312
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2313requires_gnutls_tls1_3
2314requires_gnutls_next_no_ticket
2315requires_gnutls_next_disable_tls13_compat
2316requires_config_enabled MBEDTLS_DEBUG_C
2317requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2318requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2319requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2320run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2321 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2322 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2323 0 \
2324 -c "HTTP/1.0 200 OK" \
2325 -c "ECDH curve: secp256r1" \
2326 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2327 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2328 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2329
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2330requires_openssl_tls1_3
2331requires_config_enabled MBEDTLS_DEBUG_C
2332requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2333requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2334requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2335run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2336 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2337 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2338 0 \
2339 -c "HTTP/1.0 200 ok" \
2340 -c "ECDH curve: secp384r1" \
2341 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2342 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2343 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2344
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2345requires_gnutls_tls1_3
2346requires_gnutls_next_no_ticket
2347requires_gnutls_next_disable_tls13_compat
2348requires_config_enabled MBEDTLS_DEBUG_C
2349requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2350requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2351requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2352run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2353 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2354 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2355 0 \
2356 -c "HTTP/1.0 200 OK" \
2357 -c "ECDH curve: secp384r1" \
2358 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2359 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2360 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2361
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2362requires_openssl_tls1_3
2363requires_config_enabled MBEDTLS_DEBUG_C
2364requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2365requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2366requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2367run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2368 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2369 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2370 0 \
2371 -c "HTTP/1.0 200 ok" \
2372 -c "ECDH curve: secp521r1" \
2373 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2374 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2375 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2376
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2377requires_gnutls_tls1_3
2378requires_gnutls_next_no_ticket
2379requires_gnutls_next_disable_tls13_compat
2380requires_config_enabled MBEDTLS_DEBUG_C
2381requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2382requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2383requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2384run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2385 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2386 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2387 0 \
2388 -c "HTTP/1.0 200 OK" \
2389 -c "ECDH curve: secp521r1" \
2390 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2391 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2392 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2393
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2394requires_openssl_tls1_3
2395requires_config_enabled MBEDTLS_DEBUG_C
2396requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2397requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2398requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2399run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2400 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2401 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2402 0 \
2403 -c "HTTP/1.0 200 ok" \
2404 -c "ECDH curve: x25519" \
2405 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2406 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2407 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2408
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2409requires_gnutls_tls1_3
2410requires_gnutls_next_no_ticket
2411requires_gnutls_next_disable_tls13_compat
2412requires_config_enabled MBEDTLS_DEBUG_C
2413requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2414requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2415requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2416run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2417 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2418 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2419 0 \
2420 -c "HTTP/1.0 200 OK" \
2421 -c "ECDH curve: x25519" \
2422 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2423 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2424 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2425
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2426requires_openssl_tls1_3
2427requires_config_enabled MBEDTLS_DEBUG_C
2428requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2429requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2430requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2431run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2432 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2433 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2434 0 \
2435 -c "HTTP/1.0 200 ok" \
2436 -c "ECDH curve: x448" \
2437 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2438 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2439 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2440
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2441requires_gnutls_tls1_3
2442requires_gnutls_next_no_ticket
2443requires_gnutls_next_disable_tls13_compat
2444requires_config_enabled MBEDTLS_DEBUG_C
2445requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2446requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2447requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2448run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2449 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2450 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2451 0 \
2452 -c "HTTP/1.0 200 OK" \
2453 -c "ECDH curve: x448" \
2454 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2455 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2456 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2457
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2458requires_openssl_tls1_3
2459requires_config_enabled MBEDTLS_DEBUG_C
2460requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2461requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2462requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2463requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2464run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2465 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2466 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2467 0 \
2468 -c "HTTP/1.0 200 ok" \
2469 -c "ECDH curve: secp256r1" \
2470 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2471 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2472 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2473
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2474requires_gnutls_tls1_3
2475requires_gnutls_next_no_ticket
2476requires_gnutls_next_disable_tls13_compat
2477requires_config_enabled MBEDTLS_DEBUG_C
2478requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2479requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2480requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2481requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2482run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2483 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2484 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2485 0 \
2486 -c "HTTP/1.0 200 OK" \
2487 -c "ECDH curve: secp256r1" \
2488 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2489 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2490 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2491
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2492requires_openssl_tls1_3
2493requires_config_enabled MBEDTLS_DEBUG_C
2494requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2495requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2496requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2497requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2498run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2499 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2500 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2501 0 \
2502 -c "HTTP/1.0 200 ok" \
2503 -c "ECDH curve: secp384r1" \
2504 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2505 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2506 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2507
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2508requires_gnutls_tls1_3
2509requires_gnutls_next_no_ticket
2510requires_gnutls_next_disable_tls13_compat
2511requires_config_enabled MBEDTLS_DEBUG_C
2512requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2513requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2514requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2515requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2516run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2517 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2518 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2519 0 \
2520 -c "HTTP/1.0 200 OK" \
2521 -c "ECDH curve: secp384r1" \
2522 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2523 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2524 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2525
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2526requires_openssl_tls1_3
2527requires_config_enabled MBEDTLS_DEBUG_C
2528requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2529requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2530requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2531requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2532run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2533 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2534 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2535 0 \
2536 -c "HTTP/1.0 200 ok" \
2537 -c "ECDH curve: secp521r1" \
2538 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2539 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2540 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2541
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2542requires_gnutls_tls1_3
2543requires_gnutls_next_no_ticket
2544requires_gnutls_next_disable_tls13_compat
2545requires_config_enabled MBEDTLS_DEBUG_C
2546requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2547requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2548requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2549requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2550run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2551 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2552 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2553 0 \
2554 -c "HTTP/1.0 200 OK" \
2555 -c "ECDH curve: secp521r1" \
2556 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2557 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2558 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2559
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2560requires_openssl_tls1_3
2561requires_config_enabled MBEDTLS_DEBUG_C
2562requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2563requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2564requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2565requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2566run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2567 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2568 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2569 0 \
2570 -c "HTTP/1.0 200 ok" \
2571 -c "ECDH curve: x25519" \
2572 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2573 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2574 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2575
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2576requires_gnutls_tls1_3
2577requires_gnutls_next_no_ticket
2578requires_gnutls_next_disable_tls13_compat
2579requires_config_enabled MBEDTLS_DEBUG_C
2580requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2581requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2582requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2583requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2584run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2585 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2586 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2587 0 \
2588 -c "HTTP/1.0 200 OK" \
2589 -c "ECDH curve: x25519" \
2590 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2591 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2592 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2593
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2594requires_openssl_tls1_3
2595requires_config_enabled MBEDTLS_DEBUG_C
2596requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2597requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2598requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2599requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2600run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2601 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2602 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2603 0 \
2604 -c "HTTP/1.0 200 ok" \
2605 -c "ECDH curve: x448" \
2606 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2607 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2608 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2609
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2610requires_gnutls_tls1_3
2611requires_gnutls_next_no_ticket
2612requires_gnutls_next_disable_tls13_compat
2613requires_config_enabled MBEDTLS_DEBUG_C
2614requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2615requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2616requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2617requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2618run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2619 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2620 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2621 0 \
2622 -c "HTTP/1.0 200 OK" \
2623 -c "ECDH curve: x448" \
2624 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2625 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2626 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2627
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2628requires_openssl_tls1_3
2629requires_config_enabled MBEDTLS_DEBUG_C
2630requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2631requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2632requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2633run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2634 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2635 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2636 0 \
2637 -c "HTTP/1.0 200 ok" \
2638 -c "ECDH curve: secp256r1" \
2639 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2640 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2641 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2642
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2643requires_gnutls_tls1_3
2644requires_gnutls_next_no_ticket
2645requires_gnutls_next_disable_tls13_compat
2646requires_config_enabled MBEDTLS_DEBUG_C
2647requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2648requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2649requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2650run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2651 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2652 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2653 0 \
2654 -c "HTTP/1.0 200 OK" \
2655 -c "ECDH curve: secp256r1" \
2656 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2657 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2658 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2659
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2660requires_openssl_tls1_3
2661requires_config_enabled MBEDTLS_DEBUG_C
2662requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2663requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2664requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2665run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2666 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2667 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2668 0 \
2669 -c "HTTP/1.0 200 ok" \
2670 -c "ECDH curve: secp384r1" \
2671 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2672 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2673 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2674
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2675requires_gnutls_tls1_3
2676requires_gnutls_next_no_ticket
2677requires_gnutls_next_disable_tls13_compat
2678requires_config_enabled MBEDTLS_DEBUG_C
2679requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2680requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2681requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2682run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2683 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2684 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2685 0 \
2686 -c "HTTP/1.0 200 OK" \
2687 -c "ECDH curve: secp384r1" \
2688 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2689 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2690 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2691
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2692requires_openssl_tls1_3
2693requires_config_enabled MBEDTLS_DEBUG_C
2694requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2695requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2696requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2697run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2698 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2699 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2700 0 \
2701 -c "HTTP/1.0 200 ok" \
2702 -c "ECDH curve: secp521r1" \
2703 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2704 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2705 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2706
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2707requires_gnutls_tls1_3
2708requires_gnutls_next_no_ticket
2709requires_gnutls_next_disable_tls13_compat
2710requires_config_enabled MBEDTLS_DEBUG_C
2711requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2712requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2713requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2714run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2715 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2716 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2717 0 \
2718 -c "HTTP/1.0 200 OK" \
2719 -c "ECDH curve: secp521r1" \
2720 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2721 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2722 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2723
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2724requires_openssl_tls1_3
2725requires_config_enabled MBEDTLS_DEBUG_C
2726requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2727requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2728requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2729run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2730 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2731 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2732 0 \
2733 -c "HTTP/1.0 200 ok" \
2734 -c "ECDH curve: x25519" \
2735 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2736 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2737 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2738
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2739requires_gnutls_tls1_3
2740requires_gnutls_next_no_ticket
2741requires_gnutls_next_disable_tls13_compat
2742requires_config_enabled MBEDTLS_DEBUG_C
2743requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2744requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2745requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2746run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2747 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2748 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2749 0 \
2750 -c "HTTP/1.0 200 OK" \
2751 -c "ECDH curve: x25519" \
2752 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2753 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2754 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2755
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2756requires_openssl_tls1_3
2757requires_config_enabled MBEDTLS_DEBUG_C
2758requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2759requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2760requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2761run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2762 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2763 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2764 0 \
2765 -c "HTTP/1.0 200 ok" \
2766 -c "ECDH curve: x448" \
2767 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2768 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2769 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2770
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2771requires_gnutls_tls1_3
2772requires_gnutls_next_no_ticket
2773requires_gnutls_next_disable_tls13_compat
2774requires_config_enabled MBEDTLS_DEBUG_C
2775requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2776requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2777requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2778run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2779 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2780 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2781 0 \
2782 -c "HTTP/1.0 200 OK" \
2783 -c "ECDH curve: x448" \
2784 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2785 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2786 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2787
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2788requires_openssl_tls1_3
2789requires_config_enabled MBEDTLS_DEBUG_C
2790requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2791requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2792requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2793run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2794 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2795 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2796 0 \
2797 -c "HTTP/1.0 200 ok" \
2798 -c "ECDH curve: secp256r1" \
2799 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2800 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2801 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2802
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2803requires_gnutls_tls1_3
2804requires_gnutls_next_no_ticket
2805requires_gnutls_next_disable_tls13_compat
2806requires_config_enabled MBEDTLS_DEBUG_C
2807requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2808requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2809requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2810run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2811 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2812 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2813 0 \
2814 -c "HTTP/1.0 200 OK" \
2815 -c "ECDH curve: secp256r1" \
2816 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2817 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2818 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2819
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2820requires_openssl_tls1_3
2821requires_config_enabled MBEDTLS_DEBUG_C
2822requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2823requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2824requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2825run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2826 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2827 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2828 0 \
2829 -c "HTTP/1.0 200 ok" \
2830 -c "ECDH curve: secp384r1" \
2831 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2832 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2833 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2834
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2835requires_gnutls_tls1_3
2836requires_gnutls_next_no_ticket
2837requires_gnutls_next_disable_tls13_compat
2838requires_config_enabled MBEDTLS_DEBUG_C
2839requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2840requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2841requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2842run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2843 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2844 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2845 0 \
2846 -c "HTTP/1.0 200 OK" \
2847 -c "ECDH curve: secp384r1" \
2848 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2849 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2850 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2851
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2852requires_openssl_tls1_3
2853requires_config_enabled MBEDTLS_DEBUG_C
2854requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2855requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2856requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2857run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2858 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2859 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2860 0 \
2861 -c "HTTP/1.0 200 ok" \
2862 -c "ECDH curve: secp521r1" \
2863 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2864 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2865 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2866
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2867requires_gnutls_tls1_3
2868requires_gnutls_next_no_ticket
2869requires_gnutls_next_disable_tls13_compat
2870requires_config_enabled MBEDTLS_DEBUG_C
2871requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2872requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2873requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2874run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2875 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2876 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2877 0 \
2878 -c "HTTP/1.0 200 OK" \
2879 -c "ECDH curve: secp521r1" \
2880 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2881 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2882 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2883
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2884requires_openssl_tls1_3
2885requires_config_enabled MBEDTLS_DEBUG_C
2886requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2887requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2888requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2889run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2890 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2891 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2892 0 \
2893 -c "HTTP/1.0 200 ok" \
2894 -c "ECDH curve: x25519" \
2895 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2896 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2897 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2898
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2899requires_gnutls_tls1_3
2900requires_gnutls_next_no_ticket
2901requires_gnutls_next_disable_tls13_compat
2902requires_config_enabled MBEDTLS_DEBUG_C
2903requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2904requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2905requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2906run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2907 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2908 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2909 0 \
2910 -c "HTTP/1.0 200 OK" \
2911 -c "ECDH curve: x25519" \
2912 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2913 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2914 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2915
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2916requires_openssl_tls1_3
2917requires_config_enabled MBEDTLS_DEBUG_C
2918requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2919requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2920requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2921run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2922 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2923 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2924 0 \
2925 -c "HTTP/1.0 200 ok" \
2926 -c "ECDH curve: x448" \
2927 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2928 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2929 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2930
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2931requires_gnutls_tls1_3
2932requires_gnutls_next_no_ticket
2933requires_gnutls_next_disable_tls13_compat
2934requires_config_enabled MBEDTLS_DEBUG_C
2935requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2936requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2937requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2938run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2939 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2940 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2941 0 \
2942 -c "HTTP/1.0 200 OK" \
2943 -c "ECDH curve: x448" \
2944 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2945 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2946 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2947
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2948requires_openssl_tls1_3
2949requires_config_enabled MBEDTLS_DEBUG_C
2950requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2951requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2952requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2953run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2954 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2955 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2956 0 \
2957 -c "HTTP/1.0 200 ok" \
2958 -c "ECDH curve: secp256r1" \
2959 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2960 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2961 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2962
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2963requires_gnutls_tls1_3
2964requires_gnutls_next_no_ticket
2965requires_gnutls_next_disable_tls13_compat
2966requires_config_enabled MBEDTLS_DEBUG_C
2967requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2968requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2969requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2970run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2971 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2972 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2973 0 \
2974 -c "HTTP/1.0 200 OK" \
2975 -c "ECDH curve: secp256r1" \
2976 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2977 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2978 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2979
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2980requires_openssl_tls1_3
2981requires_config_enabled MBEDTLS_DEBUG_C
2982requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]2983requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2984requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2985run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2986 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2987 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2988 0 \
2989 -c "HTTP/1.0 200 ok" \
2990 -c "ECDH curve: secp384r1" \
2991 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2992 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2993 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2994
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2995requires_gnutls_tls1_3
2996requires_gnutls_next_no_ticket
2997requires_gnutls_next_disable_tls13_compat
2998requires_config_enabled MBEDTLS_DEBUG_C
2999requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3000requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3001requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3002run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3003 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3004 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3005 0 \
3006 -c "HTTP/1.0 200 OK" \
3007 -c "ECDH curve: secp384r1" \
3008 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3009 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3010 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3011
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3012requires_openssl_tls1_3
3013requires_config_enabled MBEDTLS_DEBUG_C
3014requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3015requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3016requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3017run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3018 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3019 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3020 0 \
3021 -c "HTTP/1.0 200 ok" \
3022 -c "ECDH curve: secp521r1" \
3023 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3024 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3025 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3026
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3027requires_gnutls_tls1_3
3028requires_gnutls_next_no_ticket
3029requires_gnutls_next_disable_tls13_compat
3030requires_config_enabled MBEDTLS_DEBUG_C
3031requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3032requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3033requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3034run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3035 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3036 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3037 0 \
3038 -c "HTTP/1.0 200 OK" \
3039 -c "ECDH curve: secp521r1" \
3040 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3041 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3042 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3043
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3044requires_openssl_tls1_3
3045requires_config_enabled MBEDTLS_DEBUG_C
3046requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3047requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3048requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3049run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3050 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3051 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3052 0 \
3053 -c "HTTP/1.0 200 ok" \
3054 -c "ECDH curve: x25519" \
3055 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3056 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3057 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3058
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3059requires_gnutls_tls1_3
3060requires_gnutls_next_no_ticket
3061requires_gnutls_next_disable_tls13_compat
3062requires_config_enabled MBEDTLS_DEBUG_C
3063requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3064requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3065requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3066run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3067 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3068 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3069 0 \
3070 -c "HTTP/1.0 200 OK" \
3071 -c "ECDH curve: x25519" \
3072 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3073 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3074 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3075
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3076requires_openssl_tls1_3
3077requires_config_enabled MBEDTLS_DEBUG_C
3078requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3079requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3080requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3081run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3082 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3083 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3084 0 \
3085 -c "HTTP/1.0 200 ok" \
3086 -c "ECDH curve: x448" \
3087 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3088 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3089 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3090
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3091requires_gnutls_tls1_3
3092requires_gnutls_next_no_ticket
3093requires_gnutls_next_disable_tls13_compat
3094requires_config_enabled MBEDTLS_DEBUG_C
3095requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3096requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3097requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3098run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3099 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3100 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3101 0 \
3102 -c "HTTP/1.0 200 OK" \
3103 -c "ECDH curve: x448" \
3104 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3105 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3106 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3107
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3108requires_openssl_tls1_3
3109requires_config_enabled MBEDTLS_DEBUG_C
3110requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3111requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3112requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3113requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3114run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3115 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3116 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3117 0 \
3118 -c "HTTP/1.0 200 ok" \
3119 -c "ECDH curve: secp256r1" \
3120 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3121 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3122 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3123
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3124requires_gnutls_tls1_3
3125requires_gnutls_next_no_ticket
3126requires_gnutls_next_disable_tls13_compat
3127requires_config_enabled MBEDTLS_DEBUG_C
3128requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3129requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3130requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3131requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3132run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3133 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3134 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3135 0 \
3136 -c "HTTP/1.0 200 OK" \
3137 -c "ECDH curve: secp256r1" \
3138 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3139 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3140 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3141
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3142requires_openssl_tls1_3
3143requires_config_enabled MBEDTLS_DEBUG_C
3144requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3145requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3146requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3147requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3148run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3149 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3150 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3151 0 \
3152 -c "HTTP/1.0 200 ok" \
3153 -c "ECDH curve: secp384r1" \
3154 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3155 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3156 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3157
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3158requires_gnutls_tls1_3
3159requires_gnutls_next_no_ticket
3160requires_gnutls_next_disable_tls13_compat
3161requires_config_enabled MBEDTLS_DEBUG_C
3162requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3163requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3164requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3165requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3166run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3167 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3168 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3169 0 \
3170 -c "HTTP/1.0 200 OK" \
3171 -c "ECDH curve: secp384r1" \
3172 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3173 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3174 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3175
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3176requires_openssl_tls1_3
3177requires_config_enabled MBEDTLS_DEBUG_C
3178requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3179requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3180requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3181requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3182run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3183 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3184 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3185 0 \
3186 -c "HTTP/1.0 200 ok" \
3187 -c "ECDH curve: secp521r1" \
3188 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3189 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3190 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3191
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3192requires_gnutls_tls1_3
3193requires_gnutls_next_no_ticket
3194requires_gnutls_next_disable_tls13_compat
3195requires_config_enabled MBEDTLS_DEBUG_C
3196requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3197requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3198requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3199requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3200run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3201 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3202 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3203 0 \
3204 -c "HTTP/1.0 200 OK" \
3205 -c "ECDH curve: secp521r1" \
3206 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3207 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3208 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3209
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3210requires_openssl_tls1_3
3211requires_config_enabled MBEDTLS_DEBUG_C
3212requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3213requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3214requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3215requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3216run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3217 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3218 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3219 0 \
3220 -c "HTTP/1.0 200 ok" \
3221 -c "ECDH curve: x25519" \
3222 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3223 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3224 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3225
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3226requires_gnutls_tls1_3
3227requires_gnutls_next_no_ticket
3228requires_gnutls_next_disable_tls13_compat
3229requires_config_enabled MBEDTLS_DEBUG_C
3230requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3231requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3232requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3233requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3234run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3235 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3236 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3237 0 \
3238 -c "HTTP/1.0 200 OK" \
3239 -c "ECDH curve: x25519" \
3240 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3241 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3242 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3243
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3244requires_openssl_tls1_3
3245requires_config_enabled MBEDTLS_DEBUG_C
3246requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3247requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3248requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3249requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3250run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3251 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3252 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3253 0 \
3254 -c "HTTP/1.0 200 ok" \
3255 -c "ECDH curve: x448" \
3256 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3257 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3258 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3259
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3260requires_gnutls_tls1_3
3261requires_gnutls_next_no_ticket
3262requires_gnutls_next_disable_tls13_compat
3263requires_config_enabled MBEDTLS_DEBUG_C
3264requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3265requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3266requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3267requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3268run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3269 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3270 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3271 0 \
3272 -c "HTTP/1.0 200 OK" \
3273 -c "ECDH curve: x448" \
3274 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3275 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3276 -c "Verifying peer X.509 certificate... ok"